加载中…

加载中...

个人资料
atsec官博
atsec官博 新浪机构认证
  • 博客等级:
  • 博客积分:0
  • 博客访问:32,813
  • 关注人气:12
  • 获赠金笔:0支
  • 赠出金笔:0支
  • 荣誉徽章:
访客
加载中…
好友
加载中…
评论
加载中…
留言
加载中…
分类
博文
标签:

pci

atsec

安全标准

数据保护

支付卡产业安全标准委员会(PCI SSC:Payment Card Industry Security Standards Council)推进全球范围整个支付行业的标准化进程,通过提供以业务驱动、灵活和有效的数据安全标准和评估验证体系,帮助产业的各个机构减少和防止发生数据泄露风险,从而提高支付的安全性。为了保证整个支付产业的安全防护能力,安全建设工作不仅仅是一家机构的工作。存储、传输或者处理持卡人数据的每个机构都必须发挥作用。所以PCI SSC为业界共同制定的安全标准和体系提供了一个开放的平台,从银行、商户和服务提供商到支付设备的制造厂商、软件开发商,寻求行业各机构的共同参与。

首先,通过下图展示传统的支付产业链中相关角色及其典型的支付交易模型。

图:传统支付产业链和相关标准示意

如上图所示,不同的机构在支付产业中
阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

alibaba

pci

3ds

atsec

阿里巴巴


Alibaba Cloud, the digital technology and intelligence backbone of Alibaba Group, announced it has secured the globally recognized Payment Card Industry Three-Domain Secure (PCI 3DS) compliance for all of its seven availability zones in Singapore, Malaysia and Indonesia. The PCI 3DS standard was established by the Payment Card Industry Security Standards Council – a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments worldwide. This latest attestation further strengthens Alibaba Cloud's support for the burgeoning fintech ind
阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
(2021-03-25 09:27)
标签:

pci

pin

atsec

2021年3月12日支付卡产业安全标准标委会(PCI SSC: Payment Card Industry Security Standards Council)正式发布了PCI PIN v3.1标准。这是根据近两年产业内各个机构的反馈意见,针对2018年8月发布的PCI PIN v3.0标准的更新。


v3.1版本的强制使用日期由各个卡品牌来定义,目前Visa已经发布了实施日期要求:
1.v3.1版本从发布之日起,即刻生效。
2.从2021年10月1日起,所有提交到Visa的新评估必须遵循v3.1标准。
3.从2022年1月1日起,Visa不再接受v3.0的PIN AOC证明。
本文,atsec作者将针对重要变更点进行简要的说明:

 

0x01 针对各大章节的总体描述部分的更新

## Overview:v3.0中定义了所有主机2023年1月1日后必须支持ISO PIN Block Format 4的解密,2025年1月1日后必须支持ISO PIN Block Format 4的加密。但由于产业的反馈,目前在该期限内实现的困难较大。因此在v3.1中,对ISO PIN Block Format 4 强制支持的生效日期,暂时不做定义,等待未来的通知。


## Annex A:新增了对ANSI TR 34方法的进一步说明,介绍了该协议的一些典型特征,比如KDH和KRD的证书必须由共同

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

atsec

p2pe

pci

pin

联迪商用

atsec中国很荣幸地宣布在2021年2月完成了福建联迪商用设备有限公司(以下简称“联迪商用”)AxKMS CA(Certification Authority)证书授权/RA(Registration Authority)注册授权组件,以及AxKMS KIF(Key Injection Facility)密钥注入组件的点对点加密P2PE(Point-to-Point Encryption) v3.0标准的安全评估,并获得了支付卡产业安全标准委员会(PCI SSC:Payment Card Industry Security Standard Council)的官方验证。另外,也同时完成了的AxKMS CA/RA系统环境和AxKMS KIF系统环境的PCI PIN V3.0的安全评估。

其中,P2PE的评估结果发布在PCI SSC官方网站的P2PE组件列表上:
https://www.pcisecuritystandards.org/assessors_and_solutions/point_to_point_encryption_components



P2PE标准的目标是推进PCI认可的P2PE解决方案的开发、认证和部署。
阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

atsec

Quotes from our colleagues in Austin:

Viktoria:

It's already March 2021 and today we are celebrating International Women's Day! Growing up in a Russian family, International Women's Day was one my favorite holidays. My dad would always bring flowers and small gifts for my mom and me. It was a peaceful celebration.

This year's IWD is occurring during the Covid-19 pandemic, which has had a major impact on everyone around the world. The United Nations reports that globally, 70% of the healthcare workforce are female. I am grateful for the hard work these healthcare workers have been putting in during this difficult time.

