JavaScript is turned off in your web browser. To take full advantage of Ribose features, please enable JavaScript and refresh the page.

Ribose contributes implementations of Chinese cryptographic algorithms to OpenSSL

Enables compliant usage of OpenSSL toolkit within China


[September 13, 2018, Hong Kong, Newark DE] – Ribose has contributed the SM2, SM3 and SM4 Chinese cryptographic algorithms to the OpenSSL cryptographic library, which are now available for general use as part of OpenSSL’s version 1.1.1 release.


SM2, SM3, SM4 are “commercial cryptography” algorithms, mandated by the State Cryptographic Administration to be used within China, in accordance with the “Regulation on the Administration of Commercial Cryptography” issued by the State Council of the PRC in 1999. The algorithms are widely applied in technologies used within China to enable legal usage of cryptography, including public key infrastructure (PKI), identification and banking cards, Trusted Platform Module, and the OpenPGP and Transport Layer Security protocols.


SM2 is an elliptic curve cryptographic system (ECC) that provides algorithms for public-key encryption, digital signatures, key agreement, and also parameters for the SM2-specific elliptic curve. SM2 was first published in 2010, and standardized as Chinese cryptographic standard GM/T 0003 and GB/T 32918 (5 parts).


SM3 is a cryptographic hash algorithm designed by Prof. Xiaoyun Wang as a counterpart to the NIST SHA-256 algorithm with several strengthening features. SM3 was first published in 2010, and standardized as Chinese cryptographic standard GM/T 0004 and GB/T 32905.


SM4 is a symmetric encryption algorithm designed for data encryption. The Chinese counterpart to AES (Advanced Encryption Standard), it is a 128-bit blockcipher designed for speed and suitability for encryption on low-powered devices. Designed by Prof. Shu-Wang Lu, it was standardized as Chinese cryptographic standard GM/T 0002 and GB/T 32907.


Matt Caswell of OpenSSL said, “The OpenSSL project develops and disseminates open and freely available technology to enable people worldwide to protect their data and communication. By supporting the Chinese cryptographic standards (SM2, SM3 and SM4) we hope to enable

broader usage of OpenSSL within China for those industries adopting these national algorithms. We sincerely thank Ribose for their contributions to the OpenSSL project.”


According to Ribose founder Ronald Tse, “Ribose is a staunch supporter of open-source and allowing people to secure their own data – this contribution enables people and organizations operating in China to legally utilize the market-leading cryptographic library, OpenSSL, to protect their information. We appreciate the opportunity to collaborate with the OpenSSL team and commend them for supporting cryptography usage worldwide.”




# # #


About Ribose


Ribose is the award-winning developer of asymmetric security™ technologies trusted by industries with heightened cybersecurity needs. Having pioneered the comprehensive approach to verifiable cybersecurity, Ribose is a Deloitte Technology FAST 20 and Red Herring Top 100 Globalcompany, and received the CSA APAC Enterprise Award and several Stevie® Awardsfor cybersecurity innovations.


Ribose is the only cloud service provider (CSP) triple-assured by the Cloud Security Alliance, the first CSP to receive BSI's Kitemark for Secure Digital Transactions, and the first to achieve certification to the highest security tiers in NIST CSFand MTCS. It is also certified to ISO 9001ISO 14001ISO/IEC 20000ISO 22301ISO/IEC 27001ISO/IEC 27017ISO/IEC 27018and ISO 45001.


Learn more at: ribose.com.



About OpenSSL


OpenSSL Software Foundation is the non-profit corporation that maintains the OpenSSL toolkit. The OpenSSL toolkit is the market-leading cryptographic library, and serves as a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. Licensed under an Apache-style license, the OpenSSL toolkit is freely available for most commercial and non-commercial purposes.


Learn more at: openssl.org


Ribose: 

Ronald Tse

press@ribose.com

+852 3976 3976

https://www.ribose.com

Twitter: @RiboseUS


 

OpenSSL Software Foundation:

Matt Caswell

osf-contact@openssl.org

https://www.openssl.org


Read More

Ribose Achieves World's First NIST Cybersecurity Framework Certification by BSI

Verified compliance to NIST Cybersecurity Framework at Tier 4 (Adaptive)


[August 8, 2018, HONG KONG] Ribose has become the world's first organization to certify to the NIST Cybersecurity Framework (Tier 4) by BSI.


