Dawn M. Turner (guest)

Dawn M. Turner is a professional author with a passion for technical regulations and standards, as well as for their relevance and impact on corporate operations and industry in general. Dawn has more than 10 years of IT industry experience in hardware, programming & systems & network engineering. Her educational background includes a Certificate in computer operations & programming, CompTIA and Microsoft certifications, including A+, MCSE and MCP, Associates degree with major in business & minor in computer science, Bachelors of Science degree with major in business forensics & minor in accounting and an MBA with concentrations in finance & economics.
Digital signature deployment models for banking - Operating as an eIDAS Compliant Registration Authority Reduces Costs and Preserves Customer Ownership

Digital signature deployment models for banking - Operating as an eIDAS Compliant Registration Authority Reduces Costs and Preserves Customer Ownership

The eIDAS regulation provides both the technical and legal framework for electronic identification and digital signatures that the banking sector needs to fully digitalize its processes and go paperless.

Three Deployment Versions & Business Models of eIDAS-compliant Remote Signing for Financial Institutions

Three Deployment Versions & Business Models of eIDAS-compliant Remote Signing for Financial Institutions

This article looks at 3 alternative deployment options for remote signing, catering for 3 different business models. The choice of the option will depend on the financial institution’s specific situation and strategic goals. This article gives guidance.

Cryptomathic’s Signer Builds on the Only QSCD Certified under SOG-IS

Cryptomathic’s Signer Builds on the Only QSCD Certified under SOG-IS

Under eIDAS, a qualified electronic signature creation device (QSCD) must be certified and approved to be used for generating qualified electronic signatures (QES). Cryptomathic’s Signer is the only QSCD that is certified under the SOG-IS agreement using the Common Criteria Recognition Arrangement (CCRA).

eIDAS-Qualified Remote Signing: Exploring EN 419 241-2 Certified Qualified Signature Creation Devices 

eIDAS-Qualified Remote Signing: Exploring EN 419 241-2 Certified Qualified Signature Creation Devices 

EU Regulation No 910/2014 (eIDAS) addresses the creation of remote electronic signatures using electronic signature creation data that is managed remotely by a third-party trust service provider (TSP) working on behalf of the signee.

BYOK: a Solution for EBA’s New ICT and Security Risk Management Guidelines

BYOK: a Solution for EBA’s New ICT and Security Risk Management Guidelines

The European Banking Authority's (EBA’s) new ICT and Security Risk Management Guidelines provide guidance for cybersecurity requirements for financial institutions and third-party partners.

PCI Requirements on Implementing Key Blocks - Migration Phases and Key Management Solutions

PCI Requirements on Implementing Key Blocks - Migration Phases and Key Management Solutions

In June 2019, the PCI Security Standards Council issued an information supplement titled PCI PIN Security Requirement 18-3 – Key Blocks, which requires that encrypted symmetric keys be managed in structures called “Key Blocks.”

SHA-1 is Practical and Cost-Effective to Crack Now

SHA-1 is Practical and Cost-Effective to Crack Now

This article discusses recent warnings that a chosen-prefix collision attack on SHA-1 is now practical and cost-effective for attackers.

Summary of cryptographic algorithms - according to NIST

Summary of cryptographic algorithms - according to NIST

The cryptographic protection of a system against attacks and malicious penetration depends on two dimensions: (1) The strength of the keys and the effectiveness of mechanisms and protocols associated with the keys; and (2) the protection of the keys through key management (secure key generation, storage, distribution, use and destruction).

Overview of NIST Key Management Recommendations on Key Types and Crypto-Periods

Overview of NIST Key Management Recommendations on Key Types and Crypto-Periods

This article introduces and classifies cryptographic key types and crypto-periods as suggested by NIST, based on proven best practices for key management. It outlines the recommendations of when and how keys are used to protect data and explains how appropriate crypto-periods can be chosen and enforced.