Contact Us   |   Print Page   |   Sign In   |   Register
ISSA Journal Resources Courtesy to X9 Members

Articles are for private viewing by X9 members only. Click title to download.
Please feel free to browse the website. Note, however, some areas are members-only.

Anonymous Digital Signatures | By Phillip H. Griffin 3/19

Though anonymous digital signatures have been around for quite a while and implemented in many products, there is now a renewed interest of their application in new and emerging technologies such as electronic voting, cryptocurrencies, blockchains, distributed ledgers, payments, and smart contracts.

Did GDPR Revoke the Digital Certificate? | By Jeff Stapleton and Stephen Wu 12/18

The European Union's General Data Protection Regulation (GDPR) became effective this year. Where it is applicable law, and for companies that must comply with it, did GDPR just make traditional public and private digital certificates and certification services unlawful? This article reexamines certificates in light of GDPR.

Cloud Cryptography and Key Management | Jeff Stapleton 10/18

This article describes data encryption methods and key management practices. Regardless of the methods or the practices, using an HSM is a best practice for information security procedures.

Interview: Dr. Michele Mosca | Editorial Advisory Board 6/18

We caught up with quantum computing researcher Dr. Michele Mosca, who graciously answered our questions concerning the state of quantum computing and what the future holds.

Rationalizing Behavioral Biometrics | Maria Schuett 6/18

This article describes the need to implement behavioral biometrics as a way to validate access control in an organization. Organizations need to be aware of the ethical implications that biometric implementations can bring.

Spoofing a Hardware Security Module | Jeff Stapleton 6/18

This article compares valid key management techniques using a cryptographic hardware security module (HSM) with commonly used untrustworthy software-based crypto methods that basically spoof the HSM. An alternative standards-based scheme is introduced.

Biometric Electronic Signatures | Phillip H. Griffin 11/17

This article discusses mutual and multi-factor authentication based on passwords combined with biometrics.

Cryptographic Architectures: Missing in Action | Jeff Stapleton 7/17

Documenting network topology, information technology, and system architectures are common development methods. However, cryptographic architectures are often ignored due to lack of knowledge or overlooked to avoid complexities. This article discusses the critical importance of identifying and understanding the cryptographic architectures.

Gaining Confidence in the Cloud | Phillip Griffin and Jeff Stapleton 1/16

In cloud deployments organizations remain responsible for ensuring the security of their data. Can cloud-based technologies, such as the blockchain, play a role in providing cloud subscribers assurance their data is being properly managed and that their cloud service provider is in compliance with established security policies and practices?

Transport Layer Secured Password-Authenticated Key Exchange | Phillip H. Griffin 6/15

This article describes how to achieve mutual authentication using Transport Layer Security (TLS) without client certificates or major changes to the TLS protocol. Using a password-authenticated key exchange (PAKE) protocol following the TLS handshake can protect user credentials from phishing and man-in-the-middle attacks.

Formal Security Protocol Analysis | Phillip H. Griffin 4/15

Help is on the way. Help in finding flaws in cryptographic protocols before the bad people do. Help in selecting the most secure alternative for fixing a defect. Help in deciding whether a proposed protocol amendment can actually strengthen or weaken security. Help in gaining the assurance provided by security proofs long before a protocol is implemented and deployed.

Web Services Security For All | Phillip H. Griffin 9/14

Secure web services currently play an important role in information sharing and in smart meter and smart home systems integration. This article proposes standardization of existing web-services security tokens to enhance their performance and suitability for use in resource-constrained environments. Creation of a new security token to support both biometric authentication and biometric identification is also proposed.

Mobile Security Banking and Payments Standard | Jeff Stapleton 6/14

With more than 7 billion inhabitants on the planet, theoretically 6 billion people can access mobile banking, and 3.5 billion can participate in mobile payments. ANSI and ISO workgroups are developing mobile standards, but once again technology and markets have stayed ahead of the requirements and security controls.

Crypto in Crisis: Heartbleed | Jeff Stapleton 6/14

What we do know is that in April 2014 NIST released CVE-2014-0160 and CERT released VU#720951 identifying the Heartbleed bug.

Cloud Services Compliance Data Standard | Jeff Stapleton 4/14

The X9F4 standards workgroup is developing a new ANSI standard for cloud services and is inviting participation by interested organizations. This article discusses some of the security issues being researched in order for cloud subscribers to verify cloud provider compliance.

PKI Under Attack | Jeff Stapleton 3/13

In the September 2012 ISSA Journal, the author looked at a concise history of public key infrastructure and mentioned several Certificate Authority compromise incidents from 2011. This trend seems to be continuing as PKI continues to be under attack. This article explores various PKI vulnerabilities.

Signcryption Information Assets | Phillip H. Griffin 6/12

The author discusses signcryption, a relatively new hybrid cryptographic primitive that can be performed faster than traditional signature

A Concise History of Public Key Infrastructure | Jeff Stapleton 9/12

The author explores the history of Public Key Infrastructure from the viewpoint of its more significant technical publications.

The Art of Exception | Jeff Stapleton and Benjamin Cobb 7/11

Organizations routinely allow exceptions to security policies, standards, or practices. Managing exceptions is often the unappreciated duty of information security professionals such that the art and science of exception management often has unreasonable and too simplistic expectations.

PAN Encryption: The next evolutionary step? | Jeff Stapleton 6/09

This article discusses the current protection scheme for protecting the PIN and the relatively new requirements for protecting the PAN – the primary account number.

ISO 19092: A Standard for Biometric Security Management | Phillip H. Griffin 1/07

Organizations that rely on biometric technology need to protect and manage the security of their biometric assets.

Community Search
Sign In


ISSA Thought Leadership Series: Your Hygiene is Showing-Improving Risk Posture

2019 South Florida ISSA Conference

ISSA International Series: Threat Detection - Trends and Technology

4/1/2019 » 4/3/2019
InfoSec World 2019 Conference & Expo

ISSA of Wisconsin - Annual Meeting and Conference

Copyright © 2016, Information Systems Security Association, All Rights Reserved
Privacy PolicyCopyright Information