The National Institute of Standards and Technology's (NIST) Cybersecurity Framework (CSF) was mandated by U.S. Executive Order (EO) 13636, and was designed to protect critical infrastructure and vital industries from cyberattacks. It also allows organizations to select a “Tier” based on organizational practices – from Tier 1 (Partial) to Tier 4 (Adaptive) – indicating a progressive approach from informal and reactive, to agile and risk-driven.


BSI was part of the team of experts that worked with NIST to develop the CSF, and is the first certification body to offer certification to the CSF. The program validates processes and evidence corresponding to the chosen tier level, and is integrated with ISO/IEC 27001, which comprehensively validates information security and risk management practices.


John DiMaria, Global Product Champion for Information Security and Business Continuity for BSI, said, “BSI has created the world’s first certification on the NIST Cybersecurity Framework. The unique tiered concept combines solid information security principles with application flexibility, which will be valued by organizations worldwide. We congratulate Ribose on being the first organization to receive our NIST CSF certification at Tier 4, and commend its long-standing commitment to international harmonization of cybersecurity providing the highest levels of data protection.”


Enoch Lee, General Manager of Hong Kong for BSI, added, “BSI has long been recognized as a pioneer in information security management. The new NIST Cybersecurity Framework certification program is a key component of our efforts to maintain this leadership position.”


According to Ronald Tse, founder of Ribose, “Achieving NIST CSF certification at Tier 4 reaffirms our unwavering commitment to protecting our customers’ data based on verifiable cybersecurity. Our approach builds upon a solid security foundation that includes the selective Kitemark for Secure Digital Transactions certification, as well as cloud security and privacy certification through ISO/IEC 27017 and ISO/IEC 27018.”


###


About Ribose


Ribose is the award-winning global developer of asymmetric security™ technologies trusted by industries with heightened cybersecurity needs. Having pioneered the comprehensive approach to verifiable cybersecurity, Ribose has been named to be Deloitte Technology FAST 20, Red Herring Top 100 Global, as well as receiver of the CSA APAC Enterprise Award and Stevie® Awardsfor cybersecurity innovations.


Ribose is the only cloud service provider (CSP) triple-assured by the Cloud Security Alliance, first CSP to receive BSI's Kitemark for Secure Digital Transactions, first to achieve certification to the highest security tiers in NIST CSFand MTCS, and is also certified to ISO 9001ISO 14001ISO/IEC 20000ISO 22301ISO/IEC 27001,ISO/IEC 27017ISO/IEC 27018and ISO 45001.


Learn more at: ribose.com.



About BSI


BSI (British Standards Institution) equips businesses with the necessary solutions to turn standards of best practice into habits of excellence. As the world’s first National Standards Body and a founding member of the International Organization for Standardization (ISO), BSI is responsible for originating many of the world’s most commonly used management systems standards.


Learn more at: bsigroup.com.



Ribose Contact: 

Ronald Tse

press@ribose.com

+852 3976 3976

Website: https://www.ribose.com

Twitter: @RiboseUS


 

BSI Contact:

Ming Tang

haming.tang@bsigroup.com

+852 3149 3324

Website: http://www.bsigroup.com

Twitter: @BSI_UK

Read More

Ribose Achieves Cloud Industry’s First Kitemark for Secure Digital Transactions

World's first collaboration platform certified to rigorous application security by BSI

Hong Kong – Ribose has become the world's first cloud Software-as-a-Service platform to achieve BSI's prestigious and highly selective Kitemark for Secure Digital Transactions, which certifies applications to ensure they have the appropriate security controls in place to handle highly sensitive information online through rigorous security testing.

Confidential financial and personal information is increasingly stored and shared, yet services themselves are subject to continuous threats and attacks at all times. According to PwC, 90% of large organizations have already suffered data breaches, and it is imperative for organizations to protect their own confidential information in the cloud through appropriate security.

Protection is especially necessary for collaborative data, which often contain the most valuable, yet most vulnerable assets of the organization – intellectual property, trade secrets or personal information about customers and employees, patient health information, and financial information.

BSI's Kitemark for Secure Digital Transactions is the most rigorous security testing program available to date that validates and evaluates the security of individual applications. Initially piloted by the banking industry, it is the latest member of the BSI Kitemark family, a symbol of trust and product quality that was first granted in 1903 and is highly recognized worldwide. BSI has also long been a pioneer in information security, being the originator of the international information security management system standard, ISO/IEC 27001.

