The Information Security Provider
atsec IT Security Blog
News about Common Criteria, Cryptographic Modules, Conferences
and other topics revolving around IT security.
-
New Service – eIDAS Trust Service Provider Assessments
atsec is happy to announce that we are now a licensed Conformity Assessment Body (CAB) under Electronic Identification, Authentication and Trust Services (eIDAS). eIDAS is an EU regulation on electronic identification and trust services for electronic transactions that applies as law within the whole of the EU. Trust…
-
“You’ve grown so much!” – atsec’s 20th Birthday
During my almost 20 years with the company (first as a freelancer, then as an employee) I have seen atsec grow from a small, determined group of IT professionals in a crammed room full of computers into an international company with a well-earned, excellent reputation in the IT…
-
Holiday Greetings from atsec!
(click on the image or follow this link for a special greeting from atsec) To all of our valued customers, colleagues, friends and family we wish Happy Holidays and a Safe and Secure New Year. We are looking forward to working with you in the coming year. Regards,your…
-
A PCI WALK IN THE CLOUDS
November 21, 2019, Melbourne, Australia atsec China participated in the PCI Security Standards Council’s 2019 Asia-Pacific Community Meeting held in Melbourne, Australia from the 20th to 21st of November, and also hosted a booth. atsec’s principal consultants provided a presentation on “a PCI Walk in the Clouds.” atsec…
-
atsec presented at InnoTech Austin 2019
atsec US Corporate Vice President and Lab Director, Yi Mao, presented “Crypto Testing Leading to Better Security” at InnoTech Austin 2019. Through many examples, Dr. Mao showed the audience that cryptography is the hard core providing data confidentiality, integrity and authenticity. Cryptographic algorithms are used to encrypt sensitive…
-
How can OpenSSL survive FIPS 140-2 validation in 2020?
by Stephan MuellerThe OpenSSL project outlined the development strategy pertaining to the Federal Information Processing Standard (FIPS) 140-2 code in the November 7th, 2019 OpenSSL blog titled “Update on 3.0 Development, FIPS and 1.0.2 EOL.”[1] As a summary, the following relevant aspects for FIPS 140-2 are communicated. · The…
-
SP800-90A and SP800-90B compliant Linux Random Number Generator
Stephan Mueller With the enforcement of SP800-90B starting in November 2020, the noise sources behind the Linux /dev/random, /dev/urandom and the getrandom system call interfaces must comply with all requirements stipulated by SP800-90B. If this compliance is not achieved, all modules using Linux random number generator as entropy…
-
First Commercial ACVP Testing with Regular Three-party Setup Completed
The atsec Automated Cryptographic Validation Protocol (ACVP) tool set demonstrated that ACVT is fully production-ready with the completion of the ACVP test run of 3,529 test vector sets managed by 329 test sessions. The testing marks the first successful production test run of ACVT with the three-party approach…
-
atsec China adds PCI QPA qualification
atsec China (with the official name – atsec (Beijing) Information Technology Co., Ltd) has been qualified by the PCI SSC (Payment Card Industry Security Standards Council) as a QPA (Qualified PIN Assessor) company to perform the PCI personal identification number (PIN) security assessments according to the PCI PIN…