• 博客(45)
  • 收藏
  • 关注

原创 PQC: Kyber and Dilithium - State of the (Draft) Standards

On November 15 2023 NIST announced that the three algorithms will be available for testing at the ACVP Demo service.

2023-11-21 10:43:22 42

原创 atsec at the PCI Community Meeting 2023

atsec participated in the PCI (Payment Card Industry) Security Standards Council 2023 Asia-Pacific Community Meeting held in Kuala Lumpur, Malaysia, on 15 and 16 November and hosted a booth.

2023-11-17 11:41:47 37

原创 atsec at the International Common Criteria Conference 2023

As in previous years, atsec is attending the International Common Criteria Conference, this time in Washington DC from October 31st to November 2nd 2023.

2023-11-01 09:00:19 363

原创 Cybersecurity Requirements for Medical Devices

On September 26, 2023, The Food and Drug Administration (FDA) released their finalized Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions guidance document.

2023-10-16 09:50:51 57

原创 PCI 3DS 技术常见问题解答(FAQ)简介

备选的HSM管理要求从如何加强认证操作人员身份(采用多因素认证方式)、采用安全通道、双人操作和知识分离方式、经过安全认证的安全加密设备(SCD:Secure Cryptographic Device)对密钥进行操作等方面入手确保实现对HSM的安全管理,做到了在不降低安全要求级别的前提下,极大的减少对3DS实体对HSM的操作限制,有效的提供了3DS实体的操作效率。对于PCI 3DS评估,机构除了需要符合PCI 3DS核心安全标准的要求,还需要考虑PCI 3DS 技术FAQ“

2023-10-08 09:46:14 68

原创 The 11th International Cryptographic Module Conference

​The11th International Cryptographic Module Conference (ICMC)started today. This year the conference is held from September 20th to 22nd 2023 at the Shaw Center in Ottawa Canada.

2023-09-21 16:29:41 37

原创 Artificial Intelligence in Evaluation, Validation, Testing and Certification

Everybody seems to jump on the AI bandwagon these days, “enhancing” their products and services with “AI.” It sounds, however, a bit like the IoT hype from the last decade when your coffee machine desperately needed Internet access.

2023-09-13 14:56:03 38

原创 atsec出席2023年PCI社区会议发表主题讲演

atsec将参加2023年11月15日至16日在马来西亚举办的PCI亚太地区社区会议(PCI Community Meeting),并发表技术讲演和分享。

2023-09-07 10:23:05 53

原创 Entropy Source Validation (ESV) Certificate Issued for the Intel DRNG

Recently the CMVP has granted ESV certificate #E57 to the Intel DRNG entropy source. The testing and submission was done by atsec and it marks the first ESV certificate granted to the Intel DRNG.

2023-08-21 13:11:51 40

原创 First Post-Quantum Algorithm Certificate issued by CAVP

​On July 14, atsec obtained the first validation certificate for a post-quantum cryptographic algorithm:A4204.

2023-07-21 09:19:59 53

原创 The IoT Security Global Certification Challenges

In today's interconnected world, the Internet of Things (IoT) has become an integral part of our daily lives. From smart homes to industrial automation, IoT devices are revolutionizing various industries.

2023-07-19 09:10:49 82

原创 CEST (Confidential Evaluation of Software Trustworthiness) project finished

Following thenews published in early 2022, atsec would like to proudly announce a successful completion of the CEST (Confidential Evaluation of Software Trustworthiness) project - a Swedish research project funded byVinnova.​

2023-06-25 08:41:31 53

原创 atsec attended the Omnisecure conference in Berlin

​Like last year, three representatives of atsec Germany attended theOmnisecure conferencefrom May 22 through 24, 2023, in Berlin.

2023-06-20 09:03:54 53

原创 MOVEit Vulnerability

An alleged Russian-linked ransomware gang has exploited a vulnerability in a popular file transfer tool called MOVEit to attack both commercial and government targets world-wide.

