This article introduces and classifies cryptographic key types and crypto-periods as suggested by NIST, based on proven best practices for key management. It outlines the recommendations of when and how keys are used to protect data and explains how appropriate crypto-periods can be chosen and enforced.
Read moreThis article discusses the benefits eIDs provide for both banks and customers in streamlining cross-border transactions and what is required under eIDAS for identity verification and client onboarding.
Read moreThe concept of a token has been used in the digital world for almost 50 years to separate and protect real data elements from exposure. In recent times, the concept of tokenization has been used as a security mechanism for protecting sensitive data.
Read moreCredit cardholders are generally protected from liability if unauthorized transactions are made with their credit cards because of consumer protection laws and card policies. This leaves merchants and financial institutions on the hook for losses related to credit card fraud. According to an October 2016 Nilson Report, card issuers were burdened with 72 percent of fraudulent losses in 2015 while merchants were left with 28 percent of the losses.
Read moreThis article summarizes the basic cryptographic security services that can be used to protect information (or as a supporting protective mechanism) against attacks, as described in the NIST Special Publication 800-57 (1, rev.4) for Key Management.
Read moreEMV chips on payment cards contain cryptographic co-processors and dual interfaces that allow for contact and contactless payment options. When issuing an EMV card, the customer’s information is extracted from the bank or financial institution’s database.
Read moreThe World Wide Web Consortium or W3C as it is commonly known was founded in 1994 by the original architect of the World Wide Web, Tim Berners-Lee. It is a consortium of international companies that are involved with the Web and the Internet.
Read moreUnder the eIDAS Regulation, specifications for formatting advanced electronic signatures for PDF documents are set under PAdES. PAdES is the electronic signature design for PDF Advanced Electronic Signatures.
Read moreThe ZertES legislation (Swiss digital signature law) was placed into effect in Switzerland on December 19, 2003. The purpose of this legislation was to regulate the manner for which trust service providers could use certification services with electronic signatures.
Read more
