Voltage Security
now hiring | contact | support cloud email encryption: buy now login
products  |  solutions  |  customers  |  partners  |  technology  |  developers  |  blog  |  company
 
COMPANY

> Overview
> Leadership
> Board of Directors
> Advisors
> News/Events
> News
> Press Releases
> Events
> Press Room
> Awards & Recognition
> Voltage Timeline
> Fact Sheet
> Careers
> Contact Us

 

PCI DSS

 

PRESS RELEASE: February 11, 2010

  

Voltage Security Completes Independent Security Review

Conforms To Visa Best Practices for Data Field Encryption;
Format-Preserving Encryption Meets Recommendations
for End-to-End Encryption

PALO ALTO, Calif. – February 11, 2010 – Voltage Security™, the global leader in end-to-end data protection, today announced that Cryptographic Assurance Services, LLC (CAS), a leader in cryptographic compliance consulting, has completed an independent security review of Voltage's innovative Format-Preserving Encryption used in numerous end-to-end encryption implementations around the world. Voltage End-to-End Encryption, part of the Voltage SecureData™ product line, conforms to the complete list of Visa’s global industry best practices for data field encryption, published on October 5th, 2009. The Visa best practices are designed to further the payment industry's efforts to develop a common, open standard while providing guidance to encryption vendors and early adopters. Data field encryption, also known as end-to-end encryption, protects card information from the swipe to the acquirer processor so that the merchant is no longer processing or transmitting card data in the "clear."

CAS was asked to evaluate Format-Preserving Encryption (FPE) as a mode of the Advanced Encryption Standard (AES). CAS evaluated the mathematical model on which it was based and the associated proofs of security. CAS also reviewed a source-code instantiation of FPE provided by Voltage Security. CAS identified applicable compliance regimes and assessed FPE against them.

In its finding, CAS noted the large body of cryptographic research on which FPE is based, accumulated over decades, and the strength of the mathematical proofs and cryptanalysis. CAS concluded that FPE as implemented in the form of the AES mode FFX3 meets the compliance criteria for PCI DSS v1.2 encryption requirements and for Visa’s Data Field Encryption requirements, making Voltage Security’s Format-Preserving Encryption solutions suitable for use by organizations needing to comply. AES mode FFSEM is a sub mode of AES mode FFX and included in this assessment.

The complete report is available at www.voltage.com/security-review, registration required.

About Cryptography Assurance Services
CAS is a team of security professionals with over 50 years of combined experience. The CAS experience covers a wide range of technologies addressing confidentiality, integrity, authentication and non-repudiation with emphasis on cryptography and key management. CAS has been, and is still today, involved in developing X9, ISO and other industry security standards and providing assurance services to gain compliance to such standards.

About Voltage Security
Voltage Security, Inc., an enterprise security company, is an encryption innovator and global leader in end-to-end data protection. Voltage solutions, based on next generation cryptography, provide end-to-end encryption, tokenization, masking and stateless key management for protecting valuable, regulated and sensitive information based on policy. Voltage products enable reduction in PCI audit scope with rapid implementation and the lowest total cost of ownership in the industry through the use of award-winning cryptographic solutions, including Voltage Identity-Based Encryption™ (IBE) and a new breakthrough innovation: Format-Preserving Encryption™ (FPE). Offerings include Voltage SecureMail™, Voltage SecureData™, Voltage SecureFile™ and the Voltage Security Network™ (VSN), an on-demand managed service for the extended business network.

As a service to the industry and general public, the company maintains the Voltage Data Breach Index and Map which is continuously updated with global data breach information: www.voltage.com/data-breach.  The Company has been issued several patents based upon breakthrough research in mathematics and cryptographic systems. Customers include Global 1000 companies in banking, retail, insurance, energy, healthcare and government. To learn more about Voltage customers and sign up for the customer news letter please visit www.voltage.com/customers.

###

Voltage Identity-Based Encryption, Voltage Format-Preserving Encryption, Voltage SecureMail, Voltage SecureFile, Voltage SecureData and the Voltage Security Network (VSN), are registered trademarks of Voltage Security, Inc. All other trademarks are property of their respective owners.



Try Voltage Solutions

Schedule an evaluation

White Papers

Download white papers

Customers in Action

Get to know Voltage Customers

Contact a security specialist

Get your questions answered

Try Voltage - Schedule a 30 day evaluation
s
On-demand Webcast | Understanding Tokenization and End-to-End Encryption
s
On-demand Webcast | Ensuring Your Next Board Meeting Is Not About Data Breaches
s
Data Protection Risks and How to Avoid Them
Data Protection Risks and How to Avoid Them

On-demand Webcast | Ensuring Your Next Board Meeting Is Not About Data Breaches

 
s
 

 
  home | terms of use | privacy policy | contact us | careers | site map
Sign up to receive the customer newsletter and email updates:   
 
  Contact sales online