phillipgriffin.com

Information Security Consulting


phil@phillipgriffin.com | Copyright © 2006-2016, Phillip H. Griffin. All rights reserved. | Privacy Policy


Biography Standards Speaking Service

Biography

Phillip H. Griffin, CISM specializes in secure messaging and information assurance technologies. Phil is an ISSA Fellow with over 25 years IT experience, with more than 15 years of progressive information security experience in both commercial software development and security consulting, including two years as a Senior Managing Consultant in the IBM Security and Privacy Services practice. Phil holds a Batchelor of Science in Computer Science from North Carolina State University and a Masters in Information Assurance and Security from Capella University. As principal of GRIFFIN Consulting in Raleigh, NC, his responsibilities included secure protocol analysis, design and implementation; IT security standards design and development; software project management; and definition of ISMS policy. His public speaking experience includes the RSA, CardTech/SecurTech, Digital ID World, and the IBM Academy of Technology Biometrics conferences, and events in the USA, Europe and Asia. Phil is an IBM 2nd Tier Inventor and has five patents and two patents pending in the areas of biometric information security management and identity mangement that were filed in 2009 by IBM.

As technical adviser to Visa International, Phil helped pioneer development of the first secure Internet payment transaction protocol to be adopted by major payment card brands, Visa, MasterCard and American Express. Phil co-founded the OASIS consortium Security Joint Committee to promote inter operable, secure industry solutions, and was twice elected as its Chair. Working with leading international experts, Phil conceived the concept of Abstract Syntax Notation as a schema definition language, an idea that led to creation of XML Encoding Rules and new markets for ASN.1-based standards and tools. As a consultant to Motorola, Phil designed a compact, domain certificate for use in limited resource mobile/wireless, smart card, and high transaction volume environments. His design achieved more than a 50% size reduction over similar X.509 certificates, and was adopted as a US financial services security standard, X9.68.

Phil has broad expertise in the area of cryptographic technology, its applications and underlying standards, covering public key cryptography and symmetric key algorithms. He has developed secure products and system solutions incorporating access control, RSA and ECDSA digital signature schemes, X.509 certificates, and standard secure transfer and messaging protocols including SSL, SHTTP, S/MIME CMS, and SOAP for application areas including wireless, biometrics and secure electronic commerce. Phil has been an active member of the ANSI X9F Financial Services Data and Information Security subcommittee and has served as Chair and Vice Chair of its working groups. He has worked closely with government and industry leaders to develop numerous national and international security standards for cryptographic messaging, biometric information security management, digital certificates, time stamping, and trusted transactions for network-enabled devices.

Phil has served as X9F4 liaison to The Open Group Identity Management (IdM) Forum. He has also served as Liaison Officer between SC27 and ISO TC68/SC2, and editor of the ISO 22895 and ISO 19092 standards, and as a rapporteur responsible for advancing the ISO/IEC 24760 Framework for Identity management standard, and as rapporteur of ISO/IEC JTC 1/SC27 Biometrics Security and ASN.1 study periods. In the past, he has served as US Head of Delegation to international security standards meetings, and as Chair of the US Technical Advisory Group to SC27. Phil has contributed to the 2010 revision of the X9.84 biometric information management and security standard and recently served as editor for a revision of the X9.73 Cryptographic Message Syntax - ASN.1 and XML formats standard.