论文和白皮书
atsec员工的专业知识是被公认的:我们是诸多国际组织的成员、会议的讲演者、以及书籍和论文的作者。
如下是我们一些报告和发表物。
主题 | 事件 / 媒体 | 作者 / 讲演者 |
---|---|---|
PCI产业概述和产业发展动态分享 |
Paper | Haiwei Bai |
PCI DSS针对恶意脚本防范的新要求及其方案探讨 |
Paper | Dongsheng Tang |
PCI PIN标准相关截止时间的解读以及近期重要信息 |
Paper | Zhipeng Zhang |
atsec CST实验室2023年12月简报(英文)
|
Newsletter | atsec |
PCI 3DS 技术常见问题解答(FAQ)简介
|
Paper | Jinyun Chen |
atsec CST实验室2022年12月简报(英文)
|
Newsletter | atsec |
PCI卡片生产和供应的安全标准V3.0.1变更说明及合规流程
|
Paper | Jinyun Chen |
PCI DSS v4.0变更系列之十——新要求点统计
|
Paper | Xiangdong Gao |
PCI DSS v4.0变更系列之九——第六大类要求点
|
Paper | Xiangdong Gao |
PCI DSS v4.0变更系列之八——第五大类要求点
|
Paper | Xiangdong Gao |
PCI DSS v4.0变更系列之七——第四大类要求点
|
Paper | Xiangdong Gao |
PCI DSS v4.0变更系列之六——第三大类要求点
|
Paper | Xiangdong Gao |
PCI DSS v4.0变更系列之五——第二大类要求点
|
Paper | Xiangdong Gao |
PCI DSS v4.0变更系列之四——第一大类要求点
|
Paper | Xiangdong Gao |
PCI DSS v4.0变更系列之三——通过“定制方法”增加标准灵活性
|
Paper | Xiangdong Gao |
PCI DSS v4.0变更系列之二——主体章节的变更情况说明
|
Paper | Xiangdong Gao |
PCI DSS v4.0变更系列之一——变更概述
|
Paper | Xiangdong Gao |
PCI 3DS核心安全标准助力线上交易-为支付安全保驾护航
|
Paper | Jinyun Chen and Yan Liu |
感受2021年度PCI GCF
|
Paper | Yan Liu |
8位长度银行卡BIN码在PCI DSS中的实践
|
Paper | Di Li |
PA-DSS到PCI SSF标准的过渡
|
Paper | Li Zhang |
适用于应用软件的PCI DSS合规要求
|
Paper | Xiangdong Gao |
PCI产业标准家族和相关体系发展动态
|
Paper | Haiwei Bai |
atsec CST实验室2020年9月简报(英文)
|
Newsletter | atsec |
浅谈PCI DSS标准要求的渗透测试
|
Paper | Li Zhang |
PIN Security的标准简介
|
Paper | Zhipeng Zhang |
A PCI Walk In The Clouds
|
PCI AP Community Meeting | Todd Xie, Cathy Wang (Tecent Cloud), Yan Liu |
Chinese Commercial Cryptography Scheme and ISO_IEC 19790 |
Paper | Di Li |
商户和服务提供商分级和验证要求
|
Paper | Haiwei Bai |
基于PCI DSS的云用户数据安全标准白皮书(简版)
|
White Paper | atsec与腾讯云 |
应用《网络设备安全保证计划》来提高电 信设备的安全保障 |
Paper | Zhipeng Zhang and Yan Liu |
下一代密码模块安全标准探讨
|
Paper | Di Li |
PCI DSS V3.2再回首 ——谈谈在2018年强制执行的要求 |
Paper | Guohua Shen and Xiangdong Gao |
参考PCI最佳实践合规GDPR个人数据保护 |
Paper | Haiwei Bai and Yan Liu |
PCI DSS V3.2变更分析 |
Paper | Xiangdong Gao |
全球支付卡安全产业动态 |
支付技术及信息安全研讨会 | Yan Liu |
支付产业数据安全保护机制 |
支付技术及信息安全研讨会 | Di Li |
Improving Policy based Security Specifications |
2015 Community Meetings |
Gordon McIntosh |
PCI DSS合规建设ASV扫描介绍 |
Paper | Jinyun Chen and Changlong Wang |
atsec Newsletter China 05/2015 |
Newsletter | |
国际CC认证体系和CCRA简介 |
Paper | Yan |
PA DSS 3.0标准更新解读 |
Paper | Li Zhang |
采用OTTPS保护 供应链安全 |
Paper | Todd and Yan |
PCI SSC 2014CM Payment Security In China |
2014 Community Meetings |
Yan Liu |
atsec Newsletter China 01/2014 |
Newsletter | |
PCI DSS标准V3.0变更分析 |
Paper | Xiangdong Gao |
ISO's Cryptographic Module Work |
White Paper | Fiona Pattinson |
Implementation and assessment on cryptography for payment solutions |
ICMC 2013 | Yan Liu |
atsec Newsletter China 04/2013 |
Newsletter | |
atsec Newsletter China 12/2012 |
Newsletter | |
Mobile Payment Solution |
13th ICCC | Yan Liu |
浅谈信用卡收单机构和发卡机构PCI DSS合规 |
Paper | Yan Liu |
Why and How to Get Cryptographic Modules FIPS Validated |
Whitepaper | Yi Mao |
Understanding Information Entropy |
Whitepaper | Yi Mao |
IT Security Evaluation in China |
13th ICCC | Yi Mao |
Experience with OSPP Evaluations |
13th ICCC | Krummeck |
atsec Newsletter China 08/2012 |
Newsletter | |
众人拾柴火焰高,共筑支付安全 |
Paper | Haiwei Bai |
atsec移动支付安全方案简介 |
CMIS 2012 | Yan Liu |
atsec Newsletter China 04/2012 |
Newsletter | |
Is your randomness predictable? (or, how to properly seed crypto libraries) |
BSides Austin 2012 | Ochel |
atsec Newsletter USA 04/2012 |
Newsletter | |
水涨船高,我眼中的外部安全扫描 |
Paper | Changlong Wang & Jinyun Chen |
Common Criteria and Packages |
Whitepaper | Pattinson |
atsec Newsletter Germany 02/2011 |
Newsletter | various |
FRITSA: Do You Understand How all of your IT Security Assurance Efforts fit Together? |
ISSA Austin | Fiona Pattinson |
atsec Newsletter China 12/2011 |
Newsletter | various |
中国产品迎来FIPS 140丰收年 |
Paper | Haiwei Bai |
从研发角度理解CC |
Paper | Li Zhang |
