Collaborate Disseminate
Reading the ETSI EN 319 102-1 V1.1.1 (2016-05) Electronic Signatures and Infrastructures (ESI); Procedures for Creation and Validation of AdES Digital Signatures; Part 1: Creation and Validation.
The signature validation procedures and re… Continue reading QES AdESQC TL based Signature Validation Policy
I am wondering, if it should be possible to transfer PIN in case of migrating between different payment schemes like Mastercard or VISA.
For example, when I have a card issued by Mastercard, and it will be changed to VISA, i… Continue reading PIN transfer between payment schemes
I’m trying to figure out how to generate private key for the Root CA according the principles of WebTrust.
One additional requirement I have that the generate private key should be then imported to any HSM, independent of th… Continue reading Root CA key generation compliant with WebTrust and HSM independent
Does Common Criteria requires physical security controls?
Or this is independent on CC and should be specified in Protection Profiles? If there are no requirements on physical security in PP, then evaluation can be done pure… Continue reading Common Criteria physical security requirments
I would like to create a solution that would sign the data and will have a increasing counter so I can track the number of signatures.
One of the requirement is to have an increasing order of signature to track the history. … Continue reading How to protect file integrity and history containing counters
The PCI DSS requirement 8.2.3 says:
Passwords/passphrases must meet the following:
Require a minimum length of at least seven characters.
Contain both numeric and alphabetic characters.
Alternatively, … Continue reading PCI DSS minimum password strength equivalent in passphrase
This question already has an answer here:
Is CVV calculated or merely assigned?
1 answer
I’m looking for a definition of … Continue reading CVV/CVC code algorithm [duplicate]
I am wondering how to comply with PCI DSS requirements (11.3) to test segmentation controls using penetration testing in AWS serverless architecture.
We are using components such as AWS Lambda, AWS API Gateway, AWS Cloudfron… Continue reading AWS serverless architecture compliance with PCI DSS 11.3 penetration testing segmentation
There is a bank who has internal system working with card data preparation, generating PANs, and finally preparing personalization files that are sent to third party card manufacturer.
The bank can see in their internal syst… Continue reading PCI compliance for bank card system
I am implementing a public mobile wallet application where user can add his own card, like Android Pay, or Samsung Pay on Android device.
The standard way how these applications are initially working is following:
Open wal… Continue reading secure public facing wallet API accessed by mobile devices