Is non-repudiation really non-repudiable with digital signatures?

What does non-repudiation mean? Repudiation means to reject or deny the validity of something. Non-repudiation is a legal concept that is widely used in information security. It refers to any service, which provides proof of the origin of data and the integrity of the data. In other words, non-repudiation makes it very difficult to successfully deny who/where a message came from as well as the authenticity of that message.

Read more

W3C's suggestion for a Web Cryptography API

The World Wide Web Consortium or W3C as it is commonly known was founded in 1994 by the original architect of the World Wide Web, Tim Berners-Lee. It is a consortium of international companies that are involved with the Web and the Internet.

Read more

Cloud encryption: Bring Your Own Key is no longer enough

Encryption key management systems are now essential for all companies needing to lockdown data in the cloud, says Matt Landrock, CEO, Cryptomathic Inc.

Read more

Basic Encryption Failure Defect #1: Obscurity

“Impossible!” the man exclaimed, “I designed that encryption myself!  No one can break it as fast as you claim!” I am John Tränkenschuh, a CISSP-ISSAP with 24 years experience in Information Security. 

Read more

A summary of the revised NIST standards for Key Management

Cryptography is the foundation of protecting electronic data and cyber security. Encryption can effectively prevent breaches while also protecting both consumer privacy and sensitive data.

Read more

PAdES and Long Term archival (LTA)

Under the eIDAs Regulation, specifications for formatting advanced electronic signatures for PDF documents are set under PAdES. PAdES is the electronic signature design for PDF Advanced Electronic Signatures.

Read more

Implementing Digital Authentication in accordance with the new NIST guidelines (SP 800-63-3)

In 2016, the National Institute of Standards and Technology (NIST) (run by the US Department of Commerce) announced they were producing a new publication which would overhaul their previous guidance for digital authentication – which was released on August 30th.

Read more

Generating Cryptographic Keys: Will Your Random Number Generators (PRNGs) Do The Job?

Conversations about cryptography are common place in the cyber-security world.  One can find security professionals discussing everything from PKI to issues with RSA. 

Read more

UBS launches qualified electronic signatures

The ZertES legislation (Swiss digital signature law) was placed into effect in Switzerland on December 19, 2003. The purpose of this legislation was to regulate the manner for which trust service providers could use certification services with electronic signatures.

Read more