3DES is Officially Being Retired

According to draft guidance published by NIST on July 19, 2018, the Triple Data Encryption Algorithm (TDEA or 3DES) is officially being retired. The guidelines propose that, after a period of public consultation, 3DES is deprecated for all new applications and usage is disallowed after 2023.

Read more

An Introduction to the Role of HSMs for PCI DSS Compliance

The Payment Card Industry Data Security Standard (PCI DSS) helps to safeguard cardholders’ private information. The Payment Card Industry Security Standards Council (PCI SSC) enforces the standard through recommendations and requirements that aim to ensure security across all organizations involved in the processing of cardholder information.

Read more

The private life of private keys

A private cryptographic key is an extremely sensitive piece of information, and requires a whole set of special security measures to protect it. This article outlines some problems with key management relating to the life cycle of private cryptographic keys. There are many types of cryptographic keys; each type has own inherent challenges. Here, we outline some of the challenges we meet when managing the life cycle of asymmetric cryptographic keys and pairs.

Read more

Cryptographic Key Management - the Risks and Mitigation

With the increasing dependence on cryptography to protect digital assets and communications, the ever-present vulnerabilities in modern computing systems, and the growing sophistication of cyber attacks, it has never been more important, nor more challenging, to keep your cryptographic keys safe and secure. A single compromised key could lead to a massive data breach with the consequential reputational damage, punitive regulatory fines and loss of investor and customer confidence.

Read more

PCI DSS Compliance Validation

Payment Card Industry Data Security Standard (PCI DSS) is an information security standard to prevent credit card fraud and protect against numerous additional security threats & vulnerabilities.

Read more

An Introduction to PCI DSS

Payment Card Industry Data Security Standard (PCI DSS) is an information security standard to protect against credit card fraud and numerous additional security threats & vulnerabilities. Credit/Debit card providers, such as MasterCard and Visa etc., implement the mechanisms and security controls specified and suggested in PCI DSS.

Read more

Exploring the Lifecycle of a Cryptographic Key

This article discusses the main phases involved in the lifecycle of a cryptographic key, and how the operational lifetime of a key and its strength can be determined.

Read more

Buyer’s Guide to Choosing a Crypto Key Management System - Part 3

Part 3: Choosing the Right Key Management System

In this concluding part, we will examine the business case for introducing a new key management system and define 20 criteria to help you select the optimal solution for both your current and future needs.

Read more

Buyer’s Guide to Choosing a Crypto Key Management System - Part 2

Part 2: The Requirement for a Key Management System

In Part 1of this three-part article, we introduced the concept of key management and the functions and benefits of a key management system. In this part, we will consider how the requirement for a new key management system arises and then explore the underlying business drivers and benefits of such a system in each scenario.

Read more