www.phillipgriffin.com
Information Security Consulting
+1 . 919 . 291 . 0019 | phil@phillipgriffin.com | Copyright © 2006, Phillip H. Griffin. All rights reserved. | Privacy Policy
Publications:
-
ISO 19092: A Standard for
Biometric Security Management , ISSA Journal, January 2007.
"Organizations that rely on biometric technology need to protect and
manage the security of their biometric assets. Biometric systems security
and the management of biometric information security must become integrated
into the organization's overall information security management program.
This program should be based on policy defined to meet the business objectives
of the organization, and a risk-based approach should be used to select
and impose proper controls and monitor their effectiveness."
-
An important milestone
for the financial services security - Public Key Infrastructure (PKI)
Certificate Extensions, ISO Bulletin, May 2002.
"We live in a world that relies on computers and electronic networks.
Governments and businesses and banks, in particular, count heavily on
computerized processes for most, if not all, of their day-to-day activities.
Financial services are a critical infrastructure that must be protected
from disruption, even as these services become ever more exposed on public
networks. In the new digital environment, a Public Key Infrastructure
(PKI) ensures that sensitive electronic communications are private and
protected from tampering."
White papers:
-
Key Commitment Using CMS
In ECMQV Key Agreement , Raleigh ISSA Chapter, 2006:
This paper describes how to use Cryptographic Message Syntax (CMS) type
DigestedData for key control in a key committment protocol during
the key distribution procedure in an Elliptic Curve Menezes-Qu-Vanstone
(ECMQV) key agreement scheme for key establishment. Annotated example
messages generated using the GRIFFIN Consulting
XCMS Toolkit are provided.
Course offerings:
GRIFFIN Consulting offers half
day and full day training sessions in the topics listed below. These courses can be held
in Raleigh, North Carolina, USA, or on site at your business location. All course materials
have been created by Phil Griffin, who also leads these sessions.
Contact GRIFFIN Consulting for
scheduling and pricing information.
-
Course: C0001
Title: S/MIME - Basic Cryptographic Message Syntax (CMS)
Abstract:
This course provides an introduction to Cryptographic Message Syntax (CMS)
and XML CMS,
and describes the history, application, message types, and notation used to
provide data integrity, origin authentication, and data privacy services using
digital signatures, message digests (hashes), and symmetric and asymmetric
encryption of arbitrary content.
[Outline]
-
Course: C0002
Title: S/MIME - Advanced Cryptographic Message Syntax (CMS)
Abstract:
This course extends the introduction to Cryptographic Message Syntax (CMS) and XML CMS,
presenting advanced information on key management techniques for key establishment.
Topics include signed data signature and verification processing, Diffie-Hellman and ECMQV
key agreement techniques, and key control using a key commitment protocol. A brief review of
introductory CMS concepts is also provided.
[Outline]
-
Course: C0003
Title: ASN.1 - Basic Abstract Syntax Notation One
Abstract: This course provides a basic introduction to Abstract Syntax Notation One (ASN.1)
and presents useful types. The student is introduced to the concept of modules,
object identification and the specification of XML values based on an abstract schema.
[Outline]
-
Course: C0004
Title: ASN.1 - Advanced Abstract Syntax Notation One
Abstract: This course extends the basic introduction to Abstract Syntax Notation One
and presents concepts of information objects, classes and sets. Encoding rules
commonly used in security protocols are described, including XML Encoding Rules (XER)
and Distinguished Encoding Rules (DER).
[Outline]