Gemalto Safenet Solution for Payments and Transactions
 

Point-to-Point Encryption (P2PE) for Cost Effective PCI DSS Compliance

For years now, the Payment Card Industry Security Standards Council (PCI SSC) has been the driving force behind the definition, articulation, and enforcement of security requirements for the payments industry. The PCI SSC has developed several standards, including the PCI Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.

The same organization also defined PCI Point-to-Point Encryption (P2PE) standards. Through these standards, the PCI SSC details how providers of P2PE solutions can validate their solutions, and how, by leveraging these validated solutions, merchants can reduce the scope of their PCI DSS assessments.

Reducing the Cost of PCI DSS

Larger merchants may have hundreds or thousands of stores, which will mean there are thousands of point-of-sale (POS) systems and PIN entry devices (PEDs) that will be in scope and must be brought into compliance. Achieving and maintaining compliance is a complex, time consuming and costly process.

Simply by deploying a P2PE-compliant PED devices, merchants can effectively remove their stores from the scope of PCI DSS compliance. Consequently, for the vendors that serve the merchant community, delivering P2PE-compliant offerings to market can present a massive opportunity.

Leveraging HSMs for P2PE Compliance

The P2PE standard includes a number of requirements relating to the use of Hardware Security Modules (HSM) for encryption, decryption, and key management. Only a small number of vendors have the ability to offer P2PE-compliant solutions, and the SafeNet Payment HSM has played a key role in helping these vendors bringing their P2PE solutions to market.

SafeNet Payment HSM

SafeNet Payment HSM (formerly Luna EFT) is a network-attached hardware security module (HSM) designed for retail payment system processing environments for credit, debit, e-purse and chip cards, as well as internet payment applications.

"In developing the Solve DataShield offering, it was vital that we effectively comply with all the relevant PCI P2PE standards, including robust key management policies. Gemalto SafeNet Luna EFT HSMs delivered all the security capabilities that were required, while providing a platform that we could deploy quickly and manage efficiently."

- Nick Stacey, Dir. of Business & Market Operations at The Logic Group

Secure Digital Signatures

Companies from around the world and various industries are moving towards digital signing to comply with regulations, expedite business processes, and reduce operational costs.

By adopting digital signature processes, companies are able to reduce waiting time, save money, provide copies to all parties, create archives, increase security through digital encryption, and meet compliance requirements.

SafeNet Solutions for Secure Digital Signing

In conjunction with leading partners, SafeNet solutions guarantee signer authenticity and the data integrity of electronic documents in a manner that is secure and easy to deploy and manage.

The combination of this solution enables the strongest utilization of digital signatures and provides the advantages of:

• Streamlined Business Processes
• Paperless Office
• Non-Repudiation
• High Assurance
• Compliance

Digital Signing with Hardware Security Modules

Protecting digital signatures from compromise requires mechanism to secure the cryptographic keys at the heart of the digital signatures themselves. If the cryptographic keys associated with the digital signatures are in any way compromised, the entire Bankline Direct infrastructure will be compromised. For this reason, many organizations use hardware security modules (HSMs) to protect the private keys used for digital signatures.

Digital Signing Use Cases

SafeNet Digital Signing solutions are often used to secure:

DNS Server Security

To ensure the validity of DNS services, DNSSEC employs public key cryptography to digitally sign DNS messages. Therefore, to realize the security required, robust protection of private signing keys is vital.

Smart Grid Security

Building a trusted smart grid requires robust security solutions that can be easily deployed at the communication and application layers of the smart grid infrastructure.

Code Signing Security

Today, many software marketplaces, including mobile app stores, require code to be compliant with specific digital signing requirements. In order to effectively secure private keys used in code signing, it is vital for organizations to leverage hardware security modules (HSMs).

Electronic Invoicing Security

Digital signatures, powered by encryption and public key infrastructure (PKI), represent the means for establishing trust in electronic invoices.

Document Signing with PKI Smart Cards and Tokens

As organizations move from paper toward digital business processes and initiatives, Gemalto PKI solutions are secure, portable, and simple-to-use solution that streamlines business processes and reduces the time and costs associated with traditional paper-based document signing. Gemalto users can digitally sign documents, files, forms, and transactions anywhere using SafeNet eTokens or IDPrime smart cards as the Secure Signature Creation Device (SSCD) to ensure compliance with regulatory requirements, and seamlessly transition towards a paperless office environment.

Partner Spotlight: Adobe LiveCycle Document Security

SafeNet Hardware Security Modules provide industry-based best practices hardware to enhance protection of the signing and encryption digital certificates used by Adobe® LiveCycle™ Document Security. By securing the certificates that protect corporate identities, SafeNet HSMs ensure that the digital identity of documents is secure throughout the corporate workflow.

Benefits of Digital Signatures with SafeNet HSMs:

• Ensure integrity of documents
• Secure electronic tracking and storage
• Scale to accommodate high volumes of documents
• Enhance security and ensure compliance
• Reduce costs
• FIPS validated and Common Criteria Certified

"Security is so important to our clients. We needed a solution that would provide the level of trust our customers were demanding. Gemalto solutions not only provided the security we were looking for but did so in a way that won’t hinder the development and expansion of our business. Our overall experience was very positive."