2023-06-16 09:29:01 61

原创 atsec中国完成携程基于PCI DSS v4.0标准的合规评估

atsec很荣幸地宣布:上海携程商务有限公司(以下简称“携程”)(英文全称“Shanghai Ctrip Commerce Co., Ltd”)于2023年6月,在产业内率先通过了atsec基于支付卡产业数据安全标准(PCI DSS:Payment Card Industry Data Security Standards)v4.0版本的符合性评估。

2023-06-15 16:11:37 154

原创 atsec完成 vivo X Fold2的CC评估和认证

atsec荣幸地宣布,atsec瑞典CC实验室成功的完成了维沃移动通信有限公司(品牌名为“vivo”)的 vivo X Fold2的通用评估准则(CC:Common Criteria)评估,并获得了由瑞典FMV(Försvarets materielverk)负责运维的CSEC(Sveriges Certifieringsorgan f"or IT-s"akerhet)体系发布的认证证书(证书编号:CSEC2022015)。

2023-05-26 23:35:22 122

原创 atsec at the EU Cybersecurity Act Conference and Crypto Module Day

atsec recently attended two conferences that focused on cybersecurity certification: the International Conference on the EU Cybersecurity Act and Crypto Module Day Conferences in Brussels, Belgium, from March 28 to March 30, 2023.Both conferences focused o

2023-05-22 10:16:23 51

原创 atsec at the EU Cybersecurity Act Conference and Crypto Module Day

atsec recently attended two conferences that focused on cybersecurity certification: the International Conference on the EU Cybersecurity Act and Crypto Module Day Conferences in Brussels, Belgium, from March 28 to March 30, 2023

2023-04-14 09:21:05 58

原创 8位长度银行卡BIN码在PCI DSS中的实践

现代银行与支付系统很大程度上依赖于银行卡作为用户账户的代表,而银行卡号PAN则是用户账户的唯一体现。常见的银行卡卡号从14位到19位数字不等,其编码规则严格遵循国际标准ISO/IEC 7812。目前最新的标准为ISO/IEC 7812-1:2017(en)。该标准定义了PAN的三个组成部分,分别是发卡行识别码(IIN或者BIN)、个人账户号码(Individual Account Number)、校验码(Check Digit)

2023-04-12 16:33:36 413

原创 atsec information security at the Milan Security Summit 2023

After years of video conferences, the Security Summit was finally back in person in Milan, Italy, from March 14 to 16, 2023. atsec couldn’t miss the opportunity to participate as gold sponsor in one of the most important cyber security events held in Italy

2023-03-29 09:38:39 203

原创 CC:2022 is HERE!


2023-03-21 09:38:34 72

原创 atsec成功完成FIT的IBM Socket产品线ISO/IEC 20243 (O-TTPS)评估和认证

atsec中国很荣幸地宣布在2023年2月完成了英属开曼群岛商鸿腾精密科技股份有限公司台湾分公司(以下简称“FIT”)的IBM Socket产品线ISO/IEC 20243:2018,即开放可信技术供应商标准(O-TTPS v1.1.1:Open Trusted Technology Provider™ Standard)的安全评估,并获得了认证机构国际开放标准组织(The Open Group)的认证。

2023-03-20 11:16:02 187

原创 atsec is now operating a Certification Body accredited according to ISO/IEC 17065(英文文章)

We are pleased to announce that atsec information security AB has been accredited as a certification body by SWEDAC, the national accreditation body in Sweden, to provide Common Criteria (CC) certifications of IT products.With over 20 years of experience a

2023-03-14 11:03:21 83

原创 atsec将于2023年4月20日至21日在上海开展支付卡产业安全标准研讨会和培训

本培训课程将探讨开展支付卡产业数据安全标准(PCI DSS:Payment Card Industry Data Security Standards),及其相关标准的符合性建设的目的、标准结构、历史和现状分析、典型参与角色和他们的职责、支付卡品牌定级和验证要求、标准技术要求和实施最佳实践;atsec将在本课程中与学员分享近期项目心得,包括实现合规的难点和重点,以及业界最佳实践的积累,并共同探讨产业内新兴的技术和热门话题。本课程将以研讨会和培训的形式展开,包括讲演、教师指导的讨论、案例分析、实践练习等。

2023-03-13 15:06:04 78

原创 atsec China completed Huawei’s PCI SSF assessment

atsec completed successfully the PCI SSF (PaymentCard Industry Software Security Framework) secure software and secure SLCassessments for Huawei Technologies Co., Ltd.(hereafter "Huawei"),and the assessment results were validated and published by PCI SSC (

2023-03-10 10:37:10 157

原创 女神节快乐


2023-03-08 09:20:36 61

原创 CNSA 2.0 and Quantum Resistant Encryption Algorithms

The National Security Agency (NSA) has released the Commercial National Security Algorithm (CNSA) Suite 2.0 and Frequently Asked Questions detailing future quantum resistant (QR) algorithm requirements for National Security Systems (NSS). CNSA 1.0 was publ

2023-02-16 12:51:44 82

原创 Happy Valentine’s Day

atsec information security wishes all colleagues, customers, suppliers, and partners a Happy Valentine’s Day filled with joy, happiness, and security!

