CKMS

Key Features

• Centralized life-cycle management of a high number of cryptographic keys and their related properties: Key generating, import, export, renewing and many more
• Secure management of keys across multiple parties / key-zones, i.e. banks, personalization bureaus, payment schemes
• Automated key distribution and updating of decentral key targets
• User-friendliness: Flexible at your desk key ceremonies and elimination of paperwork
• Secure: Automated and tamper-evident audit logs are maintained for all keys, allowing complete accountability and the restoration of keys to a given state at any time
• Strong user authentication: Sophisticated user management system and user authentication via smart cards
• Time saving: Allowing key custodians to add components securely as they are available. Get rid of inefficient and time consuming paper-based procedures and multi-party key ceremonies
• Various key targets: Data-preparation, card personalization systems, support of internal or network HSMs, and many more
• Fully compliant with all relevant industry and government regulations

Across all industries the requirements for managing cryptographic keys are becoming more and more complex. Ensuring that the right key is in the right place at the right time is mandated by many organizations, i.e. major card payment scheme providers. This is a complicated requirement as most businesses need to manage an ever-increasing number of keys, while reducing the risk of internal and external fraud, as well as keeping costs at a minimum.
The Central Key Management System (CKMS) streamlines administration and reduces costs associated with traditional key management. Through its flexible and automated protocols, CKMS gives users the flexibility to manage a very large number of keys - throughout their entire life-cycle - without drowning in work. Using CKMS, administrators can uniformly and centrally manage the life-cycle of all cryptographic keys across a range of  encryption platforms.
Keys can be securely generated and pushed to any key distribution target as and when required, and key custodians can use asynchronous log-on to projects for adding components securely - reducing the need for manual key ceremonies, while vastly improving workflows.

Main Functions

• Consolidated management – Security offi cers can set up templates to manage logical sets of keys, exchange them with relevant parties (issuers, payment scheme etc.) and securely push those keys to their intended target as and when required to quickly personalize new payment products.
• Reduced dependency – Asynchronous log-on allows for key custodians to add components securely as they are available, reducing the need for key ceremonies.
• Demonstration of compliance – Tamper-evident audit logs are maintained for all keys, allowing for complete accountability and the restoration of keys to a given state at any time.