Lightsource Technologies

Home Solutions Cryptomathic Card Key Management System (CKMS)

Cryptomathic CKMS

E-mail Print PDF

cryptomathic_logo.jpg

   Cryptomathic Key Management System

 

 

Cryptomathics Key Management System - full lifecycle management includes key generation, distribution, usage, expiry, revocation and update.
 

For some time, key management has been managed through inefficient, paper-based key management procedures and multi-party key ‘ceremonies’. Achieving high security in this manner is extremely resource-intensive. As a result, most organisations today have no central view of their keys, their location, their use, when they expire, or who is responsible for them. Those organisations that do are faced with enormous increases in workload and costs.

Key life cycle management is paramount in systems in which keys need to be generated, backed up, restored, distributed in key shares, imported or exported in shares, encrypted using key encryption keys, protected under Zone Master Keys and possibly certified (using X.509 or EMV certificates).

Across all industries - the financial industry in particular - the requirements for managing cryptographic keys are becoming ever-more complex. Ensuring that the right key is in the right place, at the right time (and in particular that it is not in the wrong place at the wrong time) is mandated by more and more organisations, including all of the major payment scheme providers and the payment card industry as a whole.

The Cryptomathic Key Management System (CMKS) allows our clients to seamlessly and securely push keys to where they need to be. Key management is a discipline which requires strict user management and enforced procedures. CKMS gives your organisation the flexibility necessary to manage a very large number of keys - throughout their entire life cycle - without drowning in work.

Automation and asynchronous user log-on allow our clients to work smarter - not harder, while at the same time assisting the users in focusing on tasks as their priorities change over time.  

System Architecture
  • Multiple servers
  • Multiple HSMs
  • System integration API for automated production
  • Flexible Key Target Set-up
System Keys
  • Master Keys (MK) 
  • XOR key shares 
  • Zone Master Keys (ZMK) 
  • Key Encryption Keys (KEK)
Security Architecture
  • AES protected network communication 
  • Access control via smart cards 
  • Secure environment using HSMs 
  • HSM programming for key and certificate management
  • Secure audit log of all events (in HSM)
  • Secure PIN pad for secure key custodian work 
Cryptographic Formats
  • DES, 3-DES 
  • RSA Algorithm (PKCS#1) 
  • SHA-1
Secret Sharing Schemes
  • Key shares on chip cards 
  • Key shares on PIN pad
  • Key shares on file
Protocols
  • SOAP
  • Web service used for handling
  • asynchronous targets
Syntax, Certificate Formats and Requests
  • X.509v3, PKCS#10 
  • EMV 

 

Product Information

  Card and Key Management System  226.59 Kb

Case Study

  Centralised Key Management Case Study 421.63 Kb

Other PKI Products
Cryptomathic Signer (virtual smartcard) 
Cryptomathic Certification Authority

 

 

Main Menu