SlideShare a Scribd company logo

Futurex Slides at ACI Exchange 2013, Boston

G
Greg Stone
Technology
1 of 11
Futurex. An Innovative Leader in Encryption Solutions. • For over 30 years, more than 15,000 customers worldwide • Hardware-based solutions with integrated applications provide the highest levels of compliance and security • Entrepreneurial culture, fostering agility and innovation in the development of hardware encryption solutions • Results-oriented engineering team based in our U.S. Technology Campus, with significant experience delivering First-to-Market Customer Initiatives • Members of ANSI X9F and PCI Security Standards Council bodies, CTGA-certified Solutions Architects
Enterprise Security Platform • Cardholder data encryption • Generate PINs & CVx codes • PCI compliance • P2PE and tokenization • Key management • Full support for EMV (chip) cards • Mobile payment solutions Scalable, Robust, and Cost-Effective Data Security Solutions
The Futurex Securus Distributed Transaction Processing Infrastructure Management • FIPS 140-2 Level 3-validated tablet device for remote configuration of Futurex solutions • PKI-secured remote loading of Master File Key • Rugged design for field usage • Fully portable, with Wi-Fi connectivity
Guardian9000 Secure, Cloud-Based Management for Core Cryptographic Infrastructure Guardian9000 Primary Site Backup / Disaster Recovery Site SMTP Server SNMP Server Host Server / Mainframe Guardian9000 Excrypt SSP9000 Hardware Security Module Excrypt SSP9000 Hardware Security Module Excrypt SSP9000 Hardware Security Module Excrypt SSP9000 Hardware Security Module
Guardian9000 Backup / Disaster Recovery HSM Site Guardian9000 Primary HSM Site Excrypt SSP9000 Excrypt SSP9000 Excrypt SSP9000 Excrypt SSP9000 Host Server / Mainframe Securus Kryptos TLS Server RKMS Series Certificate Authority Server Futurex Enterprise Security Platform - Detailed Overview HSM Firmware updates, settings, and Master File Key Firmware updates, settings, and Master File Key SKI9000 SAS9000Connections between HSM and host server TLS/SSL encrypted
Why Use Hardware Security Modules? • Prevents insider attack – Dual Control – Split Knowledge – Tamper Protection for Keys – Encryption Key Management • PCI Requirement • Certifications (FIPS, PCI HSM) 6
Role of HSM in EMV Data Preparation and Card Personalization Data Preparation • Key/certificate management for authentication, data integrity and issuer scripting • Offline and online PIN block generation for user authentication • SDA / DDA / CDA signatures (for offline validation) Integrated Circuit Card (ICC) or Smart Card Issuer Personalization Data Preparation Personalization • Key management for confidentiality, authentication, and data integrity • Protection of sensitive personalization data SSP9000 SSP9000
Role of HSM in EMV Online Card Validation During Transaction 1. Authentication request from POI to issuer Transaction Acquirer Payment Card Brand 3. Response Cryptogram 1. Request Cryptogram Card Issuer Point-of-Interaction Cardholder SSP9000 Host 2. Issuer validates request 3. Response from issuer to POI 2
The Role of HSMs in P2PE Protecting Data in Transit: Device Key Management • HSM for compliant key generation SKI Series Secure Injection Facility RKMS Series Datacenter Remote Device • Key lifecycle management • Remote or direct key injection Generate Distribute Track Usage Backup Revoke Terminate Archive
Role of HSM in P2PE Encryption, Decryption, Key Management & Tokens • Encryption and Decryption • Key Management = Encryption/Decryption = Data At Rest = Data In Transit Switch Host Merchant (POI) Acquirer Host DBSSP9000 HSM DB = Token • Tokens * Case Study available upon request
Futurex Enterprise Security Platform • Remote Access • Centralized Administration • High Availability • Redundant • Compliant • Secured • Customizable Primary Site HSM #1 HSM #2 Secure Management Server Redundant Failover HSM #1 HSM #2 Secure Management Server Secondary Site Direct Load Balancing Automatic Synchronization* (All devices designated as Production within group) Remote Access Device

Recommended

Futurex Secure Key Injection Solution
Futurex Secure Key Injection SolutionFuturex Secure Key Injection Solution
Futurex Secure Key Injection SolutionGreg Stone
 
P2PE Solutions From Futurex
P2PE Solutions From FuturexP2PE Solutions From Futurex
P2PE Solutions From FuturexGreg Stone
 
Understanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PEUnderstanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PEGreg Stone
 
RBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCRBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCCHARGE Anywhere
 
Key management
Key managementKey management
Key managementBrandon Byungyong Jo
 
P2PE - PCI DSS
P2PE - PCI DSSP2PE - PCI DSS
P2PE - PCI DSSControlCase
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSMNarudom Roongsiriwong, CISSP
 
HSM (Hardware Security Module)
HSM (Hardware Security Module)HSM (Hardware Security Module)
HSM (Hardware Security Module)Umesh Kolhe
 

Recommended

Futurex Secure Key Injection Solution
Futurex Secure Key Injection SolutionFuturex Secure Key Injection Solution
Futurex Secure Key Injection SolutionGreg Stone
 
P2PE Solutions From Futurex
P2PE Solutions From FuturexP2PE Solutions From Futurex
P2PE Solutions From FuturexGreg Stone
 
Understanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PEUnderstanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PEGreg Stone
 
RBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCRBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCCHARGE Anywhere
 
Key management
Key managementKey management
Key managementBrandon Byungyong Jo
 
P2PE - PCI DSS
P2PE - PCI DSSP2PE - PCI DSS
P2PE - PCI DSSControlCase
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSMNarudom Roongsiriwong, CISSP
 
HSM (Hardware Security Module)
HSM (Hardware Security Module)HSM (Hardware Security Module)
HSM (Hardware Security Module)Umesh Kolhe
 
Security Consideration for Set-top box SoC
Security Consideration for Set-top box SoCSecurity Consideration for Set-top box SoC
Security Consideration for Set-top box SoCWesley Li
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Security Innovation
 
Desklinc cut-sheet
Desklinc cut-sheetDesklinc cut-sheet
Desklinc cut-sheetssuserd861f31
 
Pki 201 Key Management
Pki 201 Key ManagementPki 201 Key Management
Pki 201 Key ManagementNCC Group
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
How to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneHow to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneArash Ramez
 
How to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewedHow to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewedArash Ramez
 
PCI DSS: Update on the evolution of the standard. MasterCard WorldWide
PCI DSS: Update on the evolution of the standard. MasterCard WorldWidePCI DSS: Update on the evolution of the standard. MasterCard WorldWide
PCI DSS: Update on the evolution of the standard. MasterCard WorldWideInternet Security Auditors
 
How to secure electronic passports
How to secure electronic passportsHow to secure electronic passports
How to secure electronic passportsRiscure
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure codeFlaskdata.io
 
MQTT: A lightweight messaging platform for IoT
MQTT: A lightweight messaging platform for IoTMQTT: A lightweight messaging platform for IoT
MQTT: A lightweight messaging platform for IoTAlejandro Martín Clemente
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataPrecisely
 
SmartWorld- What we Do!
SmartWorld- What we Do!SmartWorld- What we Do!
SmartWorld- What we Do!SmartWorld Exports
 
Act500
Act500Act500
Act500Adit Group
 
Provable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain TransactionsProvable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain TransactionsRivetz
 
Cryptomach_En
Cryptomach_EnCryptomach_En
Cryptomach_Ende77
 
Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]SISA Information Security Pvt.Ltd
 
Develop and/or Secure your IoT project, see how MU-Electronics can help you
Develop and/or Secure your IoT project, see how MU-Electronics can help youDevelop and/or Secure your IoT project, see how MU-Electronics can help you
Develop and/or Secure your IoT project, see how MU-Electronics can help youMohamad CHEHADI
 
Act1000
Act1000Act1000
Act1000Adit Group
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoArash Ramez
 
Vanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmapVanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmapHai Nguyen
 
eMCA Suite
eMCA SuiteeMCA Suite
eMCA SuiteKalyana Sundaram
 

More Related Content

What's hot

Security Consideration for Set-top box SoC
Security Consideration for Set-top box SoCSecurity Consideration for Set-top box SoC
Security Consideration for Set-top box SoCWesley Li
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Security Innovation
 
Pki 201 Key Management
Pki 201 Key ManagementPki 201 Key Management
Pki 201 Key ManagementNCC Group
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
How to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneHow to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneArash Ramez
 
How to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewedHow to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewedArash Ramez
 
PCI DSS: Update on the evolution of the standard. MasterCard WorldWide
PCI DSS: Update on the evolution of the standard. MasterCard WorldWidePCI DSS: Update on the evolution of the standard. MasterCard WorldWide
PCI DSS: Update on the evolution of the standard. MasterCard WorldWideInternet Security Auditors
 
