SlideShare ist ein Scribd-Unternehmen logo
1 von 28
Encryption,[object Object],vs,[object Object],Tokenisation,[object Object],Witham Laboratories,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 1,[object Object]
Agenda,[object Object],Protecting Cardholder Data,[object Object],Cryptography and Tokenisation 101,[object Object],What’s the difference?,[object Object],Format Preserving Encryption,[object Object],P2PE and TRSM Standards 101,[object Object],Australian P2PE Implementations,[object Object],PCI SSC P2PE Activity,[object Object],Auditing Encryption and Tokenisation,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 2,[object Object]
Protecting Cardholder Data,[object Object],PCI DSS scope = all systems which store/process/transmit card data,[object Object],Render sensitive elements inaccessible,[object Object],PAN, track data, online PIN block, CVV2,[object Object],Req. 3.4 (storage), 4.1 (transmission),[object Object],Prevents exposure of card data,[object Object],Comms / storage does not reveal card data,[object Object],Prevents line tapping / memory attacks,[object Object],Encryption & tokenisation referenced,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 3,[object Object]
Cryptography 101,[object Object],Encryption is a keyed reversible function,[object Object],Output ‘looks’ different to input data,[object Object],Generally encrypts data in ‘blocks’,[object Object],Use standardised encryption algos,[object Object],AES, TDES, ECC, RSA,[object Object],Security is dependant on the ‘key’,[object Object],The key is just a ‘big’ number,[object Object],Good key management is vital,[object Object],‘Attack surface’ = key and use of key,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 4,[object Object]
Tokenisation 101,[object Object],Replace PAN with a ‘reference number’,[object Object],Same format, ‘looks’ like card data ,[object Object],PAN not necessary after the transaction,[object Object],Token can be used instead,[object Object],Minimises access to card data,[object Object],Tokenisation system can ‘restore’ PAN,[object Object],Tokenisation is a reversible process,[object Object],How is this done?,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 5,[object Object]
Tokenisation 101,[object Object],Lots of different tokenisation methods,[object Object],Cryptography, look-up, proprietary,[object Object],What are the pros / cons of each???,[object Object],Beware systems based on global secrets,[object Object],Exploit one system, expose many,[object Object],‘Attack surface’ depends on:,[object Object],Method of tokenisation used,[object Object],Systems involved in tokenisation method,[object Object],Tokenisation and encryption share some similarities …,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 6,[object Object]
Encryption - Visualisation,[object Object],Encryption maps an value from the input domain to a value in the output domain,[object Object],0,[object Object],0,[object Object],Encryption Algo,[object Object],Input domain,[object Object],Output domain,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Key,[object Object],2(block size),[object Object],2(block size),[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 7,[object Object]
Encryption - Visualisation,[object Object],Different input values have different output values, based on the value and the key,[object Object],0,[object Object],0,[object Object],Encryption Algo,[object Object],Input domain,[object Object],Output domain,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Key,[object Object],2(block size),[object Object],2(block size),[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 8,[object Object]
Encryption - Visualisation,[object Object],Changing the key changes the output values for the same input values,[object Object],0,[object Object],0,[object Object],Encryption Algo,[object Object],Input domain,[object Object],Output domain,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Key,[object Object],2,[object Object],2(block size),[object Object],2(block size),[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 9,[object Object]
Encryption - Visualisation,[object Object],The key, and the use of the key, define the attack surface – the algorithm is public ,[object Object],0,[object Object],0,[object Object],Encryption Algo,[object Object],Input domain,[object Object],Output domain,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Key,[object Object],2,[object Object],2(block size),[object Object],2(block size),[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 10,[object Object]
Tokenisation - Visualisation,[object Object],Tokenisation is similar –input values mapped to output values based on secret(s),[object Object],Lowest PAN value,[object Object],Lowest PAN value,[object Object],Tokenisation System,[object Object],Input domain,[object Object],Output domain,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],??Key,[object Object],DB,[object Object],Server,[object Object],Highest PAN Value,[object Object],Highest PAN Value,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 11,[object Object]
Tokenisation - Visualisation,[object Object],Here the attack surface is not as well defined – it may be a key, DB, server, or other,[object Object],Lowest PAN value,[object Object],Lowest PAN value,[object Object],Tokenisation System,[object Object],Input domain,[object Object],Output domain,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],??Key,[object Object],DB,[object Object],Server,[object Object],Highest PAN Value,[object Object],Highest PAN Value,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 12,[object Object]
What’s the difference?,[object Object],Similarities?,[object Object],1:1 reversible mapping of input ↔ output,[object Object],Security dependant on secret(s),[object Object],Differences?  For encryption:,[object Object],Lots of study, security standards/products,[object Object],Well known attack methods & mitigations,[object Object],May not ‘play nice’ with existing systems,[object Object],Tokenisation: no standards, little study,[object Object],But compatible …    Compromise?,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 13,[object Object]
Format Preserving Encryption,[object Object],‘Normal’ encryption assumes all data is all unformatted binary data,[object Object],Any formatting is ‘lost’ during encryption,[object Object],Problem for format dependant systems,[object Object],Eg databases, existing protocols, data capture devices (eg PINPads),[object Object],Format preserving encryption (FPE) = encryption without loss of formatting,[object Object],Combines encryption & tokenisation,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 14,[object Object]
