KeyBRIDGE White Paper Series: Achieving Key Management Across Multiple Cryptographic Systems At an enterprise level, key management has always been a challenge due to a number of factors. Organizations may have legacy systems with interoperability constraints as well as multiple cryptographic solutions that store keys in inconsistent ways. Moreover, cryptographic operations and key usages are not easily operationalized in a one size fits all solution. As such, most enterprises end up with a patchwork of cryptographic solutions that each provide point solutions for specific business needs. The need for multiple cryptographic solutions within a single enterprise seems unavoidable at this point, but such a model creates numerous challenges. In many cases, the various point solutions are latched together as part of an overall process flow. Keys may originate in one system but the encrypted data from that system may need to be shared with other systems and translated to encryption under different keys from yet another system. All of this integration typically requires repetitive manual processes and adds multiple layers of complexity in terms of having central visibility and management of keys across the enterprise. KeyBRIDGE Key Management System (KMS) – The Enterprise Answer KeyBRIDGE was born in the retail payments space to meet business needs to perform high-volume key generation and loading. Beyond the initial use cases that KeyBRIDGE supported, the product evolved into a key management solution that provides comprehensive and automated key lifecycle management. KeyBRIDGE supports the ability to integrate with a variety of external cryptographic solutions, such as payment HSMs and standalone general purpose HSMs. By functioning as the central key repository, KeyBRIDGE provides a simple user interface to view and manage storage, transport and working keys. KeyBRIDGE supports both resident generation of keys as well and import and export of keys as clear components, key blocks or cryptograms. One of the most impactful features is the ability to export keys encrypted under the master keys of other cryptographic systems, specifically HSM master keys. GEOBRIDGE Corporation KeyBRIDGE White Paper Series Key Management Scenario A general purpose HSM may be in place to generate application keys. The application requests a key from the HSM and the HSM pushes back a key file that is stored locally on the application server. The application calls the HSM and passes back its key as part of a cryptographic function call. This process works well in terms of meeting high-volume cryptographic processes. However, visibility and management of the keys that have been generated for the various consumers of the HSM’s processes are limited. KeyBRIDGE provides the ability to integrate with the HSM and store copies of all of the keys within the HSM’s domain. The value of this is that KeyBRIDGE provides an overlay of additional key management data that allows the enterprise to not only have visibility to all keys that are being used by various applications, but to also capture key attributes such as algorithm, key length, key type/usage, expiration date, key instance tracking. KeyBRIDGE also allows users to define custom key attributes to support enterprise-specific key management data requirements. Furthermore, any of the keys that are stored within KeyBRIDGE may then be exported to other systems or external third parties. Any key added to the KeyBRIDGE inventory may be exported as multiple clear components, as a key block or encrypted under a transport or storage key, including external HSM master keys. All export activity is automatically tracked within KeyBRIDGE and includes the export timestamp, export method and recipient information. KeyBRIDGE KMS Features at a Glance Integration with leading HSM products both in the retail payments space as well as enterprise general purpose HSM products. Perform key management activities through the user interface or automated APIs for key exchanges. Tamper responsive hardware appliance with FIPS 140-2, Level 3 integrated security module. System enforcement of dual control and split knowledge for sensitive key management and system administration function. Robust audit logging for all system activity. Flexible user-defined key types and key attributes. For more information on KeyBRIDGE KMS or to arrange a product demo, contact GEOBRIDGE at [email protected]. GEOBRIDGE Corporation KeyBRIDGE White Paper Series
© Copyright 2024 ExpyDoc
