International Association for Cryptologic Research

International Association
for Cryptologic Research

All job postings
Senior Cryptographic Researcher - Single assignment
Australian Payments Network, Sydney, Australia
The PCI Standards Council (PCI SCSC) was founded in 2006 by American Express, Discover, JCB International, MasterCard and Visa Inc. who share equally in governance and execution of the organisation’s work. Its stated aim is to bring payments industry stakeholders together to develop and drive adoption of data security standards and resources for safe payments worldwide. PCI SSC mandates in the PIN Security Requirements and Testing Procedures: V3 2018 that to achieve “Control Objective 5: Keys are used in a manner that prevents or detects their unauthorised usage”, that “Encrypted symmetric keys must be managed in structures called key blocks. The key usage must be cryptographically bound to the key using accepted methods.” This is PIN Security Requirement 18-3, which further details three acceptable methods of implementing this requirement but also states that these methods are not an exhaustive list. The Australian payments industry does not use key blocks to manage the symmetric keys used as PIN Encrypting Keys (PEK). The question of which other methods are acceptable has been raised, which has resulted in a PCI FAQ. The latest version of which is in the publicly available document PCI PTS PIN Security Requirements, Technical FQAs V3, February 2020, FAQ 27, and requires an independent expert to assess the equivalency of other methods. PCI has also produced several blogs on the case for key blocks and two Informational Supplements, PCI PTS PIN: Cryptographic Key Blocks June 2017 and PCI PIN Security Requirement: PIN Security Requirement 18-3 Key Blocks: June 2019. AusPayNet is seeking to engage an independent expert, who meets the requirements set out by PCI in the PIN Security FAQ 27. This expert must assess the Australian PEK key management methodologies and determine if they provide equivalent levels of protection that prevent or detect their unauthorised usage, as compared to key blocks. AusPayNet is seeking to have the work completed in Q2 2020. For more information or to provide a copy of your CV and some indicative costs.
Contact: Arthur Van Der Merwe -
Last updated: 2020-03-18 posted on 2020-03-11