FPE Common Features,[object Object],Feistel cipher construction,[object Object],Round function = AES, Triple DES,[object Object],Systems may modify inputs for each round,[object Object],Round fn. output trunc’d to FPE block size,[object Object],Remap input/round fn. output as required,[object Object],Encrypt with multiple Feistel rounds,[object Object],# rounds, re-mapping – depends on cipher,[object Object],These details can be important … ,[object Object],May only encrypt middle digits of a PAN,[object Object],Ensures card type and luhn check still valid,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 15,[object Object]
Feistel Cipher,[object Object],For any round ‘n’,[object Object],Repeat as necessary …,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 16,[object Object]
FPE Algorithm Example,[object Object],EG: Encrypt PAN4123456789012349,[object Object],[object Object]
 Discard Luhn checkMod10 addition,[object Object],Output PAN = 4748232137547657,[object Object],[object Object]
 Recalculate Luhn checkWitham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 17,[object Object]
Encryption Implementations,[object Object],FPE most often used in (DB) servers,[object Object],Provides ‘transparent’ encryption and used for tokenisation,[object Object],FPE increasingly a feature in PINPad SW,[object Object],Also in encrypting MSRs, credit terminals,[object Object],Encrypt data without ‘breaking’ POS SW,[object Object],Encryption of comms for PCI DSS,[object Object],Called ‘Point to Point Encryption’ (P2PE),[object Object],FPE not always used / required,[object Object],What standards exist?,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 18,[object Object]
P2PE Standards 101,[object Object],ISO 10894*,[object Object],“Procedures for Message Encipherment”,[object Object],ANSI X9.119* ,[object Object],“Protection of Sensitive Data between Device and Acquiring System”,[object Object],PCI SSC: PTS v3 ‘SRED’ & P2PE reqs*,[object Object],Localised/industry associations and SIGs,[object Object],SPVA, ATMIA, PCI SIGs, Visa & MC, AS2805.9,[object Object],Secure HW (TRSM) is often required,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 19,[object Object]
TRSM Standards 101,[object Object],FIPS140-2: Four approval levels (1 – 4),[object Object],L1 generally for SW only – no HW security,[object Object],L2 some tamper evident HW security,[object Object],L3 provides some tamper response,[object Object],L4 full security envelope (hardest level),[object Object],PCI PTS (previously PCI PED),[object Object],v1 & v2 = PIN security only, v3 has SRED,[object Object],APCA PED covers PIN security,[object Object],From 2010 requires AS2805.9 keys,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 20,[object Object]
Australian EFTPOS Standard(s),[object Object],AS2805 = Aus. Standard for EFTPOS,[object Object],Key management, encryption, message formats, payment processing,[object Object],Each bank has their own ‘interpretation’,[object Object],AS2805.9 defines message encryption,[object Object],AS2805.6.x defines key management,[object Object],Unique per transaction (AS2805.6.2),[object Object],Unique each day / 256 trans (AS2805.6.4),[object Object],AS2805.6.5.3 for RSA key loading,[object Object],Watch your key lengths!,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 21,[object Object]
AS2805.9,[object Object],Encryption of each EFTPOS message,[object Object],Extract non-sensitive elements,[object Object],Encrypt whole message with TDES OFB,[object Object],Stream mode of TDES; XOR with key (not FPE),[object Object],Replace non-sensitive elements and send,[object Object],Things to be aware of:,[object Object],OFB: same key = same key stream  ,[object Object],Same key stream on different transactions allows for recovery of transmitted data,[object Object],AS2805.6.4 keeps same key for many trans,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 22,[object Object]
PCI SSC P2PE Activity,[object Object],Released ‘Initial Roadmap: P2PE Technology and PCI DSS Compliance’,[object Object],Referenced SRED standard for devices,[object Object],Discussed release of audit reqs in 2011,[object Object],Development is ongoing (under NDA),[object Object],What can I talk about?,[object Object],SRED is designed for securing card data,[object Object],PCI PIN reqs cover key management,[object Object],2011 will be an interesting year …,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 23,[object Object]
What is SRED?,[object Object],SRED stands for “Secure Reading and Exchange of Data”,[object Object],“Data” refers to Card Holder Data,[object Object],A module of the PCI PTS v3.0 standard,[object Object],PTS = PIN Transaction Security,[object Object],Applies to devices that provide “account data protection” functionality,[object Object],Encryption at Point Of Interaction (POI),[object Object],Expect to hear more about SRED soon,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Slide No. 24,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object]
SRED Device Block Diagram,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Slide No. 25,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object]
Audit of Encryption Solutions,[object Object],What encryption algo & modes?,[object Object],Beware anything not AES, TDES, ECC, RSA,[object Object],Key management – who and how?,[object Object],Dual control and split knowledge,[object Object],Unique keys per device/use ,[object Object],Key sizes and IVs for stream cipher modes,[object Object],Encryption in TRSM?  What standard?,[object Object],Are you sure??  HW, FW, App, context,[object Object],Where is plaintext card data accessible?,[object Object],All possible inputs / outputs?  Whitelists?,[object Object],Witham Laboratories,[object Object],1/842 High Street,[object Object],East Kew 3102,[object Object],Melbourne,[object Object],Australia,[object Object],Ph: +61 3 9846 2751,[object Object],Fax: +61 3 9857 0350,[object Object],Rambla de Catalunya,[object Object],38, 8 planta,[object Object],08007 Barcelona,[object Object],Spain,[object Object],Ph: +34 93 184 27 88,[object Object],Email: lab@withamlabs.com,[object Object],PCI PTS  PCI PIN  PCI DSS  PA-DSS,[object Object],Witham Laboratories,[object Object],Building Confidence in Payment Systems,[object Object],Slide No. 26,[object Object]