How to secure electronic passports
How to secure electronic passportsHow to secure electronic passports
How to secure electronic passportsRiscure
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure codeFlaskdata.io
 
MQTT: A lightweight messaging platform for IoT
MQTT: A lightweight messaging platform for IoTMQTT: A lightweight messaging platform for IoT
MQTT: A lightweight messaging platform for IoTAlejandro Martín Clemente
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataPrecisely
 
Provable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain TransactionsProvable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain TransactionsRivetz
 
Cryptomach_En
Cryptomach_EnCryptomach_En
Cryptomach_Ende77
 
Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]SISA Information Security Pvt.Ltd
 
Develop and/or Secure your IoT project, see how MU-Electronics can help you
Develop and/or Secure your IoT project, see how MU-Electronics can help youDevelop and/or Secure your IoT project, see how MU-Electronics can help you
Develop and/or Secure your IoT project, see how MU-Electronics can help youMohamad CHEHADI
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoArash Ramez
 

What's hot (20)

Security Consideration for Set-top box SoC
Security Consideration for Set-top box SoCSecurity Consideration for Set-top box SoC
Security Consideration for Set-top box SoC
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)
 
Desklinc cut-sheet
Desklinc cut-sheetDesklinc cut-sheet
Desklinc cut-sheet
 
Pki 201 Key Management
Pki 201 Key ManagementPki 201 Key Management
Pki 201 Key Management
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
How to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneHow to do Cryptography right in Android Part One
How to do Cryptography right in Android Part One
 
How to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewedHow to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewed
 
PCI DSS: Update on the evolution of the standard. MasterCard WorldWide
PCI DSS: Update on the evolution of the standard. MasterCard WorldWidePCI DSS: Update on the evolution of the standard. MasterCard WorldWide
PCI DSS: Update on the evolution of the standard. MasterCard WorldWide
 
How to secure electronic passports
How to secure electronic passportsHow to secure electronic passports
How to secure electronic passports
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
 
MQTT: A lightweight messaging platform for IoT
MQTT: A lightweight messaging platform for IoTMQTT: A lightweight messaging platform for IoT
MQTT: A lightweight messaging platform for IoT
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i Data
 
SmartWorld- What we Do!
SmartWorld- What we Do!SmartWorld- What we Do!
SmartWorld- What we Do!
 
Act500
Act500Act500
Act500
 
Provable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain TransactionsProvable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain Transactions
 
Cryptomach_En
Cryptomach_EnCryptomach_En
Cryptomach_En
 
Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]
 
Develop and/or Secure your IoT project, see how MU-Electronics can help you
Develop and/or Secure your IoT project, see how MU-Electronics can help youDevelop and/or Secure your IoT project, see how MU-Electronics can help you
Develop and/or Secure your IoT project, see how MU-Electronics can help you
 
Act1000
Act1000Act1000
Act1000
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part Two
 

Similar to Futurex Slides at ACI Exchange 2013, Boston

Vanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmapVanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmapHai Nguyen
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017Micro Focus
 
Payment Card Industry Security Standards
Payment Card Industry Security StandardsPayment Card Industry Security Standards
Payment Card Industry Security StandardsAshintha Rukmal
 
Embedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment IndustryEmbedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment IndustryNarudom Roongsiriwong, CISSP
 
eSmartLock CER 2005 show Brussels
eSmartLock CER 2005 show BrusselseSmartLock CER 2005 show Brussels
eSmartLock CER 2005 show BrusselsYiannis Hatzopoulos
 
RSA Secur id for windows
RSA Secur id for windowsRSA Secur id for windows
RSA Secur id for windowsarpit06055
 
Bank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security ThreatsBank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security ThreatsMichelle Morgan-Nelsen
 
Ynamono Hs Lecture
Ynamono Hs LectureYnamono Hs Lecture
Ynamono Hs Lectureynamoto
 
Lisa Shipley (Fraud & AML Stream)- Extending the PCI Boundary to Reduce Fraud
Lisa Shipley (Fraud & AML Stream)- Extending the PCI Boundary to Reduce FraudLisa Shipley (Fraud & AML Stream)- Extending the PCI Boundary to Reduce Fraud
Lisa Shipley (Fraud & AML Stream)- Extending the PCI Boundary to Reduce FraudKnowledge Group
 
iEmbed product_service_portfolio_2016
iEmbed product_service_portfolio_2016iEmbed product_service_portfolio_2016
iEmbed product_service_portfolio_2016Hemant Shah
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security ElementsEurotech
 
