Chris Rossbach Engineering Data
[non-traditional
format]
My resume has not seen an update
in several years, due to a long tenure in my current position. I’ve included it
with a meager attempt to bring it up to date at the end of this document, on
the assumption that its inclusion is a formality worth undertaking. However, my
choosing to place it lasts reflects my perception that the type of information
being sought in the request for my bio is of a more detailed nature than one
might expect in a traditional C.V. I hope the reader will forgive the clearly
non-traditional and perhaps overly narrative or personal approach taken below.
Overview Notes:
- B.S.
Computer Science & Electrical Engineering, Stanford 1992,
- I worked
for all the various incarnations of PenWare, Mobinetix, @pos, ReceiptCity,
starting in 1992.
- Left
ReceiptCity for approximately a year to take a position as chief architect
at iFoodNet, a start up doing Internet-based supply-chain management and
logistics, and to be an architecture consultant for Savi Technologies, a
company deploying asset-tracking tools into web-based environments.
- Before
returning to @pos in late 2000, some effort went toward creation of a
start-up company to deploy a web-based generic authentication service,
extending the biometric techniques I created for signature validation into
a broader and more flexible framework. I created the architecture and
developed a functional prototype for J2EE platforms toward this end, but
the climate for web-based startups experienced a change that probably does
not need explicit mention.
Most of my work over the last
several years has been in distributed systems architecture, which has gained me
strong experience creating and documenting high-level architecture, design, and
doing implementation of systems on a variety of platforms, including
application servers from Sun, BEA, and Sybase, and database servers from
Microsoft, Oracle, and Sybase. My architecture and development efforts have
contributed to a number of deployed services, including a few for which I did
not just the architecture and design, but for which I wrote every line of code
all the way down to the stored-procedure level. However, it deserves mention
with emphasis that the bulk of my experience prior to the .com boom was in
writing C code, which I still enjoy as sort of a homecoming when I actually get
the opportunity to do some coding.
Recent technical efforts have
included research and cultivation of some background in security and
cryptography, ongoing development and enhancement of signature validation
biometrics software which I invented for @pos, development of a new
cryptographic technique based on irrational numbers, as well as conducting
extensive research into payment protocols and security concerns related thereto.
Additionally, I have a long-standing informal role as technical liaison for
legal issues and IP-related efforts.
Generally speaking, since Symbol’s
acquisition of @pos, my responsibilities have been truly various. “Systems
Architecture and Special Projects” probably best describes my de facto
position, since while my formal role is supposed to be primarily about systems
architecture, I get called on very often to deal with urgent matters,
regardless of my level of background with the project in question. Examples of
this pattern abound, but most recent illustrations of this pattern include:
- Implementation
of functionality Sears requested for Zebra printers into the MK2000
platform. I’d had no previous involvement with MK2000, with developing
code explicitly for CE, or with the tools Symbol uses for development on
this platform. The project involved development and/or modification of
code I’d had no previous involvement with, and changes were necessary at
many levels of the CE architecture, starting from the ActiveX control used
to encapsulate a uniform printer interface, all the way down to
modifications at the device driver level, leaving hooks for similar
functionality in the device drivers for all other supported printers. All
of this occurred on two-week deadline. I mention this project hesitantly
because it may come across as a criticism of whatever organizational
forces led up to a crisis that necessitated my selection for this work,
but in fact, it’s a superb illustration of what I consider to be my
primary strength. I can adapt and learn very quickly, choose solutions
that make sense in the face of existing architecture and long-term goals
for the architecture, and do whatever it takes to implement it under even
the highest-pressure situations.
- Developed
a signatureàimage
translation module for West Marine under similar conditions and deadlines.
- Authored
the System Definition Document and Function Specification Document for
@pos’ Shasta product, despite lack of previous involvement with the Shasta
project, and despite many years of letting my hardware background take a
back-seat to my software efforts.