Weitere ähnliche Inhalte

Ähnlich wie Encryption vs tokenisation (for share)

Securing embedded systems (for share)
Securing embedded systems (for share)Securing embedded systems (for share)
Securing embedded systems (for share)AndrewRJamieson
 
Encryptionvstokenisationforshare
EncryptionvstokenisationforshareEncryptionvstokenisationforshare
EncryptionvstokenisationforshareAndrewRJamieson
 
Hellermann Tyton Fibre Optic, Telecom & Copper Products
Hellermann Tyton Fibre Optic, Telecom & Copper ProductsHellermann Tyton Fibre Optic, Telecom & Copper Products
Hellermann Tyton Fibre Optic, Telecom & Copper ProductsThorne & Derrick International
 
Wearable Wristband for Workplace Safety during Covid-19 Pandemic
Wearable Wristband for Workplace Safety during Covid-19 PandemicWearable Wristband for Workplace Safety during Covid-19 Pandemic
Wearable Wristband for Workplace Safety during Covid-19 PandemicSaibal Bishnu
 
2019 Network Test Measurement | Catalog Siwali
2019 Network Test Measurement | Catalog Siwali2019 Network Test Measurement | Catalog Siwali
2019 Network Test Measurement | Catalog SiwaliPT. Siwali Swantika
 
AMSEC DHS Bourke Street Data Sheet
AMSEC DHS Bourke Street Data SheetAMSEC DHS Bourke Street Data Sheet
AMSEC DHS Bourke Street Data SheetPaul Harrison J.P.
 
