2010-06-06 Sunday - Cryptography Resources

Some recent design work in the area of securing data-at-rest, and data-in-motion - particularly in relation to the requirements for Payment Card Industry (PCI) [i.e. credit/debit card information, bank account information, etc.] and Personal Information / Highly Confidential Data (i.e. social security number, driver license, passport, etc.) has raised my awareness of some new regulatory and legal compliance challenges (new MA law: Chapter 82 of the Acts of 2007) in designing security into an effective architecture.

State Security Breach Notification Laws

A few resources that may be of interest to others working on similar efforts:

PCI Quick Reference Guide

http://www-03.ibm.com/security/cryptocards/


http://domino.research.ibm.com/comm/research_projects.nsf/pages/security.index.html


http://www-03.ibm.com/security/products/cryptotools.shtml



































































2010-06-12 Update:
I came across this link today (via Slashdot):
Computing with Secrets, but Keeping them Safe

In 2009 Craig Gentry of IBM published a cryptographic proof that was that rare thing: a true breakthrough. He showed that it was possible to add and multiply encrypted data to produce a result that--when decrypted--reveals the result of performing the same operations on the original, unencrypted data. It's like being able to answer a question without knowing what the question is.

Called "fully homomorphic encryption," it has been dubbed the holy grail of cryptography.