加载中…

加载中...

个人资料
atsec_中国
atsec_中国 新浪机构认证
  • 博客等级:
  • 博客积分:0
  • 博客访问:16,626
  • 关注人气:10
  • 获赠金笔:0支
  • 赠出金笔:0支
  • 荣誉徽章:
访客
加载中…
好友
加载中…
评论
加载中…
留言
加载中…
分类
博文

2017年11月29日,atsec受邀出席了在上海举办的2017中国航空及旅游-支付及防欺诈论坛,并发表题为“参考PCI浅谈航旅领域支付数据安全”的讲演。

 

随着电子支付的发展趋势和网络消费行为的暴增,导致个人的基本信息和卡数据等信息更容易被窃取、利用和售卖。数据泄露事件层出不穷,攻防形势不容乐观,需要各个机构持续致力于针对数据安全的保护。在本次论坛中,除了交易欺诈,交易风控被高度重视外,数据安全防护也同样备受瞩目。atsec作为本次论坛唯一一家第三方信息安全机构,站在中立的视角为航旅产业以及支付产业提供了更好平衡业务、风险和安全的新思路。

 



 

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

数据保护

gdpr

pci

作者:白海蔚、刘岩(atsec中国)

关键词:数据保护、GDPR、PCI

本文为atsec和作者技术共享类文章,旨在共同探讨信息安全业界的相关话题。未经许可,任何单位及个人不得以任何方式或理由对本文的任何内容进行修改。转载请注明:atsec信息安全和作者名称。


1 GDPR和PCI DSS的概念
1.1 什么是GDPR

一般数据保护法规(GDPR:General Data Protection Regulation)(Regulation (EU) 2016/679)于2016年4月27日由欧洲议会(European Parliament)、欧洲联盟理事会和欧洲委员会正式发布,该法规旨在加强和统一欧盟个人的数据保护。 该法规发布同时也废除了早先发布且长期执行的第95/46号指令(一般数据保护法规)。


GDPR经过两年的过渡期后,自2018年5月25日起成为强制执行法
阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

atsec

p2pe

pci

中国,北京 - 2017年11月,atsec中国正式获得PCI安全委员会PCI点对点加密(Point-to-Point Encryption (P2PE)™)的评估资质,且同时获得了面向P2PE解决方案和P2PE组件执行评估的P2PE QSA(Qualified Security Assessor)合格评估资质和面向P2PE应用执行评估的P2PE PA QSA(Payment Application Qualified Security Assessor)支付应用评估资质。

 

目前正在采用的P2PE标准版本为2015年7月发布的2.0版本,且产业正在基于该版本进行征求意见和修订,atsec已经积极参与到该工作中。P2PE标准被公认为PCI产业内复杂度较高需要很强测评能力背景的技术标准,其中涵盖和关联了诸多PCI以及信息安全产业标准,包括但不限于PCI DSS、PCI PA DSS、PIN Security,以及PTS和FIPS 140等。atsec成功获得了P2PE的资质,可以更加全面的为产业各个机构提供该产业内的专家服务,同时也更加积极的跟进产业动态,为PCI产业相关标准、技术的研制和推进做出贡献。

 

产业各个机构(包括商户、收单机构等)有效地采用经过测评和验证的P2PE解决方案,可以有效的精简持卡人数据环境,并使得持卡人数据等信息按照PCI等产业标准要求得到

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

15408

iso/iec15408

iso

cc



阅读  ┆ 评论  ┆ 转载 ┆ 收藏 

We are happy to hear that the latest revision of TR 15446:Guidance for the production of Protection Profiles and Security Targets has been published by ISO.



ISO/IEC TR 15446 provides guidance relating to the construction of Protection Profiles (PPs) and Security Targets (STs) that are intended to be compliant with the third edition of ISO/IEC 15408 (all parts). It is also applicable to PPs and STs compliant with Common Criteria Version 3.1 Revision 4, a technically identical standard published by the Common Criteria Management Board, a consortium of gove
阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
Hi folks,

The updated study for the Linux /dev/random and /dev/urandom has now been
published at BSI. Please see [1] for the general web site and [2] for the
study.

Please note that at [1], there are additional documents for reusing the NTG.1
conclusion of the study for Linux-based evaluations.

For the FIPS 140-2 folks: [2] should now be our entropy assessment report. In
particular, chapter 6 provides the assessment according to SP800-90B we need.
This study also contains in section 6.3 measurements of entropy during early
boot time that will be necessary in the proposed update to SP800-90B.

This study will be continued for each new kernel version that comes out. The
first kernel the study applies to is v4.9.

[1] ht
阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
(2017-11-01 11:14)
标签:

atsec

信息安全

it



This first chart shows the number of evaluations completed in each year of the CCRA.


For the first version of CC, published in 1998, and in version 2, there was no concept of strict or demonstrable conformance.

 This situation remained until CC version 3 was published in 2005. At that time three types of confor

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

atsec

pci

3-dsecure

中国,北京 - 2017年10月底,PCI安全委员会正式发布新的针对3-D Secure的安全标准:The PCI Security Requirements and Assessment Procedures for EMV® 3-D Secure Core Components: ACS, DS, and 3DS Server。另

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 

Dear Community,

 


It is the second time that I have had the honor and pleasure to open the International Cryptographic Module Conference. This year is very special since it is the fifth anniversary of the conference.



I'd like to welcome you all with an image from the end of the 1st ICMC. Many of you may still remember that we used the flamingos to say 'Thank you,' in many different languages, for your participation.

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 

Introduction

Over the past decades’cars have become one of the most complex IT systems. Today each new car has a large number of computer systems interconnected within the car over different bus systems. With the integration of additional assistance systems as required by semi-autonomous or fully autonomous (self driving) cars, the overall complexity of IT systems in the car will increase further as will the requirements for the ability of the car to communicate with cloud services, road-side infrastructure, and other cars.


Communication and its Security Problems&nb

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
  

新浪BLOG意见反馈留言板 不良信息反馈 电话:4006900000 提示音后按1键(按当地市话标准计费) 欢迎批评指正

新浪简介 | About Sina | 广告服务 | 联系我们 | 招聘信息 | 网站律师 | SINA English | 会员注册 | 产品答疑

新浪公司 版权所有