Crypto Service Gateway: Enabling Crypto-Agility with the CSG Policy Engine

The business world today is built on the pervasive use of cryptography, to authenticate people and processes, to secure communications, and to protect sensitive data.

Read more

ANSI X9.24-1-2017: Key Utilization and Storage

This article briefly summarizes the symmetric cryptographic key utilization and storage requirements as described by the ANSI X9.24-1-2017 (part 1) standard.

Read more

eIDAS - Establishing Trust in Digital Signatures

Originally published in nCipher website www.ncipher.com 

A few years ago, the BBC reported that the power of the traditional hand-written signature was under threat from its digital counterpart. While it may have taken some time, the increasing adoption of digital services – from banking and financial transactions in the private sector, to taxes and healthcare in the public – has led to a significant rise in the use of electronic signatures.

Read more

Understanding PCI PTS HSM

PCI PTS HSM compliance is mandated on banks, acquirers, processors and all other players involved in payment card systems. This article explores the origin, history, evaluation criteria, and the latest version updates of the PCI PTS HSM standard.

Read more

An Introduction into ANSI X9.24-1-2017 part 1

ANSI X9.24-1-2017 part 1 is a standard that deals with symmetric key management techniques for retail financial services.

Read more

NIST & FIPS Considerations for EMV Tokenization

In this article, we will review some of the constraints of an EMV tokenization solution when it comes to FIPS and more generally, NIST considerations.

Read more

The Role of Random Number Generators in Relation to HSMs & Key Management

In this article we look at the role of random number generators (RNGs) and put them into a procedural context with hardware security modules (HSMs) and key management systems (KMSs). 

Read more

What is a Crypto-Abstraction Layer?

A crypto-abstraction layer (CAL) is, in its most general sense, an application programming interface (API) - also known as a library- that hides cryptographic details from program developers that they don’t need to know about (such as the brand of hardware they are using for their source of random numbers). They are essential in the world of InfoSec because those who are expert developers are not usually expert cryptographers or even security personnel and so they need all the help they can get when it comes to implementing cryptography.

Read more

How to Improve HSM Usability

In this article we will explore some of the reasons why HSMs can be difficult to use and look at a novel solution that helps to overcome these problems.

Read more