Martin Rupp (guest)

Payment Security and Key Blocks: Why are key blocks so secure?

How can keys be securely exchanged over potentially unprotected channels? The answer to this question is “key blocks”. A key block is an essential cryptographic key format that allows users to securely exchange and utilize keys over various environments. 

Read more

Payment Security: Thales Key Blocks and how They are Used in payShield HSMs

Thales Key Blocks are an essential cryptographic key wrapping format. In comparison to other key block formats, they are proprietary and only work with Thales payShield HSMs. In what follows, we delve into detail about this key block format.

Read more

Cardholder, Merchant, Issuer & Acquirer - The Four Corners Model for Payment Security and Key Management

The “Four Corners'' model, also called the Four Party Scheme, is utilized in almost all standard card payment systems across the globe. Here we introduce that model and explain what type of hardware security module (HSM) is needed for each of its components involved in the cryptographic process.

Read more

ANSI X9.24-1-2017:  Key Compromise

In a retail financial services environment, the compromise of a symmetric cryptographic key is a critical security breach. Such a situation is described by the ANSI X9.24-1-2017 standard. Here, we summarize the ANSI guidance on how to respond if a potential compromise has been identified.

Read more

Why a Key Management System Must Understand ANSI X9.24 / TR-31 Key Blocks

The PCI Council requires most actors of payment networks to implement ANSI X9.24/TR-31-compliant key blocks to wrap and securely transmit, transfer, or translate key or PIN codes.

Read more

ANSI X9.24-1-2017: Key Utilization and Storage

This article briefly summarizes the symmetric cryptographic key utilization and storage requirements as described by the ANSI X9.24-1-2017 (part 1) standard.

Read more

Payment & Banking: An Introduction to z/OS and the IBM Common Cryptographic Architecture

IBM’s mainframe computers have been a rock-steady part of banks’ security infrastructure for many years. Originating from the local data-center concept, the current release is able to stretch banks’ security architecture across the hybrid cloud, harnessing advantages of on-premise and cloud-native software deployments - all without compromising data security and privacy.

Read more

Understanding the IBM CCA key format and the importance of banking-grade key management

The IBM Common Cryptographic Architecture (CCA) is a cryptographic platform providing several functions of special interest for securing financial transactions.

Read more

The Postbank Master Key Breach in South Africa: Using Strong Key Management in a Banking Environment is a Necessity

In the last couple of months, facts regarding breaches that occurred during December 2018 at PostBank, the national postal bank operator of South Africa, have become known. This information is quite serious as it relates to a fraud that cost the bank millions of dollars and significantly damaged its reputation.

Read more