top of page

Guidance on PCI Card Production Compliance

Advised the client on PCI Card Production requirements for facilities used to prepare data for, imprint, and personalize credit and debit cards. Evaluated data center and physical security controls. Provided guidance on policies, procedures and physical security, and helped the client prepare for the formal PCI Card Production audit. #PCI #security

Code Signing Architecture for Software-Based PIN Entry on Android

Hardened cryptographic architecture for Android boot loader, firmware loader and application packaging to comply with the PCI Software-based PIN entry on COTS standard. Developed PKI infrastructure to support firmware and code signing. Traced Android boot loader code to identify gaps in Android security that needed to be addressed to comply with PCI requirements. #PCI #PKI #mobile #security

Cryptographic Key Distribution for a Payment Terminal Vendor

Developed cryptographic architecture for to support the distribution of third-party encryption keys to payment terminals in compliance with PCI PIN and PCI P2PE requirements. Supported the development and roll-out of the client's key distribution solution with key ceremonies and hands-on operation of PKI and HSM systems. #PKI #PCI #security #integration

PKI Architecture and Implementation for a Payment Vendor

Designed and implemented PKI infrastructure for a payment vendor, including Certificate Policy and Certification Practices Statements compliant with RFC 3647, EJBCA deployments on Linux, Windows Server 2012, and at AWS, using SafeNet and Thales HSMs. Developed and implemented key ceremony procedures for PCI PTS and PCI P2PE compliant certificate authorities. #PKI #PCI #security #integration #IoT

Certificate Authority Policies and Implementation for a Payment Terminal Manufacturer

Developed the certificate authority architecture, policies, and practices to allow testing, distribution and deployment of third-party applications on payment terminals. Provided technical support for the implementation of EJBCA and SafeNet HSMs at Amazon Web Services. Developed policies and procedures for HSMs used to distribute customer encryption keys to payment terminals. Proposed the certificate authority architecture for a wholesale upgrade of cryptographic functions fo

Security and Usability Assessment of Consumer Payments for a Leading Health Insurance Company

Assessed the security and usability of current and planned consumer payment facilities provided by a leading US health insurance company. The assessment benchmarked the payment facilities against best-in-class comparable third-party services and provided recommendations to improve the security and usability of consumer payments. The client used this assessment to support the shift from employer-sponsored health insurance plans to health insurance plans sold to individual cons

Projects: Blog2
bottom of page