参考OWASP实现安全开发 |
Paper | Xiangdong Gao |
迎接支付安全的挑战,期待支付安全的春天 |
Paper | Yan Liu & Jinyun Chen |
PCI DSS合规建设ASV扫描介绍 |
Paper | Jinyun Chen |
如何高效地执行信息安全风险评估 |
Paper | Xiangdong Gao |
感受第十二届国际CC会议 |
Paper | Haiwei Bai & Yan Liu |
渗透测试助力PCI DSS合规建设 |
Paper | Jinyun Chen |
采用NASPO标准进行风险管理 |
Paper | Li Zhang |
Evaluating Third-Party Code: How Can It Be Trusted? |
12th ICCC | Cavness |
From FIPS 140-2 to CC |
12th ICCC | Yi Mao |
Fighting the Bean Counters |
12th ICCC | Krummeck |
An Access Control Model for Applications on Mobile Devices using |
12th ICCC | Kurth, Huynh |
atsec Newsletter USA 07/2011 |
Newsletter | various |
atsec Newsletter Germany 04/2011 |
Newsletter | various |
atsec Newsletter Germany 08/2011 |
Newsletter | various |
atsec Newsletter China 09/2011 |
Newsletter | various |
atsec Newsletter China 06/2011 |
Newsletter | various |
Penetration Testing as an Auditing Tool |
ISACA Austin Meeting | Jeremy Powell |
移动支付领域安全建设的参考标准 |
China Mobile Payment Industry Summit | Jinyun Chen |
atsec Newsletter China 03/2011 |
Newsletter | various |
Penetration Testing as an Auditing Tool |
ISACA Austin Meeting | Jeremy Powell |
Payment Card Industry Assessments & Privacy |
IAPP Austin | Pattinson |
atsec Newsletter USA 02/2011 |
Newsletter | various |
PCI DSS数据安全标准V2.0变更分析 |
Paper | Xiangdong Gao |
atsec Newsletter Germany 01/2011 |
Newsletter | various |
SCAP标准简介 |
IETF79 | Li Zhang |
Inherent Problems in the Information Technology Supply Chain |
26th ACSAC poster session | Courtney Cavness |
atsec Newsletter USA 12/2010 |
Newsletter | various |
atsec Newsletter China 11/2010 |
Newsletter | various |
Building the IBM 4758 Secure Coprocessor |
IBM Research Publications | Weingart et al. |
What to expect from a PCI QSA led assessment |
Presentation | Fiona Pattinson |
Migrating to OSPP |
11th ICCC Conference | Krummeck, Penny, Robinson |
Improving the Flexibility and Applicability of Protection Profiles |
11th ICCC Conference | Helmut Kurth |
Becoming a CNAS Laboratory |
11th ICCC Conference | Yi Mao |
atsec Newsletter Germany 09/2010 |
Newsletter | various |
atsec Newsletter US 07/2010 |
Newsletter | various |
Are You Prepared to Successfully Pass a PCI-DSS and/or a FISMA Certification Assessment? |
SHARE Conference | Pattinson |
Making Sure of Security: Contrasting FISMA and ISO/IEC 27001 |
White Paper | Pattinson |
atsec Newsletter US 02/2010 |
Newsletter | various |
Payment Card Industry Compliance For Large Computing Systems |
White Paper | various |
atsec Newsletter Germany 12/2009 |
Newsletter | various |
Secure Network Zones |
ISSE 2009 | Wimmer |
Evidence based Evaluations Chances and Challenges |
10th ICCC | Kurth |
Trusting Virtual Trust |
10th ICCC | Powell |
Taking White Hats to the Laundry: How to Strengthen Testing in CC |
10th ICCC | Vassilev |
An Attack Surface based Approach to Evaluation |
10th ICCC | Kurth |
atsec Newsletter Germany 08/2009 |
Newsletter | various authors |
Heiter bis Wolkig |
iX - 5/2009 | Mueller |
Secure Coding Guidelines |
White paper | Shiralkar, Grove |
Penetration Testing in der Praxis |
Talk at FH BRS | Wienzek |
FIPS 140-2 DTR XML Templates |
ZIP archive | Masino |
Introducing Assurance Measures for Security Target |
9th ICCC, Korea | Yi Mao |
Designing the Trusted Service Bus for EAL5 |
9th ICCC, Korea | Ochel |
Using SCAP to Detect Vulnerabilities |
White paper | S. Weingart |
Personal Brokerage of Web Service Access |
IEEE Security and Privacy, vol. 5, no. 5, pp. 24-31, Sept/Oct, 2007 |
A. Vassilev |
Security benefits from OS virtualization: Real or Virtual? |
White paper | A. Vassilev |
IT Security Assurance and Common Criteria |
TickIT International | Pattinson |
Efficient CC Evaluations |
atsec website | Mueller |
"BS 7799-2 and the CC" Supporting the Business of Software Development |
5th International Common Criteria Conference, Berlin, 09/2004 | Pattinson |