Main

About

Contact

GRIFFIN Consulting

phillipgriffin.com

Information Security Consulting

Products

Software

Capabilities

Innovation

Patents Pending:

12370345 - Associating a Biometric Reference Template With a Radio Frequency Identification Tag
12370350 - Cancelable Biometric Reference Template Creation Event Journal Record
12370359 - Communicating a Privacy Policy Associated With a Biometric Reference Template
12370365 - Communicating a Privacy Policy Associated With a Radio Frequency Tag and Associated Object
12370379 - Generating a Cancelable Biometric Reference Template On Demand
12370334 - Privacy Preserving Biometric Reference Template Revocation Status Checking.

Publications:

Repository-Level Biometric Reference Template Attribute , IP.com Journal, January 22, 2009.
IBM invention IPCOM000178316D. This invention disclosure defines a compact attribute format aimed at minimal storage and transmission bandwidth while preserving unique identification of attribute content and ease of use. This compact attribute is appropriate for use in applications that may interact with mobile devices or rely on networks with limited bandwidth. It can also be used to improve the throughput of high volume transaction applications, such as those that involve Internet commerce. The reduced size of a compact attribute makes it ideal for use in cryptographic modules, such as smart cards, that may have a very limited storage capacity, or in information security management applications that may involve millions of biometric reference templates. In all these environments, smaller attributes reduce transaction bandwidth and consume less memory.
Cancelable Biometric Loyalty Template Services , IP.com Journal, January 14, 2009.
IBM invention IPCOM000178052D. This invention disclosure defines an a process and system that eliminates the need for an individual to submit to successive physical enrollments in order to participate in multiple biometric systems.
ISO 19092: A Standard for Biometric Security Management , ISSA Journal, January 2007.
"Organizations that rely on biometric technology need to protect and manage the security of their biometric assets. Biometric systems security and the management of biometric information security must become integrated into the organization's overall information security management program. This program should be based on policy defined to meet the business objectives of the organization, and a risk-based approach should be used to select and impose proper controls and monitor their effectiveness."
An important milestone for the financial services security - Public Key Infrastructure (PKI) Certificate Extensions, ISO Bulletin, May 2002.
"We live in a world that relies on computers and electronic networks. Governments and businesses and banks, in particular, count heavily on computerized processes for most, if not all, of their day-to-day activities. Financial services are a critical infrastructure that must be protected from disruption, even as these services become ever more exposed on public networks. In the new digital environment, a Public Key Infrastructure (PKI) ensures that sensitive electronic communications are private and protected from tampering."

White papers:

Key Commitment Using CMS In ECMQV Key Agreement , Raleigh ISSA Chapter, 2006:
This paper describes how to use Cryptographic Message Syntax (CMS) type DigestedData for key control in a key committment protocol during the key distribution procedure in an Elliptic Curve Menezes-Qu-Vanstone (ECMQV) key agreement scheme for key establishment. Annotated example messages generated using the GRIFFIN Consulting XCMS Toolkit are provided.

Course offerings:

GRIFFIN Consulting offers half day and full day training sessions in the topics listed below. These courses can be held in Raleigh, North Carolina, USA, or on site at your business location. All course materials have been created by Phil Griffin, who also leads these sessions. Contact GRIFFIN Consulting for scheduling and pricing information.

Course: C0001
Title: S/MIME - Basic Cryptographic Message Syntax (CMS)

Abstract: This course provides an introduction to Cryptographic Message Syntax (CMS) and XML CMS, and describes the history, application, message types, and notation used to provide data integrity, origin authentication, and data privacy services using digital signatures, message digests (hashes), and symmetric and asymmetric encryption of arbitrary content.
[Outline]
Course: C0002
Title: S/MIME - Advanced Cryptographic Message Syntax (CMS)

Abstract: This course extends the introduction to Cryptographic Message Syntax (CMS) and XML CMS, presenting advanced information on key management techniques for key establishment. Topics include signed data signature and verification processing, Diffie-Hellman and ECMQV key agreement techniques, and key control using a key commitment protocol. A brief review of introductory CMS concepts is also provided.
[Outline]
Course: C0003
Title: ASN.1 - Basic Abstract Syntax Notation One

Abstract: This course provides a basic introduction to Abstract Syntax Notation One (ASN.1) and presents useful types. The student is introduced to the concept of modules, object identification and the specification of XML values based on an abstract schema.
[Outline]
Course: C0004
Title: ASN.1 - Advanced Abstract Syntax Notation One

Abstract: This course extends the basic introduction to Abstract Syntax Notation One and presents concepts of information objects, classes and sets. Encoding rules commonly used in security protocols are described, including XML Encoding Rules (XER) and Distinguished Encoding Rules (DER).
[Outline]

Information Object Identifier Registry:

GRIFFIN Consulting maintains a registry of information object idetifiers and makes all OID assignments available to the public in the file: oidreg.txt. Identified information object identifiers are provided here for client enterprizes, examples, products, and other named objects.

GRIFFIN Consulting will provide your business with a unique OID for $ 300.00 (US). GRIFFIN Consulting will design and create an information object registry based on your new OID for an additional $ 200.00.