Key Meta-Data: Why It’s Important and How to Manage It

This article explains the concept of meta-data in the context of cryptographic keys, explaining why it is used and the necessity to manage it well.

Read more

What is Banking-Grade Tokenization According to PCI DSS

The concept of a token has been used in the digital world for almost 50 years to separate and protect real data elements from exposure. In recent times, the concept of tokenization has been used as a security mechanism for protecting sensitive data.

Read more

Integrating PSD2 and eIDAS

With the introduction of PSD2, banks are forced to provide third party payment service providers (PSPs) with access to the bank’s customers’ account information for account servicing and payment initiation services, but only in the case where the user has granted access to these third-party players. This article explores a technical solution that leverages eIDAS to address the PSD2 requirements.

Read more

Centralized Key Management Systems: Challenges and Opportunities for the Next Decade

Over the last 10 years, enterprises have moved on from decentralized and distributed key management to centralized key management systems to provide secure and unified key life-cycle management.

Read more

The Need for a Crypto Abstraction Layer: Utilizing HSMs with Greater Efficiency and Agility

With increasingly tough security and privacy regulations, the use of cryptography is exploding in the modern enterprise. Hardware security modules (HSMs) provide the highest standard of security and compliance, but they are difficult to use and often deployed in silos, complicating compliance and hindering crypto-agility. As competitive pressures intensify, how can cryptography be turned into an enabler of business agility and digital transformation?

Read more

Which Trust Service Providers Support Remote QES Services?

The following content is an introduction to trust services and remote Qualified Electronic Signatures (QES) according to the eIDAS regulation and standards. This article is aimed at highlighting what a trust service provider (TSP) is and the valuable benefits of remote QES and other trust services.

Read more

Cryptographic Key Management Concepts: on Key Generation, Metadata, Life-cycles, Compromise and more

This article looks at the concept of cryptographic key management – what it is, why it’s important, and how an electronic key management system simplifies the task of managing a high volume of keys.

Read more

What are E-Signature Validation Attacks and How to Protect Yourself in the Context of eIDAS

Ensuring that the integrity of an e-signature remains intact is crucial to protecting its attached messages or documents. This article will explain three types of e-signature validation attacks and how they can be avoided by adopting the standards for e-signatures under eIDAS.

Read more

Enterprise-grade code signing: Securing the Signing Process

This article outlines the importance of code signing and describes a centralized approach for securing and streamlining the code signing process through technical and procedural enhancements.

Read more