- Developed
a tool to analyze XScale register configurations as part of a performance
analysis for Shasta when serious performance problems arose in the initial
implementation of the platform.
- Patent
and Legal responsibilities arise for me quite often—generally this just
means that Symbol Legal consults me for technical input when examining
claims in existing patents when inquiries come up, although I have also
been involved as the technical consultant in the development of some
licensing agreements and contracts. I cite this not just because it
illustrates my adaptability, but because while I can claim no formal legal
training, I’ve done quite a lot of patent analysis and sculpting of legal
verbiage.
More Formal Recent Projects, executed
under less-urgent conditions (I.e. what I’m supposed to be doing):
- Development
of a position and recommendation regarding @pos approach to integration of
wireless and payment in future @pos products. Two drafts of my white paper
on this subject have been submitted, and I’m happy to forward them if
there is interest here.
- White
Paper outlining @pos approach to the many security challenges that face us
in trying to implement a platform secure enough to meet payment security
standards despite selection of Windows CE as the OS.
Other slightly less recent Special Projects of Potential Interest:
- Wrote
and submitted a proposal for a Flexible Electronic Ink Standard file
format, picking up where JOT leaves off, but including information that
enables richer biometric analysis, while maintaining mechanisms for
inclusiveness of existing formats, and flexibility for devices with
different ink capture capabilities. This is a piece of work I believe
strongly should be done, and there have been a few rallying cries from the
engineering community, but it has never managed to get escalated to a high
enough priority to be implemented in @pos products.
- RSA
Algorithm C Implementation for EMV level II libraries—ultimately, after
finishing it, I recommended use of OpenSSL in our EMV level II software,
because it simplifies certification for payment security standards.
Writing the code was fun though.
- @pos
Representative for the Symbol Security Steering Committee
- Ongoing
research and general availability as a resource for Secure Payment Systems
and Protocols.
- Camera-based
PINPAD project research.
- Served
a brief tenure as “Software Integration Architect” for Trintech Payment
Module integration into Gemini platform. As I currently understand it, the
Payment module for Gemini project lost funding last autumn, but was
resurrected and re-funded as of December. I’ve tried to keep in sync with
Diana Melick on this so that I can avoid duplication of effort in the
payment area, but this iteration of the Trintech integration project
appears to be moving forward without any request for my involvement. Note:
Recent work David Yeh has asked me to do in terms of research into payment
protocols and wireless for future @pos devices has left me with some very
strong opinions about how I feel Symbol should be approaching support of
payment functionality in general. I’m happy to detail the aforementioned
opinions to anyone with the wherewithal to listen or read, but I’m
increasingly convinced that efforts on this front are too scattered.
- Member
of @pos Patent Committee
- General
Liason for Intellectual Property issues when working with Patent
Attorneys. I’d strongly recommend a consultation with Aaron Bernstein or
Chris Frerking in Symbol Legal or Mike Kaufman at Dorsey & Whitney for
information on my roles, as they have been wide-spread, including a
complete review of all IP-related materials at the time of the
acquisition, and a long-standing history of participation in formulating
positions particularly with respect defense against allegations of or
exploration of possible infringement.
- FSG
SIGVAL support—the sole developer responsible for development and
deployment of this tool for FSG, for a number of years, up until the
formal licensing and release of it to FSG as of 1/1/2004. There’s plenty
of interesting material to discuss on this front. I have a lot of interest
in biometrics and have developed several versions of this module on many
platforms when I’ve had time to devote to it, and have been doing a good
deal of research on new techniques and existing techniques I’d like to
implement and experiment with. Currently, the existence of any version
other than the module deployed at FSG reflects my personal investment of
spare time and the fact that it interests me enough that I can’t resist
tinkering with it when I get a moment. Currently existing versions
include:
1.
FSG’s version, written in C,
which has diverged considerably from what I consider to be the ‘current’
version—this divergence I attribute to a number of barriers including
cumbersome and intermittent access to FSG’s systems, as well as a lack of
formal allocation of my time to the project except when urgent requests come in
from FSG.