Network Design and Security Best Practices
Network Design and Security Best PracticesNetwork Design and Security Best Practices
Network Design and Security Best PracticesMike Sherwood
 
Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Risk Crew
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Chris Ryu
 

Similar to Futurex Slides at ACI Exchange 2013, Boston (20)

Vanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmapVanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmap
 
eMCA Suite
eMCA SuiteeMCA Suite
eMCA Suite
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
 
PCI DSS for Pentesting
PCI DSS for PentestingPCI DSS for Pentesting
PCI DSS for Pentesting
 
Payment Card Industry Security Standards
Payment Card Industry Security StandardsPayment Card Industry Security Standards
Payment Card Industry Security Standards
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
 
Embedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment IndustryEmbedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment Industry
 
eSmartLock CER 2005 show Brussels
eSmartLock CER 2005 show BrusselseSmartLock CER 2005 show Brussels
eSmartLock CER 2005 show Brussels
 
RSA Secur id for windows
RSA Secur id for windowsRSA Secur id for windows
RSA Secur id for windows
 
Bank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security ThreatsBank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security Threats
 
Ynamono Hs Lecture
Ynamono Hs LectureYnamono Hs Lecture
Ynamono Hs Lecture
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
 
Pci dss-for-it-providers
Pci dss-for-it-providersPci dss-for-it-providers
Pci dss-for-it-providers
 
Lisa Shipley (Fraud & AML Stream)- Extending the PCI Boundary to Reduce Fraud
Lisa Shipley (Fraud & AML Stream)- Extending the PCI Boundary to Reduce FraudLisa Shipley (Fraud & AML Stream)- Extending the PCI Boundary to Reduce Fraud
Lisa Shipley (Fraud & AML Stream)- Extending the PCI Boundary to Reduce Fraud
 
iEmbed product_service_portfolio_2016
iEmbed product_service_portfolio_2016iEmbed product_service_portfolio_2016
iEmbed product_service_portfolio_2016
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security Elements
 
Network Design and Security Best Practices
Network Design and Security Best PracticesNetwork Design and Security Best Practices
Network Design and Security Best Practices
 
Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891
 
Widepoint orc thales webinar 111313d - nov 2013
Widepoint orc thales webinar 111313d - nov 2013Widepoint orc thales webinar 111313d - nov 2013
Widepoint orc thales webinar 111313d - nov 2013
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...
 

Recently uploaded

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Recently uploaded (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 

