This paper was presented at the Sixth Conference on Security and Cryptography for Networks (SCN 2008), Amalfi, Italy. A new identity-based key agreement protocol designed to operate on the network layer is presented. Endpoint addresses, namely IP and MACaddresses, are used as public keys to authenticate the communication devices involved in a key agreement, which allows us to piggyback much of the security overhead for key management to the existing network infrastructure.
Guidelines for secure use of approved hash algorithms have been updated by the U.S. National Institute of Standards and Technology, providing the technical specifications for the latest Federal Information Processing Standards (FIPS). NIST publications on security (including encryption and key management) have played a prominent role for many years, especially for government applications.
Members of the OASIS Identity Metasystem Interoperability Technical Committee have approved a Committee Draft version of the "Identity Metasystem Interoperability Version 1.0" specification for public review. The review period extends through April 27, 2009. This specification is intended for developers and architects who wish to design identity systems and applications that interoperate using the Identity Metasystem Interoperability specification.
Heartland CEO Calls for Industry Cooperation to Fight Cyber Criminals and Adoption of End-To-End Encryption
For the past year, Carr has been a strong
advocate for industry adoption of end-to-end encryption - which
protects data at rest as well as data in motion - as an improved and
safer standard of payments security. While he believes this technology
does not wholly exist on any payments platform today, Heartland has
been working to develop this solution and is more committed than ever
to deploying it as quickly as possible.
In recent years, high-profile data breaches and identity thefts have
grabbed countless headlines. The media coverage suggests it's an
emerging problem, but unfortunately these cybercrimes and their
frequency are nothing new. Instead, what's changed are the new laws,
such as California law SB 1386, requiring organizations to notify
individuals when unencrypted personal information has been—or at least
is reasonably believed to have been—acquired by an unauthorized entity.