Orders of CM elliptic curves modulo p with at most two primes

Nowadays the generation of cryptosystems requires two main aspects. First the security, and then the size of the keys involved in the construction and comunication process. About the former one needs a difficult mathematical assumption which ensures your system will not be broken unless a well known difficult problem is solved. In this context one of the most famous assumption underlying a wide variety of cryptosystems is the computation of logarithms in finite fields and the Diffie Hellman assumption. However it is also well known that elliptic curves provide good examples of representation of abelian groups reducing the size of keys needed to guarantee the same level of security as in the finite field case. The first thing one needs to perform elliptic logarithms which are computationaly secure is to fix a finite field, Fp, and one curve, E/Fp defined over the field, such that |E(Fp)| has a prime factor as large as possible. In practice the problem of finding such a pair, of curve and field, seems simple, just take a curve with integer coefficients and a prime p of good reduction at random and see if |E(Fp)| has a big prime factor. However the theory that makes the previous algorithm useful is by no means obvious, neither clear or complete. For example it is well known that supersingular elliptic curves have to be avoided in the previous process since they reduce the security of any cryptosystem based on the Diffie Hellman assumption on the elliptic logarithm. But more importantly, the process will be feasible whenever the probability to find a pair, (E, p), with a big prime factor q| |E(Fp)| is big enough. One problem arises naturally from the above.