International Women's Day has been celebrated for over a century since it began in 1911. In 1996, the UN started announcing annual themes for this holiday. This year's theme is “Choose to Challenge.” A call to challenge and call out gende
阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

pci

百度

百度智能云

atsec

本文转自百度官方新闻,新闻链接如下:https://mp.weixin.qq.com/s/DNNJasH68yroS3Mfc0Y8ag
新闻正文如下:

 

保障客户支付安全,百度智能云在行动!
 
近日,百度智能云顺利通过由atsec执行的基于支付卡产业数据安全标准(PCI DSS:Payment Card Industry Data Security Standard)的符合性评估。本年度的PCI DSS合规报告于2021年1月30日完成正式的发布,需要强调的是,这也是百度智能云连续第三年通过此认证,安全行业认可度可见一斑。PCI DSS标准的评估涵盖了百度智能云的基础环境、云平台上的安全服务、及其基础架构的安全管理等多诸多方面。
 
此次严苛数据安全标准的通过,意味着百度智能云能以高标准支撑金融云租户达到PCI DSS的相关要求,并且安全合规能力在持续增强,展现了百度智能云成熟的安全架构运维能力和信息安全管理能力,这也标志着在云安全领域,百度智能云始终保持业界领先水平。
 
PCI DSS由VISA、MasterCard、JCB、American Express、Discover Financial Services五家国际卡组织共同制定的支付卡行业数据

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

atsec

嘀嘀

滴滴出行

pcidss

atsec很荣幸地宣布:DiDi Mobility Pte. Ltd和99 Tecnologia Ltda(以下统一简称“滴滴”)于2021年1月完成并持续合规了atsec基于支付卡产业数据安全标准(PCI DSS:Payment Card Industry Data Security Standards)v 3.2.1版本的符合性评估,这也是滴滴在自身业务不断扩展的同时完成的第二次PCI DSS年度合规评估,作为支付行业的商户角色为其客户提供多种支付服务和功能保驾护航。

本次合规范围涉及由滴滴开发的付款授权应用,该应用程序涉及对持卡人数据的传输、存储和处理,因此滴滴单独针对该应用实施严格的网络隔离措施。滴滴作为典型的大型国际化发展商户,业务功能复杂多样、系统组件规模大都给实施合规建设带来很大的挑战和难度。在双方的共同合作下,滴滴的开发、运维、安全等团队相互配合,充分展现了出色技术实力和协作应对能力,最终顺利的完成整改,从而实现持续合规获得atsec发布的年度合规报告(ROC:Report on Compliance)和合规证明(AOC:Attestation of Compliance)。

atsec资深顾问和PCI 评估师QSA张志鹏评论到:“首先祝贺滴滴顺利的通过本次复审评估, 持续地达到了PCI DSS的合规
阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

ietf

tls

ssl

cmvp

In 2018, the Internet Engineering Task Force (IETF) published RFC 8446, “Transport Layer Security (TLS) Protocol Version 1.3”, a new standard for the latest version of TLS. TLS is the successor of SSL (Secure Sockets Layer), which was developed by Netscape in 1995. In 2020, the Cryptographic Module Validation Program (CMVP) updated the algorithm testing process from the Cryptographic Algorithm Validation System (CAVS) to the Automated Cryptographic Validation Testing System (ACVTS)
阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

atsec

attack

solarwinds

The attack on the SolarWinds network management platform Orion allowed a bad actor to inject malware into the product prior to it being signed and deployed to customers during a regular software update. This highlights a largely underappreciated but universal truth of the Internet age--almost all businesses depend on a software supply chain they do not control. This attack affected many IT infrastructures across all industries.


Here at atsec, we do not use any of the tools involved, so we have no concerns about this attack related to our local network, our data, or the data we maintain for our customers. However, a number of other companies, like health insuranc

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

atsec

gsma

nesas

The GSMA (Global System for Mobile Communications) organization recognizes atsec's ISO/IEC 17025 accreditation that now allows network product evaluations against NESAS Security Assurance Specifications (SCAS).

 

The NESAS scheme is a collaboration and jointly led by 3GPP and the GSMA, and is open to all vendors of network equipment products that support 3GPP defined functions. NESAS has been developed to strengthen the level of security in 5G and LTE networks following established best practices and schemes that provide security assurance.

 

NESAS defines security requirements and an assessment framework for secure product development and product lifecycle processes, as well as testing requirements using 3GPP defined security test cases for the security evaluation of network equipment.

 

atsec is the first laboratory

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
  

新浪BLOG意见反馈留言板 电话:4000520066 提示音后按1键(按当地市话标准计费) 欢迎批评指正

新浪简介 | About Sina | 广告服务 | 联系我们 | 招聘信息 | 网站律师 | SINA English | 会员注册 | 产品答疑

新浪公司 版权所有