Maxim Shelemekh
Head of IT Risk and Control
ProminvestBank

Bring Trust to Blockchain with Gemalto

Within a permissioned blockchain transactions are validated and processed by participants that are already recognized by the ledger. Even though this is the case, there is still a challenge and issue of trust. How can one ensure the blockchain is secure and trustworthy in order to avoid the substantial impact of a cyberattack? The answer is by building security into your blockchain technology from the start, through strong authentication and cryptography key vaulting.

SafeNet's Hardware Security Modules (HSMs) and Authentication services can help you secure blockchain in the following three areas:

• Provide strong identities and authentication to gain access to the blockchain;
• Secure core blockchain technologies; and
• Secure communications across the blockchain network.

Gemalto Blockchain Solutions

As many as 90% of enterprise blockchain projects launched this year will meet a premature end within 18 to 24 months. Don’t get caught in the same situation. Ensure you build security into your solution from the ground up, always storing your keys in hardware.

SafeNet Luna Network HSMs are designed to store the private keys used by blockchain members to sign all transactions in a FIPS 140-2 Level 3 dedicated cryptographic processor. Keys are stored throughout their lifecycle, ensuring cryptographic keys cannot be used by unauthorized devices or people. Cryptographic keys kept in software are at risk of theft which compromises the entire blockchain ledger.

SafeNet ProtectServer HSMs, like the SafeNet Luna Network HSMs, are designed to protect cryptographic keys against compromise while providing encryption, signing, and authentication services. Execute your own blockchain Functionality Modules (FMs) within the secure confines of the FIPS 140-2 Level 3 certified hardware.

SafeNet Authentication Service (SAS) will substantially reduce your total cost of operation and tailor authentication to meet your unique needs with this fully automated, highly-secure authentication-as-a service with flexible token options.

About Blockchain

• Blockchain is a distributed database that provides a secure, yet transparent way to make, record and verify any type of transaction.
• Transaction does not have to be financial; it is simply any type of transfer between two parties that typically would require a third party to authenticate each party and broker the exchange.
• Blockchain eliminates the need for centralized control – instead all transactions are decentralized, and verified by the blockchain database itself in the distributed ledger.
• Contrary to the most popular use case, blockchain technologies don’t only secure financial transactions – in fact they can be used to track and verify any kind of digital asset, as well as code or smart contracts.

Benefits of Blockchain

• Eliminate the need for centralized control and the additional costs
• Trust is distributed between blockchain members
• Transactions are digitally signed using an asset owner public/private key pair
• Once recorded, data in a block cannot be altered retroactively
• Open, distributed ledgers record transactions between two parties efficiently and in a verifiable and permanent way
• Transactions don’t have to be just data – they can also be code or smart contracts

Top 3 Popular Blockchain Use Cases

#1 Cryptocurrency

Risk: Encrypted digital currencies identify the currency itself, but not its owner. Whoever holds the coin's encryption key owns the currency. This means that when a coin is stolen, it's gone—and you have no way of getting it back.
Solution: Storing your encryption keys in a FIPS-validated root of trust is critical to ensuring you own your keys and ultimately your cryptocurrency.

#2 Smart Contracts

Risk: A smart contract is a computer program that describes an agreement with the ability to self-execute and enforce the terms of a contract. If the blockchain is breached, a smart contract can be altered, breaking the trust of the blockchain and removing the ability for two parties to conduct business without the need for a middleman.
Solution: Securely self-execute the terms of a contract with anonymous parties through strong authentication and storing your encryption keys in a hardware root of trust, ensuring the parties are properly identified and that no one can access your data.

#3 Internet of Things (IoT)

Risk: The restrictions imposed by a traditional central-authority trust model have helped make the IoT vulnerable. Most notably Mirai-style botnets, which recently allowed hackers to easily take over thousands of IoT devices. Only protecting the IoT devices with default passwords allowed hackers to launch Distributed Denial of Service (DDoS) attacks.
Solution: Blockchain helps secure the IoT by providing a distributed trust model. The blockchain removes the single-point-of-failure, in turn enabling device networks to protect themselves in other ways, for example by allowing the nodes within a given network to quarantine any nodes that start behaving unusually.

Gemalto Blockchain Partners:

Gemalto has partnered with industry-leading blockchain and cryptocurrency partners to provide enterprise-grade solutions for securing transactions. Together with partners such as Ledger, BitGo, and Symbiont, Gemalto is protecting the way industries are conducting business, bringing efficiency and establishing trust. Gemalto also supports multiple blockchain applications including Bitcoin, Hyperledger, Ethereum, Altcoins, Monero, and more.

Let us help

With all of the uncertainty about blockchain, the abundance of standards and protocols, and moving from a centralized to decentralized platform, getting started with Blockchain is challenging and intimidating at best. Avoid joining the myriad of blockchain organizations that are failing at implementing blockchain technology. Contact Gemalto to determine how you too can benefit from Blockchain, and learn how Gemalto’s HSM and SAS solutions can keep your transactions secure.

In our webinar, “Blockchain for payments: Experience on the ground”, we speak to some of the leading operators in the blockchain payments space to learn more about their experience to date and what they see for the future of blockchain payments.