KEY MANAGEMENT SYSTEM AND CRYPTO SERVICE GATEWAY
Streamline Crypto Key Management
Key Management System and Crypto Service Gateway
Top Notch Technology
Across all industries the requirements for managing cryptographic keys are becoming ever-more complex. Ensuring that the right key is in the right place at the right time is mandated by many organisations, i.e. major card payment scheme providers. This is a complicated requirement as most businesses need to manage an ever-increasing number of keys, while reducing the risk of internal and external fraud, as well as keeping costs at a minimum.
The Crypto Key Management System (CKMS) streamlines administration and reduces costs associated with traditional key management. Through its flexible and automated protocols, CKMS gives users the flexibility to manage a very large number of keys – throughout their entire life cycle – without drowning in work. Using Cryptomathic CKMS, administrators can uniformly and centrally manage the life cycle of all cryptographic keys across a range of encryption platforms.
Crypto Key Management System
Crypto As A Service
Crypto Service Gateway
Crypto Key Management System
Crypto Key Management System
Key Features:
*At your desk key ceremonies
*Automated key distribution and updating
*Centralised life cycle key management
*Compliance
Authorities: FIPS, Internal audit, PCI, Payment schemes and S/O
Domains: Physical (e.g. tamper) & logical security (crypto/SW/system design)
*Configurable role-based access
*Flexible key attributes eliminate paperwork
*High availability and scalability
*Searchable tamper evident audit log
*Support for all major HSM brands
*Trusted path using secure PIN pads
*Automated key distribution and updating
*Centralised life cycle key management
*Compliance
Authorities: FIPS, Internal audit, PCI, Payment schemes and S/O
Domains: Physical (e.g. tamper) & logical security (crypto/SW/system design)
*Configurable role-based access
*Flexible key attributes eliminate paperwork
*High availability and scalability
*Searchable tamper evident audit log
*Support for all major HSM brands
*Trusted path using secure PIN pads
-Non-Smart Chip Based
Commonly based on a typical low cost EEPROM where the main protection algorithms rely more on the firmware that are bundle together rather than on the hardware. This type of hardware architecture can easily be duplicated by most Dongle Duplication Experts
-Self Definable Security Algorithms
Up to 128 self definable security algorithms that will be executed on-board when called by protected software which will then be authenticated using the popular Challenge Response Authentication to maximize the security level of the protection.
-Smart Chip Based
Advanced EAL4+ and ITSEC certified microprocessor smart chips enable the algorithm’s execution and on board seed code generation. Microprocessor smart chips also prevent hardware cloning and duplication attacks.
-Multi Levels Access Right Management
Supports multi level access right management to facilitate different access rights for the development team.
-HID Driverless
As HID driverless, SecureDongle requires no external device driver installation, thus minimizing the common technical issue arise from device driver. No driver is required. As long as a USB thumb drive is compatible with
-User-define security password
Supports on-board seed code and random number generation which developer can apply into their protection to strengthen the security and to make the protection more complicated to crack.
-Secure Communication
SecureDongle is built also with advanced encryption/decryption on communication between firmware and hardware to prevent debugging and emulator attacks.
Key Management solution Brochure
Smarter way to protect your software!
Crypto As A Service
Crypto As A Service
Securemetric offers innovative centralized cryptography solution with fully automated cryptography key lifecycle management. By doing this way, we could help our client to optimize their security infrastructure and effectively offer easy to use cryptographic service without worrying about the underlying cryptographic hardware and the details of the cryptographic policy settings which can now be managed centrally. Organization can now perform critical cryptographic operations mission via such centralized shared cryptographic service, which can significantly reduce their cryptographic infrastructure investment.
Overview of the deployment:
-Non-Smart Chip Based
Commonly based on a typical low cost EEPROM where the main protection algorithms rely more on the firmware that are bundle together rather than on the hardware. This type of hardware architecture can easily be duplicated by most Dongle Duplication Experts
-Self Definable Security Algorithms
Up to 128 self definable security algorithms that will be executed on-board when called by protected software which will then be authenticated using the popular Challenge Response Authentication to maximize the security level of the protection.
