Cryptsoft Services

Cryptsoft staff offer a wide range of training and development services. If you are looking for something and you don't see it listed here then contact us as only a small subset of our material is noted below.

Cryptsoft is accredited under GITC with company number Q-3572 for consulting and contracting services.

Cryptsoft is also a member of the Queensland Health PSA2000 ICT Contracting Services Panel.

Training Services

FIPS140-2 High Level Overview and Tutorial

One day tutorial session covering the most important aspects of FIPS140-2 cryptographic module validation.

FIPS140-2 Requirements Analysis

Typically this service is provided after the engineering team has completed the FIPS140-2 High Level Overview and Tutorial.

Smartcard Technologies and Concepts

An overview of the various technologies used in smartcard systems and the associated infrastructure components needed to interact with and effectively deploy smartcard systems.

Public Key Infrastructure (PKI) Fundamentals

An overview of the technologies used in PKI systems and strategies needed to interact with and effectively deploy systems dependant on PKI .

Authentication and Authorisation (AA) Fundamentals

An overview of the technologies and approaches available for authentication and authorisation in a multi-vendor environment.

Hardware Security Module (HSM) Fundamentals

An overview of how to integrate HSMs into an overall security model in a pragmatic manner.

PKCS#11 Fundamentals

An overview of how to interact with securit tokens and HSMs via the PKCS#11 API.

Find out more …

Development Consulting

FIPS140-2 Preliminary Planning

Review of existing product documentation.

FIPS140-2 Validation Package Preparation

Preparation of materials required for a FIPS140-2 validation.

FIPS140-2 Testing Laboratory Liaison

Interface with the selected Testing Laboratory on behalf of the client.

FIPS140-2 Cryptographic Algorithm Validation Implementation

Assistance and/or implementation of cryptographic algorithm testing for specified algorithms. Includes assistance with review of required runtime tests which must be added to the client product.

FIPS140-2 Submission Package Review

Review of all submission material and assistance with updates to meet the current requirements of FIPS140-2.

FIPS140-2 Re-validation Preparation

For future product releases, revalidation can be straight forward or complicated depending on the nature of the changes to the cryptographic module since the previous release.

Smartcard Interfacing with Multi-Vendor Devices

Interfacing with the smartcard devices from a range of vendors on different platforms.

Smartcards and Embedded Platforms

Embedded platforms offer their own challenges when interfacing to smartcard systems as non-Win32 platforms often means interfacing directly at the APDU level.

Security Tokens - OTP

Integrating and deploying security tokens. One-Time-Password (OTP) devices based on proprietary or open systems.

  • OATH - HOTP and TOTP.
  • RSA SecurID.
  • Soft Tokens (mobile phone)
Cryptsoft works with a number of companies which provide solutions in the OTP area.

Wireless Security

Integration of wireless devices (including 802.11, ISO/IEC 14443, NFC, Mifare, Zigbee, others).

Public Key Infrastructure Planning

Deployment of smartcard based systems usually involves the creation of X.509 based digital certificates and the associated public key infrastucture for deployment, operation, and lifecycle management.

Find out more …

Security Architecture Consulting

Architecture Review

Review of existing and planned product from the point of view of the security implications from and architectural point of view.

Implementation Review

Review of implemented product in terms of issues which need to be handled during implementation.

Deployment Review

Review of product deployment in terms of issues which need to be handled during deployment.

Secure Coding

Tools, techniques and strategies for improving the security of products during the design, development, and testing phases of the overall product lifecycle.

Find out more …

Audit Services

Provision of audit services against the requirements of a range of standards and defacto-standards.

Find out more …