Di Li

Principal Consultant, atsec (Beijing) information security Co., Ltd

As Principal Consultant of atsec, Di has worked in information security for more than 15 years, and performed the PCI DSS, SSF, PIN Security, P2PE assessments for many entities, such as banks, third party payment systems and POS manufacturers. As the NIST certified FIPS 140-3 tester, he has performed most of the FIPS 140-2/3 module validations of Chinese vendors. In addition, he also takes participate into the Common Criteria consulting and evaluation projects for smartphone manufacturers.

Di Li's Events

Our “Key” Experience in PIN Security / P2PE / FIPS 140-3

Date: Wednesday, 15 November

Presented by: Di Li, Principal Consultant, atsec (Beijing) information security Co., Ltd

Regarding key generation, the paper discusses the generation requirements and methods defined in each of the three standards, compares the differences, and provides a rationale for why each standard requires a different approach. The section on key distribution and key establishment explores the different methods of securely transferring a key from one party to another. The paper defines each of these methods and provides common scenarios where they apply. The paper also provides several methods for key destruction, such as physical destruction, and logical cryptographic zeroization.