FAQ: FIDO Relevance for GDPR
White Paper: FIDO for GDPR – FIDO Authentication and the General Data Protection Regulation
White Paper: FIDO for PSD2 – Providing for a satisfactory customer journey
“The DEI is the logical evolution to make data protection a ubiquitous service on the network, accessible to systems and applications through a uniform interface, with the ability to address diverse data security regulations while leveraging the cloud for business benefits.”
—Published in http://www.infoq.com on Feb 07, 2013.
“For those interested in understanding some simple mechanics of how digital certificates work, why are they necessary, and how they can protect you, a good introductory paper can be found at this link.”
—Mozilla Developer Network
Visit the above-mentioned link here: Introduction to Public Key Cryptography
“In 2003, California passed Senate Bill 1386, requiring companies to report breaches of computerized systems resulting in access to sensitive information about a California resident. With the subsequent passage of similar laws in nearly 40 other U.S. states, it is now evident that our computer infrastructure is far more porous than we previously imagined.”
“Most security professionals are familiar with symmetric key-based cryptography when presented with terms such as Data Encryption Standard (DES), Triple DES (3DES), and the Advanced Encryption Standard (AES). Some are also familiar with Public Key Infrastructure (PKI) as an enterprise-level solution for managing the life cycle of digital certificates used with asymmetric key cryptography. However, the term Symmetric Key Management System (SKMS) — which refers to the discipline of securely generating, escrowing, managing, providing access to, and destroying symmetric encryption keys — will almost always draw blank stares.”
—Published in the ISSA Journal, February 2007
“Contrary to what you might have heard or read in the Information Technology (IT) press, companies have built Public Key Infrastructures (PKI) successfully, and use them daily to solve day-to-day business problems. What is little known, however, is the magic potion these companies used to make their PKIs successful. This paper will attempt to demystify some of that magic and provide you guidance that can help you navigate the pitfalls as you deploy your PKI.”
“Businesses need to address SB 1386 compliance effectively by implementing this four-part solution. This document presents an overview of what companies should address when putting their SB 1386 compliance infrastructure together.”
— Published in the ISSA Journal, May 2003
The Export Administration Regulations (EAR) provide information on the export restrictions on a wide variety of goods, software, and technologies. StrongKey, Inc. products are subject to the control of exports under the United States Bureau of Industry and Security (BIS). An item subject to U.S. export controls is not necessarily unable to be exported. In the case of StrongKey encryption products, a one-time government technical review/notification is required prior to exporting. Once a review has been completed, products may become eligible for a particular export license exception. This export authority may then be used by all exporters, not just StrongKey. For Export Control Classification Number (ECCN) information, please email firstname.lastname@example.org.
StrongKey’s products may not be exported to the embargoed countries and denied parties/affiliates without an export license.
We are providing this information as a general guideline to our customers. BIS requires that each entity exporting products be familiar with and comply with their affirmative obligations set forth in the Export Administration Regulations. Please note that the regulations are subject to change. We recommend that you obtain your own legal advice when attempting to export. In addition some countries may restrict certain levels of encryption imported into their country. We recommend consulting legal counsel in the appropriate country or the applicable governmental agencies in the particular country.
NCCoE Announces Technology Collaborators for Mobile Applications SSO Project
NIST’s National Cybersecurity Center of Excellence (NCCoE) is working with the public safety and first responder (PSFR) community to develop a Mobile Application Single Sign-On (SSO) solution to assist PSFR personnel in immediately accessing critical public safety data during states of emergency. After publishing a final project description, the NCCoE released a Federal Register notice seeking technology collaborators.
As this project moved into the build phase, NIST announced the chosen technology vendors who will collaborate with them on this project: Motorola Solutions, Nok Nok Labs, Ping Identity, StrongKey, and Yubico. With the participation of these vendors, the Mobile SSO project will leverage available technologies to help increase security and efficiency in high-stakes, time-sensitive situations. To learn more, please read the project description or the two-page fact sheet.
The team recently presented an overview of the project at the PSCR Public Safety Broadband Stakeholder Meeting. Click here to view the presentation.