2023-02-14 10:48:59 56

原创 A Sign for atsec Sweden


2023-02-01 18:39:39 60

原创 atsec中国完成安徽悦航SPayPOS产品基于PCI SSF的安全软件认证

atsec很荣幸地宣布在2022年12月完成了安徽悦航信息技术有限公司(英文“Anhui YuehangInformation Technology Co., LTD”)(以下简称“安徽悦航”)SPayPOS产品,基于支付卡行业(PCI:Payment Card Industry)的软件安全框架(SSF:Software Security Framework)中安全软件(Secure Software)标准要求的评估,并获得了支付卡产业安全标准委员会(PCISSC:Payment Card Industry

2023-01-30 15:15:34 146

原创 Saved the Best for Last(英文文章)

One last!

2023-01-28 14:10:17 73

原创 新春快乐,兔年大吉


2023-01-21 11:04:11 61

转载 Shoptop顺利通过atsec的PCI DSS年度合规评估,为出海品牌保驾护航 (转载)

Shoptop已为10w+客户提供了品效合一的出海服务,遍及宠物用品、电子产品、户外休闲、机械化工、家居园艺、假发美瞳、母婴产品、男女服饰、汽车配件、鞋子包包、珠宝首饰等众多行业,凭借服务团队的及时响应和专业高效的运营指导,客户好评率达到 98%。执行完成,通过针对持卡人数据安全环境范围内数据流程的梳理、采取脆弱性分析、文档审核、渗透测试、ASV弱点扫描以及实际配置和实现检查等方式执行,审查对象包括硬件、软件、操作和授权流程、涉卡人员、数据中心等诸多内容,总共。连续通过全球最高级别的支付安全标准认证,

2023-01-16 10:17:31 77

原创 Happy Birthday, atsec!(英文文章)

As always on the 11th of January atsec celebrates its birthday.This year it is the 23rd! As they say: time flies when your doing IT security!Our best wishes and thanks to all of the contributors: our customers, our partners, and our colleagues.

2023-01-11 15:03:03 51

原创 PCI DSS v4.0变更系列之十——新要求点统计

对于新要求的时间点要求,再次提醒如下:1、在2022年开始,所有合规机构均可以按照PCI DSS v4.0的要求进行合规认证。2、如果按v4.0的要求进行合规认证,所有对应于“立即生效”的要求点必须达到要求。3、理论上讲,所有标记为“2025年3月31日”的要求点(共51个)在2025年3月31日前可以按不适用处理。但仍然建议合规机构尽早研究和分析这些要求点,落实所对应的控制措施。

2022-12-30 13:27:23 197

原创 PCI DSS v4.0变更系列之九——第六大类要求点


2022-12-30 13:23:56 129

原创 PCI DSS v4.0变更系列之八——第五大类要求点


2022-12-30 13:23:07 133

原创 PCI DSS v4.0变更系列之七——第四大类要求点


2022-12-30 13:21:04 100

原创 PCI DSS v4.0变更系列之六——第三大类要求点


2022-12-30 12:22:23 149

原创 PCI DSS v4.0变更系列之五——第二大类要求点

要求4针对主账号的传输保护,进一步澄清了机构的内网与涉卡范围的持卡人数据有数据传输时,将使得这个内网需要进行PCI DSS要求的审核。如变为永久存储,应按要求进行加密保护。针对服务供应商分享密钥给客户用于账户数据的存储与传输时,要求记录并发布相应的指导文档,指导密钥的传输、存储及密钥的更新。在原4.1要求的基础上,增加了适用于保护主账号传输的证书的要求,要求证书处于有效状态,不应处于过期或调销状态。该要求参照了原12.3.10的要求,明确提出除了有明确的业务需要的情况外,实施技术手段限制卡号的拷贝与移动。

2022-12-30 12:17:45 90



TA创建的收藏夹 TA关注的收藏夹


取消 删除