An application certified to this Kitemark demonstrates rigorous validation to banking-grade security, as well as data protection measures of the organization that developed and operates the application, confirming it has been thoroughly tested and meets recognized standards for security, reliability and quality.

In order to receive the Kitemark for Secure Digital Transactions, the application or service must achieve three key criteria. First, a secure service must be developed and operated within a secure environment that emphasizes organizational security and process integrity. This criterion is best validated by requiring the organization itself to achieve and maintain certification to ISO/IEC 27001, covering all parts relating to the service and sensitive information it handles, including application development, infrastructure operations and transaction processing.

The second tenant of the Kitemark for Secure Digital Transactions is to achieve validation of application security, which requires the service to undergo rigorous internal and external penetration tests to the highest levels, ensuring there are no known significant vulnerabilities or security flaws. The application security tests are performed by a world-class, CREST-certified security team with over 30,000 hours of penetration testing experience, to the OWASP ASVS v2.0 standard – the most stringent in industry. Under Level 2 verification, Ribose is tested against 147 application security controls covering all facets of application security through black box and white box testing, from business logic to cryptography, static analysis to OWASP Top 10 vulnerabilities. This assures that the Ribose platform provides security assurance for significant transactions, including those that process healthcare information, implement business-critical or sensitive functions, or process other sensitive assets.

The third criterion is continual independent monitoring and assessment to ensure the security profile of the service provides assurance to the types of data it handles, including ongoing application security tests, organizational security audits, as well as Kitemark compliance audits and risk assessments.

According to Chris Lewis, Certification Director at BSI, "With a shift towards mobile and cloud computing, information security is increasingly becoming a key differentiator. Many organizations have good information security processes established but to achieve the BSI Kitemark for Secure Digital Transactions, their systems have to be regularly and independently tested with stringent penetration tests and monitoring. For Ribose to be first to achieve the BSI Kitemark for Secure Digital Transactions in the cloud industry, it reinforces their commitment to safeguarding their users' private information in their secure cloud services."

Emmanuel Hervé, Vice President of Standards and Professional Services, BSI Asia Pacific, and Managing Director, BSI Hong Kong, remarked, "The BSI name and the BSI Kitemark are recognized as symbols of trust, and we have a strong track record in promoting excellence in cyber and information security. The Kitemark demonstrates Ribose's commitment to the ongoing security of their cloud application and service. In becoming the first cloud service to achieve the new Kitemark for Secure Digital Transactions certification is proof of Ribose's pledge to be a pioneer in cloud security."

Ronald Tse, founder of Ribose, explained, "Our Kitemark certification is a testament to Ribose's unwavering commitment to providing a secure platform that prioritizes the protection of our customers' data. Building on our ISO/IEC 27017 cloud security and ISO/IEC 27018 cloud privacy certifications, this Kitemark provides reassurance that our application itself features appropriate protection for highly sensitive information."

"Ribose's highest bar approach to cloud security gives users the peace of mind to freely collaborate on mission critical projects, knowing their confidential information is protected to international cloud security standards, and now the BSI Kitemark. All of these certifications stand as testament to the security of the Ribose platform," Tse concluded.

Although no certification can ever guarantee 100% security, the BSI Kitemark for Secure Digital Transactions ensures a website or app has the appropriate security controls in place for the information it is handling.

Read More

Ribose achieves ISO/IEC 27017 cloud security certification

World’s first SaaS platform compliant to international cloud security standard

[Hong Kong] – 9 June 2016 – Ribose has become the world’s first Software-as-a-Service platform to achieve certification to ISO/IEC 27017, an international standard for information security controls specifically designed for cloud services. Published by the International Standards Organization (ISO) and the International Electrotechnical Commission (IEC), ISO/IEC 27017 is a Sector-Specific Standard within the ISO/IEC 27001 (Information security management systems) family.

The cloud offers immense benefits, allowing cloud service customers to utilize the exact amount of computing resources needed at any given time. However, due to the open nature of the cloud environment – which provides broad network access, rapid elasticity, self-provisioning functionality and resource pooling – cloud information security needs differ greatly from the traditional environment ISO/IEC 27001 was originally designed to protect.

Addressing the specific needs of cloud security, ISO/IEC 27017 builds upon ISO/IEC 27001 – providing additional controls and implementation guidance on architecture, technology and processes to ensure information security is well protected in the cloud. Taking into account that many cloud service providers are often customers of other cloud services, ISO/IEC 27017 also specifies implementation guidelines for both cloud service customers and cloud service providers, emphasizing each entity’s role in cloud security and protecting end users’ information.

