PALO ALTO, Calif. - PIN Payments News Blog - February 11, 2010 - Voltage Security™, the global leader in end-to-end data protection, today announced that Cryptographic Assurance Services, LLC (CAS), a leader in cryptographic compliance consulting, has completed an independent security review of Voltage's innovative Format-Preserving Encryption used in numerous end-to-end encryption implementations around the world. Voltage End-to-End Encryption, part of the Voltage SecureData(tm) product line, conforms to the complete list of Visa’s global industry best practices for data field encryption, published on October 5th, 2009. The Visa best practices are designed to further the payment industry's efforts to develop a common, open standard while providing guidance to encryption vendors and early adopters. Data field encryption, also known as end-to-end encryption, protects card information from the swipe to the acquirer processor so that the merchant is no longer processing or transmitting card data in the "clear."
CAS was asked to evaluate Format-Preserving Encryption (FPE) as a mode of the Advanced Encryption Standard (AES). CAS evaluated the mathematical model on which it was based and the associated proofs of security. CAS also reviewed a source-code instantiation of FPE provided by Voltage Security. CAS identified applicable compliance regimes and assessed FPE against them.
In its finding, CAS noted the large body of cryptographic research on which FPE is based, accumulated over decades, and the strength of the mathematical proofs and cryptanalysis. CAS concluded that FPE as implemented in the form of the AES mode FFX3 meets the compliance criteria for PCI DSS v1.2 encryption requirements and for Visa’s Data Field Encryption requirements, making Voltage Security’s Format-Preserving Encryption solutions suitable for use by organizations needing to comply. AES mode FFSEM is a sub mode of AES mode FFX and included in this assessment.
The complete report is available at www.voltage.com/security-review, registration required.
About Cryptography Assurance Services
CAS is a team of security professionals with over 50 years of combined experience. The CAS experience covers a wide range of technologies addressing confidentiality, integrity, authentication and non-repudiation with emphasis on cryptography and key management. CAS has been, and is still today, involved in developing X9, ISO and other industry security standards and providing assurance services to gain compliance to such standards.
About Voltage Security
Voltage Security, Inc., an enterprise security company, is an encryption innovator and global leader in end-to-end data protection. Voltage solutions, based on next generation cryptography, provide end-to-end encryption, tokenization, masking and stateless key management for protecting valuable, regulated and sensitive information based on policy. Voltage products enable reduction in PCI audit scope with rapid implementation and the lowest total cost of ownership in the industry through the use of award-winning cryptographic solutions, including Voltage Identity-Based Encryption™ (IBE) and a new breakthrough innovation: Format-Preserving Encryption™ (FPE). Offerings include Voltage SecureMail™, Voltage SecureData™, Voltage SecureFile™ and the Voltage Security Network™ (VSN), an on-demand managed service for the extended business network.
As a service to the industry and general public, the company maintains the Voltage Data Breach Index and Map which is continuously updated with global data breach information: www.voltage.com/data-breach. The Company has been issued several patents based upon breakthrough research in mathematics and cryptographic systems. Customers include Global 1000 companies in banking, retail, insurance, energy, healthcare and government. To learn more about Voltage customers and sign up for the customer news letter please visit www.voltage.com/customers.