We are now integrating encryption into a corporate infrastructure and it made me think about payments and PCI audits. PCI stands for Payment Card Industry. Anyone who got close enough to e-commerce, or card payments knows what a burden it is on running a business.
Sooo, I have spent some time this week thinking about architectures for “technical security systems”. I could say “cryptography” straight away, I guess. Thinking about protecting sensitive data that may be subject of independent audits.
The scope of PCI audits is given by storage and processing of credit card numbers and PINs (in case of Chip&PIN systems). Once you experience the pain, you definitely want to get “out of scope”. This is true for merchants just as banks.
Continue reading Card Payments and The Cloud
We started researching options for introducing our encryption system to Amazon AWS. We seem to have lost the first round (request declined) as Amazon SaaS does not square up with our Enigma Bridge CloudHSM servers. But they offered a chat to figure out options – talking is always good!
Continue reading Hardware Security on Amazon Marketplace
My company Enigma Bridge built a truly scalable (in all meanings of the word) hardware platform (with FIPS140-2 Level 3). OK, you have no idea what I talk about… that is one of our communication problems.
How can we explain to people what is the advantage of using tamper-resistant hardware. What is the advantage of hardware separation – something our platform provides even when packaged as a cloud service.
Photo: SplitShire (yes, it’s 1/2 litre of one of the big brands – not a pint of a local real ale)
Continue reading Finally Friday – a time to ponder with a pint of real ale
The chances are that this is the first time you’ve seen the OTP acronym. OTP is one of possible replacements of static passwords. Instead of remembering your password, you need to have a device that will compute a new OTP code each time you want to log on to a server. You will also need a different OTP “generator” for each server or web service that uses OTP and you will most likely still have to enter your password (or a shorter PIN) as well.
One time passwords are short numeric strings of a fixed length. Each time you want to log on somewhere with OTP, the string you enter will be different. The OTP string would change with the time or after each time you use one OTP value.
Continue reading Security of One Time Passwords (OTP)
HTTP stands for hypertext transfer protocol – the universal language of “the web”. HTTPS is a secure variant of this language as it provides tools to verify which website you actually connect to.
Continue reading HTTPS – what does it stand for?
We did a bit of research into what IT start-up companies need in terms of security. I did expect that secure authentication / logons would be at the top but I was surprised that OTP (one time passwords) were at the bottom.
Continue reading “One time passwords” are not passwords