Friday, June 11, 2010

PCI DSS in a post-TKIP World - Retailers must tighten Wi-Fi security

TKIP, the encryption method once required on all Wi-Fi® devices, soon will be prohibited. A white paper from Summit Data Communications explains the implications for retailers that rely heavily on Wi-Fi and must be compliant with the Payment Card Industry Data Security Standard (PCI DSS). Wi-Fi Client Device Security and Compliance with PCI DSS  “Retailers have relied on wireless local area networks since before the first Wi-Fi standards were ratified,” said Chris Bolinger, Summit VP of Business Development and the paper’s primary author. “TKIP is a key element of Wi-Fi security in many retail stores and distribution centers, but TKIP is not strong enough to satisfy PCI DSS requirements.”

When the original Wi-Fi encryption mechanism of WEP was found to be vulnerable to attack, the Wi-Fi Alliance® created a security specification called Wi-Fi Protected Access®, with Temporal Key Integrity Protocol (TKIP) as its encryption method. Like WEP, TKIP uses RC4 encryption, but TKIP is designed to address vulnerabilities of WEP by encrypting each data packet with a different key, preventing key reuse during a session, and ensuring that the message is not altered in transit between sender and receiver.

In late 2008, two German researchers reported that a vulnerability in TKIP could enable an attacker to decrypt individual packets that are encrypted with TKIP. In mid-2009, two Japanese researchers reported that they had expanded on the German researchers’ work and devised a way to mount a successful attack on TKIP. The latter report received a lot of media attention, with some articles claiming that TKIP can be cracked in less than one minute. In reality, neither of the reports demonstrated that a practical tool for cracking an actual TKIP key or deciphering TKIP-encrypted data packets is imminent. The two reports, however, were enough to sound the death toll for TKIP. The Wi-Fi Alliance has announced that it is phasing out TKIP, first on infrastructure devices and then on client devices. Beginning January 1, 2011, TKIP will be prohibited in Wi-Fi infrastructure except as a component of WPA2®, the successor to WPA. In a few years, TKIP will be prohibited in any Wi-Fi CERTIFIED™ device. Review the abstract or download the report via the Summit Communications portal
Bookmark and Share
Posted by Lawrence E. Wilson at 1:54 PM
Labels: , , , , , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

HIMSS Healthcare IT

Loading...

Mortgage Technology

Loading...

Bitpipe Supply Chain & Logistics

Loading...

BankInfoSecurity.com

Loading...

HealthCareInfoSecurity.com

Loading...

