Applying Cryptographic Security Services - a NIST summary

This article summarizes the basic cryptographic security services that can be used to protect information (or as a supporting protective mechanism) against attacks, as described in the NIST Special Publication 800-57 (1, rev.4) for Key Management.

Read more

Electronic Signatures for Banking Operations in Russia - a benchmark with eIDAS

To read the Russian version of this article: Электронная подпись и ее применение в России

This article examines the use of cryptographic means for information security, and in particular, the electronic signature. It focuses on the use of electronic security signatures (ESS) in various sectors, including the domestic use of cryptographic algorithms and requirements of the Federal Security Service of Russia (FSB) for hardware and software.

Read more

The Consumer Financial Services Action Plan - Opportunities for the Banks

Complying with customer due diligence and KYC norms is perhaps the most important and time consuming aspect of initiating a new banking relationship. Yes, it is important to cover the credit risk, but the consequences of failing on the KYC or AML (Anti-Money Laundering) front are far more severe. This is the primary reason why many banks are spending billions annually on performing customer due diligence the old fashioned way. New EU guidelines and the tools that they provide aim to change just that.

Read more

Consumer Financial Services Action Plan - An Introduction

The EU single market produces an unmatched € 15trillion worth of goods and services annually. Such a large and unified market presents a great many opportunities for businesses willing to invest in it.

Read more

Strong cryptography and key management requirements for EMV and PCI DSS compliance

EMV chips on payment cards contain cryptographic co-processors and dual interfaces that allow for contact and contactless payment options. When issuing an EMV card, the customer’s information is extracted from the bank or financial institution’s database.

Read more

Is non-repudiation really non-repudiable with digital signatures?

What does non-repudiation mean? Repudiation means to reject or deny the validity of something. Non-repudiation is a legal concept that is widely used in information security. It refers to any service, which provides proof of the origin of data and the integrity of the data. In other words, non-repudiation makes it very difficult to successfully deny who/where a message came from as well as the authenticity of that message.

Read more

W3C's suggestion for a Web Cryptography API

The World Wide Web Consortium or W3C as it is commonly known was founded in 1994 by the original architect of the World Wide Web, Tim Berners-Lee. It is a consortium of international companies that are involved with the Web and the Internet.

Read more

Cloud encryption: Bring Your Own Key is no longer enough

Encryption key management systems are now essential for all companies needing to lockdown data in the cloud, says Matt Landrock, CEO, Cryptomathic Inc.

Read more

Basic Encryption Failure Defect #1: Obscurity

“Impossible!” the man exclaimed, “I designed that encryption myself!  No one can break it as fast as you claim!” I am John Tränkenschuh, a CISSP-ISSAP with 24 years experience in Information Security. 

Read more