Cryptomathic Blog

Digital signatures (and the accompanying concepts of encryption and authentication) have been a critical aspect of electronic communications for several years now, and both regulatory bodies and businesses continue to demonstrate a vested interest in the continued growth and advancement of this field.

A popular point of discussion and research among businesses in the EU is eIDAS, the EU regulation on the use of identification and trust services for electronic transactions in the internal market. Not only is eIDAS required for legally-compliant digital signatures, it's also part of a greater picture of technological innovation and growth within the EU.

With the ever-growing number of electronic transactions and documents, the use of digital signatures make it possible to trust and act upon these transactions as if they were printed on paper and signed by a trusted source. Digital signatures are used as a proof of authenticity, data integrity and non-repudiation of communications conducted over the internet. 

This article describes 7 drivers for successful digital signature services.

With the ever increasing number of online services and electronic transactions, business owners are becoming ever more dependent on the use cryptography to prevent sensitive information from cyber attackers.

A Key Management System (KMS) must be designed in a manner that supports the goals of each organization using the KMS. The aim of a security policy is to provide a secure working environment for the organization by establishing required security measures, protocols and controls. 

User interface design and usability are the deciding factors in attaining a good user experience for most IT deployments, including key management systems (KMS). The most significant constraint to the use of a KMS is the difficulty that some systems present to the non-specialist users.

User interfaces (UIs) that adapt to the expertise of the user can guide a new and less-trained user, while permitting an expert to use efficient shortcuts and to bypass step-by-step guidance.

This article presents high level recommendations on efficient user interface design for a key management system.

Independent third-party testing is essential for identification, detection, and elimination of defects in a key management system (KMS). The third-party testing organizations often have specialized facilities and expertise to carry out the testing and offer unbiased testing reports. These testing and validation activities should be performed on each module including the security functions and the protective measures employed by each module. This article discusses the benefits of third party testing for a key management system.

A cryptographic zone exists between two points, where a symmetric key or asymmetric public keys are shared in order to encrypt sensitive information. Once the key, or keys have been exchanged, data, and in some cases other keys, are encrypted within this zone.

This article introduces and describes the relevant roles needed to successfully manage a key management system in an organisation.

In this article, we discuss the various issues and present Cryptomathic’s approach to central key and crypto management that has been adopted by major banks.