Topics-Tags

healthcare (7) SaaS (6) physicians (5) BlackBerry (4) EHR (4) EMR (4) Microsoft (4) iPhone (4) patient care (4) pos (4) software as a service (4) supply chain (4) Business Intelligence (3) CRM (3) Electronic Health Records (3) FiServe (3) HealthRules (3) PA-DSS (3) PCI DSS (3) PCI SSC (3) RFID (3) healthcare data mangement environment (3) mobile banking (3) retail technology vendors (3) retailers (3) ARRA (2) Bayer Pharmaceuticals (2) Best Practices in Electronic Health Records Conference (2) Cisco (2) Dossia (2) Dynamics POS 2009 (2) ERP (2) Emerging Technology Forum (2) Epicor Software (2) Gemalto (2) Google (2) HIE (2) HealthEdge (2) HighJump Software (2) Hypercom Corporation (2) IBM (2) Informatica (2) Logistics Viewpoints (2) Medical Device (2) Mintel Comperemedia (2) PCI (2) PCI Compliance (2) PED (2) PIN Entry Device (2) REMS (2) Research and Markets (2) Risk Evaluation and Mitigation Strategy (2) Smart Grid (2) Smart Metering (2) United Healthcare (2) Verifone (2) West Wireless Health Institute (2) behavioral healthcare (2) credit card (2) end-to-end encryption (2) evidence-based healthcare (2) financial services technology (2) healthcare information software (2) healthcare providers (2) hipaa (2) hospital financial systems (2) hospitals (2) iPhone™ (2) inventory management (2) logistics-service providers (2) online banking (2) plc (2) regulatory compliance (2) smartphones (2) sms (2) software (2) supply chain management (2) zipLogix (2) .NET (1) 21st Century Health Care Caucus (1) ABA Regulatory Compliance Conference (1) AD-843 (1) ADE (1) AES (1) ALI (1) AMIS-49587 (1) ANI (1) APA (1) API Healthcare (1) APT (1) ARC Advisory Group (1) ARIS™ (1) ARM (1) ARM7TDMI processor (1) ATM/debit card (1) ATT Business Solutions (1) ATT wireless (1) Aberdeen Group (1) Accelerated Revenue Management Solutions (1) Accellion (1) Accenx Exchange (1) Accenx Technologies (1) ActOFAC (1) Advanced Store point-of-sale (1) AdvancedMD (1) AeroScout (1) Akamai (1) All-in-One (1) Allison Landers (1) Alteryx (1) Alteryx Web services (1) AmCare (1) American Psychological Association (1) Android (1) App Store (1) Apple (1) Apple iPad™ (1) Apple iPhone (1) Apple iPod (1) Apple® (1) Apple® iPad (1) AppointNow (1) Appraisals ValuFinders (1) Aprima (1) Apriso (1) Assurant Health (1) Atlanta (1) Aurelia G. Boyer (1) Avery Dennison (1) B2B (1) BAI (1) BAMC (1) BI (1) BITS (1) BLX (1) BMJ (1) BancVue (1) BancVue/First ROI (1) Bank of America (1) BenefitMD (1) Best Practices for Merchants (1) Biller DirectTM HV (1) BioHarness (1) BizTalk Server (1) BlackBerry® (1) BlackBerry™ (1) Blink Logic (1) Bloodhound Technologies (1) Blue Cross Blue Shield carriers (1) BlueModus (1) Bob Jenness (1) Book Appointment Now (1) British Medical Journal (1) Building A Layered and Integrated Defense Strategy (1) CALRHIO (1) CBX (1) CCHIT (1) CMS (1) CMS solution (1) CSCMP (1) CT scans (1) CTIA (1) Calyx Network (1) Calyx® Software® (1) CareFusion (1) Center for Diagnostic Imaging (1) Centricity® Practice (1) Class A common stock (1) Clinical Development Analytics (1) Co-Creation model (1) Cobra Automotive Technologies (1) ColdFire (1) ColdSpark (1) Compliance Module (1) Compliance Reporting Engine (1) ConVergence Point (1) Connecture (1) Consumer Billing and Payment Trends (1) Content Management System (1) Council of Supply Chain Management Professionals (1) Credit Transfers (1) Credit.com (1) Cypress Software Systems (1) DDS (1) DMS (1) Data Exchange (1) Data Integration (1) Data Security Standard (1) David Baumgarten (1) David Stockwell (1) David Taylor (1) DemographicsNow.com (1) Descartes Systems Group (1) Direct Debit (1) DrFirst (1) Dual Source CT (1) E-mail applications (1) E3 (1) EHR systems (1) EHRs (1) EMS (1) EMV and mag-stripe contactless cards (1) EPX (1) ETF (1) EVA (1) EZ-CAP (1) Eclipsys (1) Electronic Medical Records (1) Electronic Payment Exchange (1) Element115 (1) Embedded programming logic (1) Emdeon (1) Entra Health Systems (1) Epicor (1) Epocrates® Essentials (1) Escalate Retail (1) Ethernet broadband (1) Experian Simmons (1) Ezio Optical TAN (1) FDA (1) FFIEC (1) FIX (1) FS-ISAC (1) FSTC (1) FTEU (1) FXCM (1) FXpress’ FIRST® (1) FactSet (1) Financial Management Applications (1) Financial Services Technology Expo (1) Finovate (1) First Medical Management (1) First Touch iCapture (1) Flash™ (1) FlexNet® (1) Folio Archive Tag (1) FortiClient™ (1) FortiGate (1) FortiManager™ (1) FortiOS™ 4.0 (1) Fortinet (1) FpML (1) Free-to-End-User (1) FreeWay™ (1) FreedomPay (1) Freescale (1) Frost and Sullivan (1) Fundtech (1) GE Fanuc Intelligent Platforms (1) GE Healthcare (1) GLN (1) GPS search (1) Gartner (1) Gartner MarketScope (1) Geoff Knapp (1) Geographic Business Intelligence (1) Gerd Wolfram (1) German HHD standard (1) Global Logistics Network (1) Google Adwords (1) Google's Android™ (1) Greenbox Technology (1) HAN Application Report 2009 (1) HBNet (1) HCHN (1) HCM (1) HIPAA 5010 (1) HIPAA Validation Compliance (1) HIPAA-compliant (1) HMS (1) HMS Patient Accounting (1) HP (1) HR processes (1) HR staff (1) Hal Feuchtwanger (1) Harris Interactive (1) Harsco (1) Health Information Exchanges (1) Health System (1) HealthFusion Mobile Apps (1) HealthFusion® (1) HealthGrades (1) HealthInfoNet (1) HealthPartners (1) HealthRules Language™ (1) HealthVault (1) Healthagen (1) Healthcare Management Systems (1) Healthcare Payers (1) Heartland Payment Systems (1) HighJump Performance Advantage (1) Home Area Network (1) House (1) Humana One (1) HyperSafe® Remote Key System (HRKS) (1) IASA (1) IBM Technology Center (1) ICA (1) ICA CareAlign (1) ICD-10 (1) ICSC ReCON (1) ID card (1) IEC1334 compliant (1) IEEE (1) IEEE 802.15.4 (1) IHL Group (1) ILS (1) IP POS (1) IP data (1) IP-based (1) IP55 (1) IT security (1) InWorld Solutions (1) Independent Practice Association (1) Index Options (1) Informatica B2B Data Transformation (1) Informatics Corporation of America (1) Initiate Systems (1) Initiate® Provider Management (1) Instinet (1) Insurance Accounting and Systems Association (1) Insurint (1) Intel (1) Intelligent Communications Platform (1) Intensive Diabetes Management (1) Interactive Slide Kit Builder (1) Interactive Store Kiosk (1) Internet Banking (1) Internet Payment Exchange (1) Intuit (1) Intuit/Digital Insight (1) Jacques Seneca (1) James Norwood (1) Java-based (1) Jim Forrester (1) John C. Scott (1) Jon Ciampi (1) Juniper Research (1) Kaiser (1) KeyBank (1) Kiosk (1) L-SP3 security pedestals (1) L4150 Secure Keypad (1) Latric Systems (1) Lee Holman (1) Level 4 Data (1) Linux (1) MAC (1) MCF51EM256 (1) MCU (1) MDM (1) MEDITECH HCIS (1) MEDITECH Providers (1) MEDITECH hospitals (1) METRO Group (1) MLS (1) MPLS (1) MRI (1) MRO Management (1) MTTR (1) MZI HealthCare (1) Macworld (1) MagIC3 (1) MagIC3 W-1 (1) Managed File Transfer (1) Management Applications (1) Maria Kaganov (1) Mark IV (1) Mark Logic (1) MarkLogic Server (1) MarketScope (1) MarketSimplified (1) Marketing Workshop (1) Mary Brainerd (1) Matt Ornce (1) Mean-Time-To-Recovery (1) MedVentive (1) Medical Video jLog™ (1) Medtronic (1) MegaPath (1) Mercatus (1) Merchants (1) Merge Healthcare (1) Merge Mammo (1) Metering (1) Michael Griffiths (1) Michael Nissenbaum (1) Mobile Health Opportunities Report (1) Mobile Media (1) Mobile MoneySM (1) Mobile product (1) Mortech (1) Motorola (1) MyGlucoHealth (1) NACHA (1) NCR Advanced Store (1) NCR. POS (1) NHS Information Centre (1) Nari Viswanathan (1) National HIPAA Summit (1) Navigator (1) NetX360 (1) New York Stock Exchange (1) NewYork-Presbyterian (1) NewYork-Presbyterian Hospital (1) NexGen Compliance Solutions (1) Next Generation (1) ON Semiconductor (1) OTC (1) Obama (1) Odom Corporation (1) On-Demand (1) Open Solutions (1) Optimum (1) Oracle (1) Oracle Business Intelligence Suite Enterprise