-
Cryptomathic and PQShield form strategic alliance to offer PQC solutions for code signing and data protection in compliance with latest NIST and CNSA recommendations
Two foremost software security experts and pioneers in cryptographic agility and post-quantum cryptography join forces to offer comprehensive, quantum-resistant software solution after new PQC standards are released by NIST Two foremost software security experts and pioneers in cryptographic agility and post-quantum cryptography join forces to offer comprehensive, quantum-resistant software solution after new PQC standards are…
-
The Challenges of Certifying the EUDI Wallet: A Deep Dive
As the European Union solidifies the framework for the EUDI (European Digital Identity) wallet, the certification process outlined in the Implementing Acts has made significant progress. By establishing the certification requirements for the Wallet Secure Cryptographic Device (WSCD) and the Wallet Secure Cryptographic Application (WSCA), the act lays down important steps toward ensuring the security…
-
Qualified Electronic Signatures – Best Practice Implementation of the Signature Activation Module (SAM)
This article evaluates the implementation options for the Signature Activation Module (SAM) in the context of eIDAS 2. Based on this analysis we recommend placing the SAM inside the Cryptographic Module within the tamper-protected environment provided by the Qualified Signature Creation Device (QSCD). This article evaluates the implementation options for the Signature Activation…
-
Hard Truths About Hardware: Why the EUDI Wallet Needs More Than Just Secure Chips
Mobile phones are increasingly vulnerable to hacking and fraud, presenting significant challenges for securing sensitive applications like the EUDI wallet. As the European Union rolls out the EUDI wallet, it must tackle one of the most pressing security issues: how to prevent hacking or tampering of the EUDI wallet. The EUDI wallet holds the promise…
-
Assessing the EUDI Wallet Reference Implementation Code
The EUDI wallet reference implementation serves as a practical guide for developers to create secure digital identity management solutions based on the ARF (Architecture Reference Framework). This post delves into the details of the reference implementation code, highlighting mitigation strategies to address its vulnerabilities. The EUDI wallet reference implementation serves as a practical guide for…
-
Key Vulnerabilities of the EUDI Wallet Solution Reference Architecture (ARF)
The EUDI (European Digital Identity) wallet solution reference architecture (ARF) is designed to provide a secure framework for managing digital identities across various services. However, it is essential to identify and address potential vulnerabilities within the ARF. Failure to do so will compromise the security, privacy and integrity of the system. The EUDI (European Digital…
-
Encryption in transit over external networks: AWS guidance for NYDFS and beyond
On November 1, 2023, the New York State Department of Financial Services (NYDFS) issued its Second Amendment (the Amendment) to its Cybersecurity Requirements for Financial Services Companies adopted in 2017, published within Section 500 of 23 NYCRR 500 (the Cybersecurity Requirements; the Cybersecurity Requirements as amended by the Amendment, the Amended Cybersecurity Requirements). In the introduction…
-
Announcing AWS KMS Elliptic Curve Diffie-Hellman (ECDH) support
When using cryptography to protect data, protocol designers often prefer symmetric keys and algorithms for their speed and efficiency. However, when data is exchanged across an untrusted network such as the internet, it becomes difficult to ensure that only the exchanging parties can know the same key. Asymmetric key pairs and algorithms help to solve…
-
AWS Wickr achieves FedRAMP High authorization
Amazon Web Services (AWS) is excited to announce that AWS Wickr has achieved Federal Risk and Authorization Management Program (FedRAMP) authorization at the High impact level from the FedRAMP Joint Authorization Board (JAB). FedRAMP is a U.S. government–wide program that promotes the adoption of secure cloud services by providing a standardized approach to security and…
-
AWS Wickr achieves FedRAMP Moderate authorization
Amazon Web Services (AWS) is excited to announce that AWS Wickr has achieved Federal Risk and Authorization Management Program (FedRAMP) authorization at the Moderate impact level from the FedRAMP Joint Authorization Board (JAB). FedRAMP is a U.S. government–wide program that promotes the adoption of secure cloud services by providing a standardized approach to security and…