Summary of cryptographic algorithms - according to NIST

The cryptographic protection of a system against attacks and malicious penetration depends on two dimensions: (1) The strength of the keys and the effectiveness of mechanisms and protocols associated with the keys; and (2) the protection of the keys through key management (secure key generation, storage, distribution, use and destruction).

Read more

The link between HSMs and a Centralized Key Management System

Managing cryptographic relationships and crypto key lifecycles can be challenging even in small scale environments. For those CISOs and IT Security Professionals that live in the world of international crypto architectures, such as those found in banking and finance, the list of barriers to success can become overwhelming.

Read more

Overview of NIST Key Management Recommendations on Key Types and Crypto-Periods

This article introduces and classifies cryptographic key types and crypto-periods as suggested by NIST, based on proven best practices for key management. It outlines the recommendations of when and how keys are used to protect data and explains how appropriate crypto-periods can be chosen and enforced.

Read more

NIST & FIPS Considerations for EMV Tokenization

In this article, we will review some of the constraints of an EMV tokenization solution when it comes to FIPS and more generally, NIST considerations.

Read more

EBA’s opinion on elements of Strong Customer Authentication under PSD2 – Part 2 – Possession and Knowledge

Financial institutions and solution providers are busy implementing the requirements of Strong Customer Authentication (SCA) under the Revised Payment Services Directive (PSD2) and the Regulatory Technical Standards (RTS).

Read more

EBA’s Opinion on elements of Strong Customer Authentication under PSD2 – Part I - Inherence

A fundamental objective of the Revised Payment Services Directive (PSD2) has been to reduce the risk of fraud to the maximum extent possible and ensuring security for electronic payment transactions.

Read more

Cryptomathic Launches Mobile Solution for Digital Onboarding at the Branch - Supported by QES

New digital portal streamlines banking client onboarding while addressing AML, eIDAS and PSD2 requirements.

Read more

eIDAS Electronic Signatures: Qualified vs Advanced - When to choose what and why

The Electronic Identification and Trust Services Regulation (EU Regulation 910/2014/EC - also known as eIDAS) is a complex set of laws (including technical standards) that raise the bar for providing electronic trust services throughout all EU member states. This article tries to help in the decision making process of choosing between implementing Advanced or Qualified Electronic Signatures in the context of eIDAS.

Read more

eID Verification Process and Client Onboarding for Banks and Financial Institutions compliant to eIDAS, KYC and AML

This article discusses the benefits eIDs provide for both banks and customers in streamlining cross-border transactions and what is required under eIDAS for identity verification and client onboarding.

Read more