Key Management for GDPR

Introduction

Much has already been written about EU General Data Protection Regulation (GDPR), which comes into force on 25th May 2018 to protect EU citizens’ personal data. It applies to all companies processing and holding the personal data of data subjects residing in the EU, regardless of the company’s location. Unlike EU Directives, GDPR does not require national legislation to enact its provisions, so organizations not in compliance may face fines of up to 4% of annual global turnover or €20 Million (whichever is greater) from day one. The scope of the Regulation is broad, so this article will focus on the important role of encryption and particularly key management in aiding compliance. But first, let’s understand some key concepts and terminology:

Read more

Meltdown & Spectre – What you Need to Know about Protecting your Keys

A number of serious security vulnerabilities, collectively known under the names of “Meltdown” and “Spectre” [1][2], have recently been discovered in a broad range of CPUs from Intel, ARM and AMD (some up to 20 years old) that are commonly used in servers, PCs and even mobile devices.

Read more

Key Management Lifecycles compliant to PCI DSS

This article highlights the NIST key lifecycle recommendations in relation to PCI DSS compliance.

Read more

Key Management and use cases for HSMs

The rise of e-commerce enabled corporate organizations and banks to more easily expand their businesses and services around the world.

Read more

Cryptographic Operations - Best Practices To Make Your System Secure

This article outlines cryptographic operations and best practices you should follow to make your applications or systems secure.

Read more

Differences between Hash functions, Symmetric & Asymmetric Algorithms

Cryptographic algorithms can be categorized into three classes: Hash functions, Symmetric and Asymmetric algorithms. This article sheds light on their differences, purpose and main fields of application.

Read more

PKI for EMV cards compliant to PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard to prevent credit card scams and numerous additional security threats & vulnerabilities.

Read more

Manual vs. Automated Key Management

This article evaluates and compares manual and automated cryptographic key management. It looks at security-related issues as well as organizational and economic aspects.

Read more

Understanding Hardware Security Modules (HSMs)

 Some time ago, I consulted a bank about their cryptography and security processing system, which was painstakingly slow. After one week of trying to find the problem, I looked at the cryptographic subsystem, which used Windows Crypto API and a certified CSP.

Read more