Manage, Handle and Control Your Own Key in the MS Azure Key Vault

Microsoft’s Azure Key Vault Managed HSM allows customers to safeguard their cryptographic keys for their cloud applications and be standards-compliant. It is a highly available, fully managed, single-tenant cloud service that uses FIPS 140-2 Level 3 validated hardware security modules (HSMs). Here we will discuss the reasons why customers who have a centrally managed key management system on-premises in their data center should use a hosted HSM for managing their keys in the MS Azure Key Vault.

Read more

Payment & Banking Cryptography: An Overview of the Benefits of z/OS and the Z Platform

This article looks at some reasons for popularity of the IBM mainframe platform in the banking sector and touches upon its limitation for cross-vendor encryption and key management.

Read more

TR-34 Key Blocks for the TR-34 Exchange Protocol: Basic Principles

Among all the various key block formats, the TR-34 format is undoubtedly one of the most sophisticated formats.

The TR-34 norm is an implementation of the X9.24-2 norm. It proposes a realistic and efficient way of exchanging symmetric keys using asymmetric cryptography. This is basically a certificate-based Remote Key Loading (RKL) protocol. 

Read more

Common Key Management System Models for the Cloud

This article explains the four primary cloud KMS pattern combinations and which are best suited for use with Cryptomathic’s Key Management System (CKMS).

Read more

Understanding the Concepts of Bring Your Own Key

Bring your own key (BYOK) is a popular term relating to key management for cloud applications. However, a lack of standardization makes it confusing to understand the various meanings that exist under bring your own key. To help understand this, the Cloud Security Alliance (CSA) in its document “Key Management in Cloud Services” has been helpful in describing the various meanings and concepts surrounding “Bring Your Own Key.”

Read more

PCI PIN Requirements for Key Blocks in the Payment Card Industry - FAQs

This article proposes a few answers to a series of frequently asked questions (FAQs) about key blocks and their use with PCI.

Read more

Introduction to Cryptographic Key Blocks - FAQs

This article proposes answers to a series of frequently asked questions (FAQs) about key blocks.

Read more

How Cryptomathic Signer differs from other eIDAS compliant remote signing solutions

As part of the global drive for digital transformation, legally binding digital signatures are at the forefront of many businesses’ ambitions to provide an enhanced and complete digital customer journey. Even though most people can understand the general concept of digital signatures, reaching the highest level of assurance with a Qualified Electronic Signature contains quite a few things to consider.

Here we provide a high-level comparison between Cryptomathic Signer and other eIDAS remote signing solutions available in the market.

Read more

ANSI X9.24-1-2017: Key Replacement, Destruction, and Archiving

One aspect of key management is dealing with what happens when a symmetric cryptographic key is no longer needed. The section ‘Key Replacement, Destruction and Archiving’ within ANSI X9.24-1-2017 explains what needs to happen.

Read more