-Smart Chip Based
Advanced EAL4+ and ITSEC certified microprocessor smart chips enable the algorithm’s execution and on board seed code generation. Microprocessor smart chips also prevent hardware cloning and duplication attacks.
-Multi Levels Access Right Management
Supports multi level access right management to facilitate different access rights for the development team.
-HID Driverless
As HID driverless, SecureDongle requires no external device driver installation, thus minimizing the common technical issue arise from device driver. No driver is required. As long as a USB thumb drive is compatible with
-User-define security password
Supports on-board seed code and random number generation which developer can apply into their protection to strengthen the security and to make the protection more complicated to crack.
-Secure Communication
SecureDongle is built also with advanced encryption/decryption on communication between firmware and hardware to prevent debugging and emulator attacks.
SecureDongle Brochure
Smarter way to protect your sfotware!
Crypto Service Gateway
Crypto Service Gateway
Crypto doesn’t have to be complicated. Don’t settle for manual procedures, unnecessary hardware, project-specific security or vendor tie-in. Forget the past, welcome to the future.
Crypto Service Gateway is the only solution that manages and delivers crypto to any application in your business. It solves over 50 common application crypto problems, including integration, data encryption, tokenization, transaction authorisation, signing and key management.
It benefits the smallest of applications, yet scales effortlessly to deliver crypto to the entire enterprise. Discover huge cost and time savings by doing crypto the right way.
It benefits the smallest of applications, yet scales effortlessly to deliver crypto to the entire enterprise. Discover huge cost and time savings by doing crypto the right way.
Key Features:
Managed Data Encryption
CSG’s managed encryption technology addresses a common crypto headache – ensuring encrypted data can be safely decrypted at a later date, even if the original key has been replaced. This technique is ideally suited for long-term storage of encrypted data within a business database, for example. Managed encryption is an optional feature that can be made available to any application using CSG. Managed encryption provides confidentiality, authenticity and integrity (while normal encryption only offers the first of these). This means CSG can ensure the data hasn’t been modified while it was stored. The encrypted data returned by CSG contains a pointer to the key used to perform the encryption. Even if the encryption key is updated, CSG retains access to the old key and can use it to decrypt historical data. Support is also provided for updating old encrypted data to use a newer key.
Tokenization
Tokenization is a common technique for protecting sensitive data, such as PANs, as they pass through business systems. The original data is replaced with a token of the same length, using a reversible process.
CSG offers tokenization as a basic crypto function available to any application. The tokenization process is customisable and can allow parts of the data to pass through un-changed (e.g. the last four digits of the PAN). A configurable mixture of format-preserving encryption and database storage is used to produce the token values.
For those concerned with PCI-DSS, tokenization may provide a way to bring systems out of scope for audits. For more information on PCI-DSS compliance with CSG, please refer to PCI-DSS topic paper
Secure PIN Translation
Secure PIN translation is the process of changing the key that encrypts a PIN, without exposing the PIN data in server memory. This operation is commonly needed in payment systems, where the PIN must travel through different systems which use different zone-related keys.
CSG supports PIN translation using our secure code execution (SCE) technology, which is a vendor-neutral approach to executing code within an HSM. The PIN translation function supports a variety of standard PIN block formats.
CSG’s managed encryption technology addresses a common crypto headache – ensuring encrypted data can be safely decrypted at a later date, even if the original key has been replaced. This technique is ideally suited for long-term storage of encrypted data within a business database, for example. Managed encryption is an optional feature that can be made available to any application using CSG. Managed encryption provides confidentiality, authenticity and integrity (while normal encryption only offers the first of these). This means CSG can ensure the data hasn’t been modified while it was stored. The encrypted data returned by CSG contains a pointer to the key used to perform the encryption. Even if the encryption key is updated, CSG retains access to the old key and can use it to decrypt historical data. Support is also provided for updating old encrypted data to use a newer key.
Tokenization
Tokenization is a common technique for protecting sensitive data, such as PANs, as they pass through business systems. The original data is replaced with a token of the same length, using a reversible process.
