Martin Rupp (guest)

ANSI X9.24-1-2017: Key Distribution 

Key distribution is perhaps the most important and crucial aspect of the ANSI X9.24-1-2017 part 1 standard. But first, let us explain what cryptographic key distribution is.

Read more

ANSI X9.24-1-2017: Key Loading

The ANSI X9.24-1-2017 standard defines the requirements for the loading of key components or shares, and the loading of cleartext keys. The loading of encrypted keys is described in other parts of the standard.

Read more

Secure Connectivity for Mobile Banking and Payment Apps: HTTPS Tunneling

In this article, we will describe what HTTPS tunneling is and how it has been used in mobile banking and payment applications. We also look at some of its vulnerabilities and remedies to the described attacks.

Read more

Secure Connectivity for Mobile Banking and Payment Apps: Access Token Protection

In this article, we introduce the role that access tokens play in mobile banking applications and provide recommendations on how to secure these access tokens. We will also explain why such security measures are important.

Read more

Overview of App & Code Hardening for Mobile Banking Apps

Application hardening usually consists in processing an already developed application, and transforming it so to make it difficult / impossible to reverse engineer and tamper.

Read more

Secure Storage and Key Protection for Mobile Banking and Payment Apps

In this article, we shall focus on the techniques used for protecting keys and in general, cryptographic secrets in the context of mobile banking & payment applications.

Read more

ANSI X9.24-1-2017: Understanding Symmetric Key Creation and Key Component & Key Share Creation

In this article, we look at the process of key generation and key derivation as described by the ANSI X9.24-1-2017 standard. This process is mandatory for operations performed by the retail financial services industry.

Read more

ANSI X9.24-1-2017 & ISO 13491-1: An Introduction to Secure Cryptographic Devices Used in a Retail Financial Services Environment

The ANSI X9.24-1: 2017 standard requires the use of secure cryptographic devices (SCDs) in the context of symmetric key cryptography and refers to the ISO 13491-1 standard for the specifications that must be met for a device to be approved as an SCD. This article outlines and explains some of the aspects and requirements that both the X9.24-1-2017 and ISO 13491-1 mandate for SCDs that are used in retail financial services systems.

Read more

Mobile Banking and Payment App Hardening: Anti-Tamper

The security of mobile banking and payment applications is deeply linked to their capacities in preventing attackers from tampering with them.

Read more