Leading the Digital Change, Part 3 – Successful Collaborations

In Part 2 of our series on the success of electronic IDs in the Nordic countries, we looked at what has made these schemes so successful with near universal adoption rates. We continue along the same vein in this final piece on collaboration. Collaboration comes across as the key theme when analyzing what made the Scandinavian eID initiatives click. It was such a key factor leading to the success of eID schemes in the Nordics, that it deserves a brief case study in its own right. Read more

Achieving High Performance and Scalability with Remote Electronic Signatures

National digital signature schemes that utilize remote signing technology can achieve very high usage rates, whereas Trust Service Providers and Banks (who might use the schemes) also tend to reach millions if not tens of millions of signatures per year - with peaks exceeding hundreds per minute. In this article we discuss the key elements for designing a scalable architecture to deliver a digital signing service under a high Service Level Agreement (SLA) with high throughput and low latency.

Read more

Leading the Digital Change, Part 2 – Turning eIDs into universal tools

In our previous article on eID schemes in the Nordic countries, we looked at some of the data showcasing the remarkable adoption and engagement rates for such schemes. A robust electronic identification and signature mechanism provides the foundation over which digital service delivery platforms are built.

Read more

What is Crypto-Agility?

Crypto-agility, or cryptographic agility, is the capacity for an information security system to adopt an alternative to the original encryption method or cryptographic primitive without significant change to system infrastructure. NIST guidelines state “maintaining crypto agility is imperative” to prepare for the quantum computing era. Crypto-agility may be achieved through the adoption of new frameworks for incident response and application development, as well as the acquisition of a service software layer to facilitate crypto-agility in legacy applications.

Read more

Federated Signing

This article explores how federated signing can resolve some of the challenges banks face when onboarding customers online in the eIDAS and PSD2 era.

Read more

Leading the Digital Change – eID and eSignatures in Scandinavia

The Nordic countries have led the world in digital adoption and innovation for some time now. They often top most digital competitiveness rankings like the 2017 Digital Evolution Index.

Read more

3DES is Officially Being Retired

According to draft guidance published by NIST on July 19, 2018, the Triple Data Encryption Algorithm (TDEA or 3DES) is officially being retired. The guidelines propose that, after a period of public consultation, 3DES is deprecated for all new applications and usage is disallowed after 2023.

Read more

An Introduction to the Role of HSMs for PCI DSS Compliance

The Payment Card Industry Data Security Standard (PCI DSS) helps to safeguard cardholders’ private information. The Payment Card Industry Security Standards Council (PCI SSC) enforces the standard through recommendations and requirements that aim to ensure security across all organizations involved in the processing of cardholder information.

Read more

Overview of the NIST Digital Identity Model compared to eIDAS

To combat fraud in digital identities and provide guidelines for digital authentication, the National Institute of Standards and Technology (NIST) updated its Digital Identity Guidelines in June 2017 and has provided a digital identity model that represents their updated guidelines with technologies and architectures that are currently available. This article describes the NIST model and compares NIST’s US-minded approach with the European eIDAS-Regulation and its legal framework.

Read more