Asim Mehmood (guest)

Asim Mehmood is a security research engineer, holding a Master and a Bachelor of Science in Information Security.
Asim's core professional experience and competence is centered around
- Applied Classical & Modern Cryptography & Information
- Key Management
- HSMs
- Development of Public Key Infrastructure (PKI).
- Smart card enabled Key Management System in C#.
- Vulnerability assessment and Penetration Testing.
- Smart Card Applications development on Windows and Linux.
- LDAP and Secure LDAP Integration in Web Applications.
Asim loves music and reading.

How Common Criteria Helps Organizations Choose the Right HSM

Hardware Security Modules (HSMs) are used in all card payment systems (as well as various other applications that require strong security) to protect business transactions and sensitive information. HSMs allow authentication, encryption/decryption and management of cryptographic keys to occur with the highest level of security. The globally-recognized HSM certification, Common Criteria (CC), guarantees the assurance level of an HSM. This article explores how CC helps in choosing the right HSM for your business needs.

Read more

Overview of the NIST Digital Identity Model compared to eIDAS

To combat fraud in digital identities and provide guidelines for digital authentication, the National Institute of Standards and Technology (NIST) updated its Digital Identity Guidelines in June 2017 and has provided a digital identity model that represents their updated guidelines with technologies and architectures that are currently available. This article describes the NIST model and compares NIST’s US-minded approach with the European eIDAS-Regulation and its legal framework.

Read more

PCI DSS Compliance Validation

Payment Card Industry Data Security Standard (PCI DSS) is an information security standard to prevent credit card fraud and protect against numerous additional security threats & vulnerabilities.

Read more

An Introduction to PCI DSS

Payment Card Industry Data Security Standard (PCI DSS) is an information security standard to protect against credit card fraud and numerous additional security threats & vulnerabilities. Credit/Debit card providers, such as MasterCard and Visa etc., implement the mechanisms and security controls specified and suggested in PCI DSS.

Read more

Introduction to Digital Signatures and PKCS #7

Through many parts of the world, including the European Union and the United States, digital signing has been adopted as a way to implement electronic signatures that are considered legally binding. This article introduces digital signatures, digital certificates and the relationship between digital signatures and PKCS #7.

Read more

HSMs and Key Management: Effective Key Security

Appropriate management of cryptographic keys is essential for the application of cryptography. This is often aided by the use of a hardware security module (HSM), a dedicated hardware machine with an embedded processor that offers cryptographic services to users, applications, and computers in a network, and which explicitly protects cryptographic keys at every phase of their life cycle.

Read more

Key Management Lifecycles compliant to PCI DSS

This article highlights the NIST key lifecycle recommendations in relation to PCI DSS compliance.

Read more

Differences between Hash functions, Symmetric & Asymmetric Algorithms

Cryptographic algorithms can be categorized into three classes: Hash functions, Symmetric and Asymmetric algorithms. This article sheds light on their differences, purpose and main fields of application.

Read more

PKI for EMV cards compliant to PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard to prevent credit card scams and numerous additional security threats & vulnerabilities.

Read more