Ccd spectroradiometer-integrating-sphere-compact-system-for-led-7000vis
Ccd spectroradiometer-integrating-sphere-compact-system-for-led-7000visCcd spectroradiometer-integrating-sphere-compact-system-for-led-7000vis
Ccd spectroradiometer-integrating-sphere-compact-system-for-led-7000vis世满 江
 
Data Centre Optimization
Data Centre OptimizationData Centre Optimization
Data Centre Optimization6PM Solutions
 
PINsafe by SWIVEL
PINsafe by SWIVELPINsafe by SWIVEL
PINsafe by SWIVELajldr
 
30052909 ifu magellan7-0_english_v1_1
30052909 ifu magellan7-0_english_v1_130052909 ifu magellan7-0_english_v1_1
30052909 ifu magellan7-0_english_v1_1Nguyen Hien
 
China Telecom - China Data Centers
China Telecom - China Data CentersChina Telecom - China Data Centers
China Telecom - China Data CentersBrian Trentacost
 
0015-D17V4 PLC Application Notes
0015-D17V4 PLC Application Notes0015-D17V4 PLC Application Notes
0015-D17V4 PLC Application NotesTristan King
 
Facility monitoring system; ATU3
Facility monitoring system; ATU3Facility monitoring system; ATU3
Facility monitoring system; ATU3Linkwise Technology
 

Ähnlich wie Encryption vs tokenisation (for share) (20)

Securing embedded systems (for share)
Securing embedded systems (for share)Securing embedded systems (for share)
Securing embedded systems (for share)
 
Encryptionvstokenisationforshare
EncryptionvstokenisationforshareEncryptionvstokenisationforshare
Encryptionvstokenisationforshare
 
Mobile payments v1 1
Mobile payments v1 1Mobile payments v1 1
Mobile payments v1 1
 
Hellermann Tyton Fibre Optic, Telecom & Copper Products
Hellermann Tyton Fibre Optic, Telecom & Copper ProductsHellermann Tyton Fibre Optic, Telecom & Copper Products
Hellermann Tyton Fibre Optic, Telecom & Copper Products
 
Wearable Wristband for Workplace Safety during Covid-19 Pandemic
Wearable Wristband for Workplace Safety during Covid-19 PandemicWearable Wristband for Workplace Safety during Covid-19 Pandemic
Wearable Wristband for Workplace Safety during Covid-19 Pandemic
 
Portable pH Meter for Process Measurement
Portable pH Meter for Process MeasurementPortable pH Meter for Process Measurement
Portable pH Meter for Process Measurement
 
Mk9500
Mk9500Mk9500
Mk9500
 
Atel Value Proposition
Atel Value PropositionAtel Value Proposition
Atel Value Proposition
 
2019 Network Test Measurement | Catalog Siwali
2019 Network Test Measurement | Catalog Siwali2019 Network Test Measurement | Catalog Siwali
2019 Network Test Measurement | Catalog Siwali
 
AMSEC DHS Bourke Street Data Sheet
AMSEC DHS Bourke Street Data SheetAMSEC DHS Bourke Street Data Sheet
AMSEC DHS Bourke Street Data Sheet
 
Cryptography&Security
Cryptography&SecurityCryptography&Security
Cryptography&Security
 
Ccd spectroradiometer-integrating-sphere-compact-system-for-led-7000vis
Ccd spectroradiometer-integrating-sphere-compact-system-for-led-7000visCcd spectroradiometer-integrating-sphere-compact-system-for-led-7000vis
Ccd spectroradiometer-integrating-sphere-compact-system-for-led-7000vis
 
Data Centre Optimization
Data Centre OptimizationData Centre Optimization
Data Centre Optimization
 
PINsafe by SWIVEL
PINsafe by SWIVELPINsafe by SWIVEL
PINsafe by SWIVEL
 
Helix Nebula: Ajudant al desenvolupament científic europeu
Helix Nebula: Ajudant al desenvolupament científic europeuHelix Nebula: Ajudant al desenvolupament científic europeu
Helix Nebula: Ajudant al desenvolupament científic europeu
 
30052909 ifu magellan7-0_english_v1_1
30052909 ifu magellan7-0_english_v1_130052909 ifu magellan7-0_english_v1_1
30052909 ifu magellan7-0_english_v1_1
 
Catalogo general unitronics 2010
Catalogo general unitronics 2010Catalogo general unitronics 2010
Catalogo general unitronics 2010
 
China Telecom - China Data Centers
China Telecom - China Data CentersChina Telecom - China Data Centers
China Telecom - China Data Centers
 
0015-D17V4 PLC Application Notes
0015-D17V4 PLC Application Notes0015-D17V4 PLC Application Notes
0015-D17V4 PLC Application Notes
 
Facility monitoring system; ATU3
Facility monitoring system; ATU3Facility monitoring system; ATU3
Facility monitoring system; ATU3
 

Kürzlich hochgeladen

Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 

Kürzlich hochgeladen (20)

Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 

Encryption vs tokenisation (for share)

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.