atsec’s Yan Liu Speaks at the 2011 China Cryptographic IC Analysis and Evaluation Conference
2011-09-23Shenzhen, China - Yan Liu, Principal Consultant at atsec information security, was invited to deliver a presentation titled ”Protecting Cryptographic Chips by Introducing Best Practices and Evaluation Scheme” at the 2011 China Cryptographic IC Analysis and Evaluation Conference in Shenzhen on September 16th 2011.
Liu began his talk with a general introduction of international information security standards and evaluation schemes with regard to cryptographic chips, and continued with risk management principles mentioned in Common Criteria. He then emphasized the requirements of cryptographic algorithms and modules according to the FIPS 140-2 standard. Finally he compared the requirements in Common Criteria and FIPS 140-2 and summarized the similarities between the two standards.
As a principal consultant for atsec information security, Yan Liu is the PCI DSS (Data Security Standards) QSA (Qualified Security Assessor) and PA (Payment Application) DSS QSA accredited by the PCI Security Standards Council. Liu has more than a decade of professional experience in the IT security field, with a focus on cryptographic algorithms, security protocols and systems, privacy protection, and Digital Rights Management (DRM). For the last few years he has been working on compliance implementation and assessment, and also gained experience in designing, implementing, and assessing the security of application systems, especially in the financial field.
The conference was hosted by the Chinese Association for Cryptologic Research. This event attracted many specialists and scholars in the field of cryptographic chip analysis and testing, including technical departments from the industry, foreign and domestic testing and evaluation facilities, chip and application software vendors, as well as related academic organizations. The participants discussed the newest academic achievements, engineering hot topics, industry dynamics, and development trends.
About atsec information security
atsec information security is an independent, standards-based information technology security services company with offices in the U.S., Germany, Sweden, and China. atsec's services include formal laboratory testing and evaluation of information assurance (IA) and IA-enabled commercial off the shelf (COTS) information technology, as well as information security consultancy.
atsec offers evaluation and testing services leading to formal certification of information security technology, including evaluations under Common Criteria schemes in the U.S., Germany, and Sweden. In addition, the atsec US organization operates a Cryptographic and Security Testing Laboratory accredited under the Cryptographic Module Validation and the Cryptographic Algorithm Validation Programs of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada for validating cryptographic modules under the FIPS 140-2 standard.
atsec is also an experienced Payment Card Industry (PCI) Security Standards Council Qualified Security Assessor (QSA), Approved Scanning Vendor (ASV), and Payment Application Qualified Security Assessor (PA-QSA) and accredited as a third-party auditor for the North American Security Products Organization (NASPO).
We work with leading global companies such as Apple, IBM, Hewlett-Packard, Honeywell, Quantum Corporation, Red Hat, NationZ, Huawei, and ZTE Corporation.