2.
A C++ Version re-written from
scratch to reflect a better architecture and to build a frame-work which will
allow me in the long term to make the algorithms more adaptable and to automate
analysis of performance. Back end for this version is switchable between
between Oracle 8i, and MS Access.
3.
A J2EE version implemented as
a set of EJBs running in BEA’s Web Logic Server, with a servlet front-end and
Oracle 8i back end. The original vision behind this implementation was to
construct a generic authentication server that ultimately integrated other
biometric and non-biometric authentication methods. As I mentioned above, this
was all spare time development, so while the framework exists and hooks exist
for other authenticators, signature validation is the only one completed and
tested. I also wanted to see signature validation EJB get integrated into the
ReceiptCity/Crossvue/Resolve framework, since it is a natural fit functionally,
and since I also did the architecture for the Crossvue services, it should be a
more or less snap-in endeavor. Ongoing lack of clarity about the fate of the
Crossvue services has kept this from ever becoming a priority.
·
Delivered a talk on Signature
Validation and Recognition Techniques at last May’s Technical Conference in
Sanibel, FL.
·
Over the last few years,
Llavan has asked me to cultivate a strong background in security, so I’ve done
a lot of research in this area. Its an understatement to call this a broad
field, so I won’t attempt too much detail here, except to say that I’ve tried
to keep a broad scope to maintain my usefulness as a resource in this area,
while allowing myself a few areas of special interest including biometrics and
cryptography. Of course everyone loves cryptography.
·
Wrote and submitted a white
paper outlining a cryptographic method based on the use of irrational number
for deriving key material. Of course, the existence of well-defined standards
in this area completely makes this sort of research and development unnecessary
for Symbol, but it interested me, and ideas are better shared than not, so I
wrote it and submitted it anyway. There
has been no groundswell of interest, for reasons that I think are more or less
obvious.
Relevant Efforts for @pos prior to
Symbol’s Acquisition:
- Architect
for Smart Debit Service
- Architect
for ReceiptCity / Crossvue Services.
- Wrote all
technical documentation and a good deal of the non-technical documentation
for the Anakin Project. Calling the Anakin Project ‘a joint effort with
HP/Verifone’ is putting a tactful label on some efforts behind which there
is plenty of interesting history, left out for brevity—I mention this
because as a result I have some solid experience in documentation of MRDs,
PRDs, Test Plans, and Security Policies, in addition to the Vision/Scope/Architecture
Documentation, UML documentation, and Technical Specifications types of
writing that are more standard fare for a systems architect or software
developer. Its also an illustration of what I consider to be my main
strength, which is an ability and willingness to assume responsibility for
whatever it takes to get a situation or project to move forward, whether
it falls under my ‘job description’ or not.
- Wrote a
good deal of the software in the SDKs and firmware for @pos product line,
including DUKPT and Master Session Key management modules.
- Before
@pos changed its name from Mobinetix, I was responsible for the
spreadsheet engine and back-end for what was at the time, the flag-ship
product, PenCell, a spreadsheet application which ran on Windows for Pen,
General Magic, and a number of Sharp PDA platforms. Sharp still uses this
product and code in their current product line.
Almost Completely Irrelevant Background
of the non-technical variety:
- I am a
certified Iyengar and Ashtanga Yoga instructor—currently I teach only one
class per week at It’s Yoga in San Francisco.
- I am a
professional guitarist with an extensive discography to my credit.
- Former
semi-pro Indoor Soccer player.
More information about any of the items
categorized as “Irrelevant” can be found at www.rossbach.to, with the caveat that maintenance
of the site is a low priority, and you’ll likely encounter some broken links
(particularly to my resume) that I hope you’ll not hold against me. I’m aware
of issues with the site, but it’s a low priority in light of all of the above.