Edition Plus (1) Oracle Database (1) Oracle® (1) Oracle® Database (1) PBX features (1) PCI PA-DSS (1) PCI Security Council (1) PCI Security Standards Council (1) PCI assessment process (1) PHR (1) PHY (1) PIN (1) POS System (1) PPD (1) PaaS (1) Pacific Hospital (1) Paperless Explanation of Benefits (1) Patient Access Solutions (1) Patricia Briggs (1) PayPal (1) PayPal account (1) Payment Application Data Security Standard (1) Payment Card Industry (1) Payment Card Industry Security Standards Council (1) PeopleSoft Enterprise Human Capital Management (1) PeopleSoft Enterprise Portal 9.1 (1) PeopleTools 8.50 (1) PerformMetrics®. (1) Pershing LLC (1) Planet DDS (1) PlantCML (1) PlantCML® (1) Power Warehouse (1) PowerSecure International (1) Premier healthcare alliance (1) President (1) Prevention (1) Priority Health (1) Priority Health Customer Service (1) Proactive Customer Communications (1) Professional (1) QPharma (1) QX1000 is a global contactless (1) QX1000 plug-and-play solution (1) RBS Worldpay (1) RC4 encryption (1) RFID Asset Tracking (1) RHIO (1) RIM (1) RIS News' webCONNECTION (1) Radio Frequency Identification (1) Real-time monitoring (1) Red Flag PATRIOT (1) Regulatory (1) Remote Hosting Services (1) Remote Physiological Monitoring (1) Research In Motion (1) ResultsOnDemand® (1) Retail (1) Retailer Information System™ (1) Retalix (1) Retalix Power Productivity (1) Retalix Power Voice (1) Return on Invested Capital (1) Reval (1) Risk Management of Remote Deposit Capture (1) Risk Management oversight process banks cyber security (1) Robert Bailey (1) RouteCenter (1) S-FSK (1) S1 (1) SAMMC (1) SAS (1) SCM (1) SCT (1) SDD (1) SECCOS banking cards (1) SEPA (1) SEPA Direct Debits (1) SEPA Integration Suite (1) SIFMA (1) SOA (1) SOA Expressway (1) SPOS32 (1) SQL Server (1) SWIFT (1) Sales Management (1) Sales and Operations Planning (1) Scripps Health (1) SeeChange Health (1) Self-Service Kiosks (1) Semtek (1) Senate (1) Series B (1) Service Level Agreements (1) Siemens (1) Silver Spring Networks (1) Silver Tail Systems (1) Skimming (1) Small physician practices (1) Smart Fabric (1) Smart Meters (1) Society for Worldwide Interbank Financial Telecommunication (1) Software AG (1) Software Earnings (1) Software-as-a-Service (1) Sol Lizerbram (1) Solid State Drive (1) Somatom Definition (1) Sop (1) SoundBite Communications (1) St. Luke’s Health System (1) State of the Union (1) Steve Croft (1) Steve Fischer (1) SumTotal® (1) Sunrise Clinical Manager™ (1) Supply Chain Advantage suite (1) Supply Chain Consultants (1) Supply Chain Optimization Forum (1) TAGSYS (1) TAP (1) TKIP (1) Talent Development Suite (1) Telekurs VDF (1) Telguard Advantage Program (1) Telular (1) Temporal Key Integrity Protocol (1) The PCI Knowledge Base (1) Transportation Manager (1) Troy Leach (1) Troy Long (1) UCON (1) UHF RFID (1) US Oncology (1) US equities (1) USAA (1) Unity Medical (1) Universal Data Transformation (1) VESTA® emergency call processing (1) VISA Global List (1) VMware (1) Valley Health System (1) Venkatesh Korla (1) Veri-Fast (1) VeriShield Protect (1) VeriSign Messaging (1) Verifone SingleCI (1) Virtual Banking (1) Viscira (1) Visibility (1) Vista Health System (1) VistaComm (1) WEP (1) WTRS (1) WWHI (1) Walter Greenleaf (1) Web 2.0 (1) WellPoint (1) Wells Fargo (1) Wi-Fi Client Device Security (1) Wi-Fi® (1) Windows Mobile (1) Wireless Bluetooth (1) Wireless meter (1) Working Group (1) XML (1) XML Server (1) XML Web services (1) Yodlee (1) Yorgen Edholm (1) Zephyr Technology Corporation (1) ZigBee (1) accountholder (1) acquire (1) administrative interface (1) administrative tool (1) advanced microcontroller (1) adverse drug events (1) agency-brokerage (1) agents (1) american Banker's Association (1) analog-to-digital converter (1) ap5000 (1) api (1) application suite (1) attacks (1) audiology (1) automotive industry (1) bank accounts (1) banking