File:OWASPSanAntonio 2006 06 Crypto Content.pdf

Cryptography Transitions are defined as "Managing the passage from one cryptographic architecture to another in a methodical approach that is consistent with prudent business practices and security guidelines." This talk will first discuss the technology issues that precipitate a transition; guiding principles to conduct a transition; the transition process itself; and briefly review several case studies. Next, the talk will introduce the ANSI accredited standards committee X9 that develops cryptography and security standards for the financial services industry. Finally, the talk will focus on applying cryptography in a Web application environment, the corresponding key management issues, review the Visa CISP requirements; and industry current practices (not so good), industry best practices (better), what industry should be doing.