David McGregor

Lab Manager, PCI Accredited Lab, UL

Mr. McGregor is the manager of the PCI accredited labs within UL. UL has four accredited labs, providing evaluation services for PTS, SPoC, CPoC, 3DS SDK, and other non-PCI security evaluations. Over his 11 years in the security test lab, Mr. McGregor has been involved in many PCI SPoC and CPoC projects, and has contributed to the requirements for both PCI SPoC, CPoC and PTS. Mr. McGregor has a background in software development and embedded hardware projects.

David McGregor's Events

Technical Challenges in Designing CPoC and SPoC Solutions

Date: Wednesday, October 27

Presented by: David McGregor, Lab Manager, PCI Accredited Lab, UL

After evaluating a number of CPoC and SPoC solutions, UL has observed a number of common issues. This talk discusses some of the more problematic SPoC/CPoC requirements and potential solutions.
  • Application layer cryptography, not relying upon TLS
  • Key provisioning using forward secrecy
  • Key storage and processing
  • Local vs. remote attestation
  • Random number generation
  • Detecting ADB and developer options