applications (1) banking financial technology (1) banking transactions (1) benefit plan (1) biotech (1) block-trading (1) blood glucose meter (1) broadband Internet (1) broker-dealer customers (1) brokerage (1) brokers (1) buy- and sell-side participants (1) california regional health information organization (1) call centre (1) cardholder credit (1) cardiac stent placements (1) cardiologists (1) cardiovascular (1) cellular alarm communicators (1) cellular service discounts (1) claims processes (1) clinical data repository (1) clinical decisions (1) clinical development process (1) clinical document exchange (1) clinical institutions (1) clinical results (1) clinical software suite (1) clinicians (1) collections (1) commercial banking (1) commercial billers (1) compliance (1) confidential data (1) configuration (1) core platform (1) costs (1) credentialing information (1) credit card data (1) credit risk management (1) customers (1) customized (1) cycle time reduction (1) dark pool (1) dashboard (1) data centers (1) data loss protection (1) data sharing (1) debit card data (1) decisions (1) dental office (1) dentist (1) diabetic care (1) diagnosis (1) digital health records (1) digital pen (1) digital security (1) direct mail offers (1) direct marketing (1) diseases (1) distributed generation systems (1) documents (1) downstream systems (1) e-banking (1) e-connectware™ (1) e-mail automation (1) eBill Distribution (1) eCareView Healthcare Billing Portal (1) eInvoice Delivery Service (1) eMessaging Service (1) eMessagingSM (1) earnings estimates (1) eclinicworks (1) edikeeper (1) electronic services (1) electronic trading (1) email-like interface (1) embedded software (1) emergency care (1) enabling technologies (1) encrypted card data (1) encryption (1) endoscopes (1) energy management software (1) energy-saving programs (1) enterprise business software (1) enterprise-class (1) exception management (1) fCommunity Health Centers (1) fall planning meeting (1) federal regulations (1) federated platform (1) finance organizations (1) financial (1) financial applications (1) financial institution (1) financial institutions (1) financial professionals (1) financial services (1) financial services providers (1) financial software platform (1) financials (1) financing (1) fixed-cost subscription (1) flexible business applications (1) fraud (1) fraud alerts (1) geospatial analytics (1) global supply chain (1) government (1) graphical dashboard (1) hardware (1) health care (1) health information exchange (1) health insurance (1) health outcomes (1) healthcare communities (1) healthcare costs (1) healthcare data exchange (1) healthcare delivery system (1) healthcare information exchange initiative (1) healthcare information technology (1) healthcare offerings (1) healthcare payors (1) healthcare provider (1) healthcare reform (1) healthtrio (1) high-value manufacturing (1) hosted solution (1) hosted transportation management (1) http://www.navmanwireless.co.nz/nz/fleet-management/OnlineAVL2-iPhone-Application.html (1) human resources system (1) i2 Technologies (1) i2 Transportation Modeler (1) i2 Transportation Planner (1) iCareTools (1) iCertify 3.0 (1) iPhone 3.0 OS (1) iPod (1) iTriage (1) iTuple (1) identity theft (1) igxglobal (1) imaging (1) imaging workstation software (1) in-store applications (1) inVentiv Health (1) information technology services (1) infusion systems (1) initial public offering (1) insurance (1) integrated healthcare (1) integrated program (1) interoperable health solutions (1) intuitive dashboards (1) intuitive interface (1) inventory KPIs (1) inventory control (1) inventory levels (1) ipo (1) issue resolution (1) legal disclosures (1) license (1) life science (1) life sciences (1) liquidity aggregation (1) loan application process (1) loan marketing (1) loan origination process (1) logistics (1) logistics organizations (1) mHealth Solutions and Policy Forum (1) mammography (1) management software (1) mandates (1) master data management (1) medical care (1) medical imaging (1) medical practice optimization software (1) merge (1) messaging standards (1) metavante (1) metrics (1) midmarket companies (1) mission-critical applications (1) mixed-signal (1) mobile ID card (1) mobile application (1) mobile applications (1) mobile banking promotion (1) mobile health monitoring (1) mobile health sector (1) mobile personal payments (1) mobile phone banking (1) mobile retailing (1) mobile solutions (1) mobile trade station II (1) mobile-optimized Websites (1) morbidities (1) mortgage professionals (1) mortgage software (1) multi-specialty urban practice (1) multi-threat security appliances (1) negotiation (1) news (1) non-profit healthcare organization (1) online application (1) online banking and bill payment (1) online bill pay (1) online payments (1) online subscription (1) online training and certification (1) open web interfaces (1) open-licensing (1) opioids (1) originating (1) orlando (1) out-of-the-box metrics (1) overpayment savings (1) ownership (1) pallet level tagging (1) paper-free experience (1) patient medical information (1) patient monitoring (1) patients’ experience (1) payers (1) payment card encryption (1) payment channels (1) payment gateway (1) payment networks (1) payment processing (1) payment services (1) payors (1) payroll (1) pchr (1) personal data (1) personal health application (1) personal payments service (1) personnel (1) pharmaceutical (1) pharmacy (1) physical rehabilitation (1) physician recruitment (1) point-of-sale (1) portable health records (1) postag (1) power line carrier modem (1) premier listings (1) prescription drug products (1) prices (1) pricing (1) print (1) private healthcare providers (1) process-intensive (1) processing network (1) processing services (1) processing software (1) procurement (1) product suite (1) provider (1) provider registry (1) purchase history (1) radiologists (1) read performance (1) read rates (1) real estate (1) real estate forms (1) real estate professionals (1) real-time (1) real-time audit system (1) reduced inventory (1) regulatory updates (1) reimbursement accuracy (1) research reports (1) respiratory (1) restaurants (1) retail point-of-sale (1) revenue and payment cycle solutions (1) revenue streams (1) risk management (1) risk management services (1) route accounting system (1) route settlement (1) routine diagnostics (1) scalability (1) scalable solution (1) secure payment (1) secure user access (1) securely identify (1) security dealers (1) security needs (1) security services (1) security technology developer (1) self-service technology (1) service-related information (1) shippers (1) shop and compare mortgages (1) skimming threats (1) smart meter (1) smartphones email advertising (1) social networking (1) software integration (1) software platform (1) software solutions (1) software system (1) sourcing (1) specialization (1) spread frequency shift keying (1) stations (1) steve munini (1) succession planning services (1) suite of services (1) symptoms (1) tags (1) talent management solutions (1) terminals (1) text messaging (1) threats (1) tokenization (1) tomography (1) transaction flow (1) transactions (1) transparent (1) transportation authorities (1) triple play (1) two X-ray tubes (1) underutilized servers (1) unified threat management (1) user dashboards (1) utilities (1) utilization (1) utm (1) venture capital (1) viewing protocols (1) virtualization (1) voice (1) voice radio (1) warehouse management system (1) waste water plants (1) web-based (1) web-based dental software (1) web-based software platform (1) website content control (1) wi-fi (1) wireless access (1) wireless health solutions (1) wireless mobile devices (1) wireless protocols (1) xTuple (1) zipForm 6 (1) zipFormr (1)