Futurex Slides at ACI Exchange 2013, Boston

  • 1. Futurex. An Innovative Leader in Encryption Solutions. • For over 30 years, more than 15,000 customers worldwide • Hardware-based solutions with integrated applications provide the highest levels of compliance and security • Entrepreneurial culture, fostering agility and innovation in the development of hardware encryption solutions • Results-oriented engineering team based in our U.S. Technology Campus, with significant experience delivering First-to-Market Customer Initiatives • Members of ANSI X9F and PCI Security Standards Council bodies, CTGA-certified Solutions Architects
  • 2. Enterprise Security Platform • Cardholder data encryption • Generate PINs & CVx codes • PCI compliance • P2PE and tokenization • Key management • Full support for EMV (chip) cards • Mobile payment solutions Scalable, Robust, and Cost-Effective Data Security Solutions
  • 3. The Futurex Securus Distributed Transaction Processing Infrastructure Management • FIPS 140-2 Level 3-validated tablet device for remote configuration of Futurex solutions • PKI-secured remote loading of Master File Key • Rugged design for field usage • Fully portable, with Wi-Fi connectivity
  • 4. Guardian9000 Secure, Cloud-Based Management for Core Cryptographic Infrastructure Guardian9000 Primary Site Backup / Disaster Recovery Site SMTP Server SNMP Server Host Server / Mainframe Guardian9000 Excrypt SSP9000 Hardware Security Module Excrypt SSP9000 Hardware Security Module Excrypt SSP9000 Hardware Security Module Excrypt SSP9000 Hardware Security Module
  • 5. Guardian9000 Backup / Disaster Recovery HSM Site Guardian9000 Primary HSM Site Excrypt SSP9000 Excrypt SSP9000 Excrypt SSP9000 Excrypt SSP9000 Host Server / Mainframe Securus Kryptos TLS Server RKMS Series Certificate Authority Server Futurex Enterprise Security Platform - Detailed Overview HSM Firmware updates, settings, and Master File Key Firmware updates, settings, and Master File Key SKI9000 SAS9000Connections between HSM and host server TLS/SSL encrypted
  • 6. Why Use Hardware Security Modules? • Prevents insider attack – Dual Control – Split Knowledge – Tamper Protection for Keys – Encryption Key Management • PCI Requirement • Certifications (FIPS, PCI HSM) 6
  • 7. Role of HSM in EMV Data Preparation and Card Personalization Data Preparation • Key/certificate management for authentication, data integrity and issuer scripting • Offline and online PIN block generation for user authentication • SDA / DDA / CDA signatures (for offline validation) Integrated Circuit Card (ICC) or Smart Card Issuer Personalization Data Preparation Personalization • Key management for confidentiality, authentication, and data integrity • Protection of sensitive personalization data SSP9000 SSP9000
  • 8. Role of HSM in EMV Online Card Validation During Transaction 1. Authentication request from POI to issuer Transaction Acquirer Payment Card Brand 3. Response Cryptogram 1. Request Cryptogram Card Issuer Point-of-Interaction Cardholder SSP9000 Host 2. Issuer validates request 3. Response from issuer to POI 2
  • 9. The Role of HSMs in P2PE Protecting Data in Transit: Device Key Management • HSM for compliant key generation SKI Series Secure Injection Facility RKMS Series Datacenter Remote Device • Key lifecycle management • Remote or direct key injection Generate Distribute Track Usage Backup Revoke Terminate Archive
  • 10. Role of HSM in P2PE Encryption, Decryption, Key Management & Tokens • Encryption and Decryption • Key Management = Encryption/Decryption = Data At Rest = Data In Transit Switch Host Merchant (POI) Acquirer Host DBSSP9000 HSM DB = Token • Tokens * Case Study available upon request
  • 11. Futurex Enterprise Security Platform • Remote Access • Centralized Administration • High Availability • Redundant • Compliant • Secured • Customizable Primary Site HSM #1 HSM #2 Secure Management Server Redundant Failover HSM #1 HSM #2 Secure Management Server Secondary Site Direct Load Balancing Automatic Synchronization* (All devices designated as Production within group) Remote Access Device

Editor's Notes

  1. Don’t over elaborate on any one topic, keep this broad and quick
  2. Emphasize that a Secure Cryptographic Device as defined by PCI is an HSM with FIPS 140-2 Level 3 and PCI HSM certification.Accredited Standards Committee X9 (ASC) standards can be found at www.x9.org.Dual Control with Split Knowledge - Process of utilizing two or more separate entities (usually persons) or mechanisms operating in concert to protect sensitive functions or information such that no entity has knowledge of nor can derive the protected information as a whole. This information may be cryptographic keys or other information used to protect underlying cryptographic keys.
  3. Issuer scripts can also be updated, and the HSM is used to mac (sign) these scripts and encrypt if they contain sensitive dataInsert into terminal - chip and terminal perform risk assessment - defined by EMV tags/profile by issuerDynamic cryptogram created passed to issuer through acquirer and brandsIssuer validates and may send response cryptogram to chip so chip can auth the issuerMA between chip and issuerARPC is generally not performed because card is removed by time response arrivesChanges to terminal, messaging and authorization process3 components on card - chip os, each card vendor sell os to issue (prop or open) Multos is openEMV is a broad set of standards with many optionsEach brand has slightly diff implementation for contactless and contactVISA paywave, VSDC for contact MC PayPassWhat form of verification - online or offline - stab at time of personalization of the chipThe terminal is like the chip - every terminal has own os, each vendor has implemented an EMV kernel - baseline logic required to accept EMV cards, each model of terminal has to be certified by EMVco.
  4. Tactical Benefits of Remote KeySignificantly quicker replacement of keysDecreased cost for replacement of keysReduced cost of TR-39 audit preparationStrategic Benefits of Remote KeyOn-demand replacement for compromised keysEasier key management Increased security during key replacementCardholder data to be encrypted is PAN, cardholder name, service code, expiration date, which is defined by PCI DSS.Sensitive authentication data is full mag stripe, CAV2/CVC2/CVV2/CID, PIN, encrypted PIN blockBDK = Base Derivation KeyKSN = Key Serial NumberDIK = DUKPT Initial Key
  5. Remote AccessHigh AvailabilityCentralized AdministrationHigh Capacity Secure StorageSecure Connections