CSG offers tokenization as a basic crypto function available to any application. The tokenization process is customisable and can allow parts of the data to pass through un-changed (e.g. the last four digits of the PAN). A configurable mixture of format-preserving encryption and database storage is used to produce the token values.
For those concerned with PCI-DSS, tokenization may provide a way to bring systems out of scope for audits. For more information on PCI-DSS compliance with CSG, please refer to PCI-DSS topic paper
Secure PIN Translation
Secure PIN translation is the process of changing the key that encrypts a PIN, without exposing the PIN data in server memory. This operation is commonly needed in payment systems, where the PIN must travel through different systems which use different zone-related keys.
CSG supports PIN translation using our secure code execution (SCE) technology, which is a vendor-neutral approach to executing code within an HSM. The PIN translation function supports a variety of standard PIN block formats.
-Non-Smart Chip Based
Commonly based on a typical low cost EEPROM where the main protection algorithms rely more on the firmware that are bundle together rather than on the hardware. This type of hardware architecture can easily be duplicated by most Dongle Duplication Experts
-Self Definable Security Algorithms
Up to 128 self definable security algorithms that will be executed on-board when called by protected software which will then be authenticated using the popular Challenge Response Authentication to maximize the security level of the protection.
-Smart Chip Based
Advanced EAL4+ and ITSEC certified microprocessor smart chips enable the algorithm’s execution and on board seed code generation. Microprocessor smart chips also prevent hardware cloning and duplication attacks.
-Multi Levels Access Right Management
Supports multi level access right management to facilitate different access rights for the development team.
-HID Driverless
As HID driverless, SecureDongle requires no external device driver installation, thus minimizing the common technical issue arise from device driver. No driver is required. As long as a USB thumb drive is compatible with
-User-define security password
Supports on-board seed code and random number generation which developer can apply into their protection to strengthen the security and to make the protection more complicated to crack.
-Secure Communication
SecureDongle is built also with advanced encryption/decryption on communication between firmware and hardware to prevent debugging and emulator attacks.
SecureDongle Brochure
Smarter way to protect your sfotware!
1
%
of software installed on PCs around the world in 2015 were not properly licensed (a decrease from 43% in BSA’s previous global study published in 2014)
1
%
worldwide rate of unlicensed use in banking, insurance and securities industries (despite the fact that much tighter control of the digital environment is expected)
1
billion
The commercial value of unlicensed software worldwide plunged (BSA’s 2014 report cited commercial value of $62.7 billion)
Case Studies
National Cyber Security Agency (NACSA) & Securemetric Berhad
NACSA partners with Securemetric to enhance Malaysia's cybersecurity through FIDO2's passwordless authentication for critical information infrastructures.
Lazada Group’s Transition from EJBCA Community
Securemetric assisted Lazada Group's Transition from EJBCA Community to PKI-in-a-Box
Philippine Clearing House implemented PKI-In-A-Box to secure their clearing system
A significant stride was achieved when the Philippine Clearing House Corporation (PCHC) selected Securemetric to furnish and execute PKI-In-A-Box as a pivotal component of their nationwide digital security enhancement within their payment clearing system.
Universiti Utara Malaysia Entrusted Securemetric’s Microsoft Expertise
Since 2018, Securemetric's Microsoft Enterprise Solutions team, in collaboration with Sri Vision specialists, has been entrusted with the management of Universiti Utara Malaysia's IT infrastructure
Turnkey customized EJBCA Enterprise for Vietnam Government Information Security Commission
In the year 2015, Securemetric achieved a significant feat by securing a contract for a comprehensive turnkey PKI implementation for the Vietnamese Government, executed under the aegis of the Vietnam Government Information Security Commission (VGISC).…
Badan Siber Dan Sandi Negara upgraded to EJBCA Enterprise
Charged by the Indonesian government with the pivotal role of establishing and operating the Indonesia Government Certificate Authority, BSSN is entrusted with the issuance of digital identities and pivotal trust services to governmental entities nationwide.
Crypto Key Management System Brochure
Across all industries the requirements for managing cryptographic keys are becoming ever-more complex. Ensuring that the right key is in the right place at the right time is mandated by many organisations