|
|
|||||||
| [PCI-DSS] Requirement 3: Protect stored cardholder data Encryption is a critical component of cardholder data protection. If an intruder circumvents other network security controls and gains access to encrypted data, without the proper cryptographic keys, the data is unreadable and unusable to that person. Other effective methods of protecting stored data should be considered as potential risk mitigation opportunities. For example, methods for minimizing risk include not storing cardholder data unless absolutely necessary, truncating cardholder data if full PAN is not needed, and not sending PAN in unencrypted e-mails. |
 |
|
|
Thread Tools | Search this Thread | Display Modes |
|
#2
04-08-2010, 04:20 PM
|
|||
|
|||
http://www.net-security.org/article.php?id=1185
The following is a sample set of encryption key management procedures for a fictitious application. These can be used as a guide to create encryption key management documentation for other applications that would be compliant with PCI DSS requirement 3.6. Last edited by Serge; 04-08-2010 at 08:52 PM. 
|
|
#3
04-26-2010, 01:22 PM
|
|||
|
|||
|
I cannot understand one thing connected to this and to 3.6.6 Split knowledge and establishment of dual control of cryptographic keys.
The master key is encrypted with a passwords in two parts that are only known from different persons. But when the application starts this two parts should be provided. How? Do they need a physical access to one and the same terminal? Or to have secure connection one after another? So lets suppose the two parts of the password for the master key is provided in some way to the application. Then can the application keep this password in the memory and use it every time it needs to decrypt the master key? Or does it need to decrypt the master key only once and then keep it clear in memory? Or does it needs to decrypt all real data encryption keys and keep them in memory? What about automatic restarts? The application I have in my mind is Web server so it runs all the time but some times it needs to be restarted (for example we had some crashes of the JVM in the night). I hope someone with better knoweadge can answer this? We expect soon to go to the procedure of certification for PCI-DSS but we are not sure about this questions. Best regards, George
|
|
#4
05-03-2010, 08:32 AM
|
|||
|
|||
|
Master Key
The sample policy in the post just before yours is pretty not bad. The Master Encryption Key (or Key Encrypting Key) should never be in the clear at all. If you read the sample policy from the post before yours it says "unreadable format." The master key needs to not be openly visible if someone were to compromise the machine in some way. Obviously it needs to be used to decrypt the various data encryption keys, so you will need to use some method of obfuscation within your application.
The method of entering the two parts of the password is not set in stone - each person entering part at one terminal or from separate apps are each fine. The point is to keep the separation. And yes, they will need to do this for each restart.
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Linear Mode
