FIPS 140 (“Federal Information Processing Standard”) is a series of security standards published by the U.S. government that specify security requirements for the evaluation of cryptographic modules. This article explores various aspects of the latest release of FIPS 140-3.
PCI PTS HSM compliance is mandated on banks, acquirers, processors and all other players involved in payment card systems. This article explores the origin, history, evaluation criteria, and the latest version updates of the PCI PTS HSM standard.
Hardware Security Modules (HSMs) are used in all card payment systems (as well as various other applications that require strong security) to protect business transactions and sensitive information. HSMs allow authentication, encryption/decryption and management of cryptographic keys to occur with the highest level of security. The globally-recognized HSM certification, Common Criteria (CC), guarantees the assurance level of an HSM. This article explores how CC helps in choosing the right HSM for your business needs.
To combat fraud in digital identities and provide guidelines for digital authentication, the National Institute of Standards and Technology (NIST) updated its Digital Identity Guidelines in June 2017 and has provided a digital identity model that represents their updated guidelines with technologies and architectures that are currently available. This article describes the NIST model and compares NIST’s US-minded approach with the European eIDAS-Regulation and its legal framework.
Payment Card Industry Data Security Standard (PCI DSS) is an information security standard to prevent credit card fraud and protect against numerous additional security threats & vulnerabilities.
Payment Card Industry Data Security Standard (PCI DSS) is an information security standard to protect against credit card fraud and numerous additional security threats & vulnerabilities. Credit/Debit card providers, such as MasterCard and Visa etc., implement the mechanisms and security controls specified and suggested in PCI DSS.
Through many parts of the world, including the European Union and the United States, digital signing has been adopted as a way to implement electronic signatures that are considered legally binding. This article introduces digital signatures, digital certificates and the relationship between digital signatures and PKCS #7.
Appropriate management of cryptographic keys is essential for the application of cryptography. This is often aided by the use of a hardware security module (HSM), a dedicated hardware machine with an embedded processor that offers cryptographic services to users, applications, and computers in a network, and which explicitly protects cryptographic keys at every phase of their life cycle.
This article highlights the NIST key lifecycle recommendations in relation to PCI DSS compliance.