“The ISO/IEC JTC1 SC27 committee, which creates and manages the ISO/IEC 27001 family of standards, first approved the proposal for a cloud security management standard proposed by Japan in October 2011. ISO/IEC 27017, having been through 5 years of dedicated work, was finally published in December 2015, provides a code of practice for information security management for cloud services. In achieving this certification, Ribose has demonstrated its commitment and effort towards protecting user information in the cloud," commented Tadashi Nagamiya, Secretary General of JASA, Japanese representative for ISO/IEC JTC1 SC27, and one of the original authors and proposer of ISO/IEC 27017.

As the first cloud service provider to achieve CSA CCM 3 compliance, CSA STAR Attestation and Singapore’s MTCS, Ribose was able to satisfy the recommendations set forth in ISO/IEC 27017 with its existing systems and processes.

Emmanuel Hervé, Vice President of Standards and Professional Services, BSI Asia Pacific, and Managing Director, BSI Hong Kong, remarked, “We commend Ribose’s dedication to protecting its users information to the highest standards. As the originator of the ISO/IEC information security management system standard, and the first certification body offering a robust certification program for ISO/IEC 27001 sector specific standards, BSI worked closely with Ribose and experts from ISO/IEC JTC 1 SC 27 in the development of the ISO/IEC 27017 certification scheme – ensuring our rigorous certification program accurately assesses adherence to the standard.” 

Ronald Tse, founder of Ribose, explained, “ISO/IEC 27017 certification clearly demonstrates Ribose’s unwavering commitment to cloud security. We are proud to be the world’s first cloud service provider to achieve simultaneous CSA STAR Certification, STAR Attestation and C-STAR Assessment together with ISO/IEC 27017. Although some overlap exists, ISO/IEC 27017 has proven to be complementary to our existing regional and global cloud security requirements.”

Tse continued, “Ribose has always maintained a tight reputation as a pioneer in cloud security. Our new ISO/IEC 27017 certification confirms we are deploying proper controls to secure our own platform, as well as to protect our customers’ data through the suppliers we rely upon to deliver our services.”

“By taking the highest bar approach to cloud security, Ribose gives users the peace of mind to freely create and collaborate on our platform – knowing their confidential information is protected by multiple international certifications to the highest levels of cloud security,” concluded Tse.

# # #

About Ribose

Ribose is the award-winning secure cloud collaboration platform that makes working together easy and fun while protecting users’ data with the highest, internationally certified levels of security. Trusted by regulated industries and users with heightened security needs, it is the world’s first cloud platform to achieve MTCS (Multi-Tier Cloud Security) and the only cloud service provider to be triple assured by the Cloud Security Alliance: CSA STAR Attestation, CSA STAR Certification (Cloud Controls Matrix, CCM 3.0.1) and CSA C-STAR Assessment. Ribose has been consistently awarded the industry's highest cloud security ratings: the highest security tier, Level 3, in MTCS and the highest maturity level, Gold, in STAR Certification.

Ribose has won numerous awards including the CSA APAC Enterprise Award for Security Innovation of the Year, Gold Stevie® Awards at the International Business Awards for Most Innovative Company in Asia and Best New Collaboration Service, and has been named a Red Herring Top 100 Global company.

Ribose is certified to ISO 9001, ISO 14001, OHSAS 18001, ISO/IEC 20000, ISO 22301, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, ISO 50001, PAS 99, Cyber Essentials Plus, CDSA Content Protection Security (CPS) and AICPA Service Organization Control (SOC) standards, and approved by the UK Government’s G-Cloud program for government use.

Ribose is free to use: ribose.com.

About BSI

BSI (British Standards Institution) equips businesses with the necessary solutions to turn standards of best practice into habits of excellence. As the world’s first National Standards Body and a founding member of the International Organization for Standardization (ISO), BSI is responsible for originating many of the world’s most commonly used management systems standards and publishes over 2,700 standards annually.

Read More

Ribose at Singapore's CloudAsia 2016

Ribose is in Singapore for CloudAsia 2016!

Thanks to the kind invitation by the IDA, we have a booth at the Suntec Convention Centre (4/F), within the IDA Pavilion which is right at the front door.

We'll be around from May 3-5. Feel free to come say "hi"!

Read More
Next
1 2 3 4

Get Started

Getting Started