Cryptomathic Blog

Hardware security modules (HSMs) are physical devices that provide cryptographic functions such as encryption/decryption and digital signing. They are used in many industries where strong security is necessary, including finance, banking, government, military and healthcare. In banking in particular, HSMs are used to validate all payment card transactions.

HSMs are typically installed in a secure rack in private bank datacenters around the globe. For evident security reasons, accessing these datacenters is strictly controlled and in nature, accessing these HSMs inside the datacenter is inconvenient even for the security teams responsible for this infrastructure.

There is a need to remotely administer these HSMs once provisioned and to manage and to load the cryptographic keys required for payment processing. This is what we call “remote key loading”.

Cloud storage via AWS Storage Services is a simple, reliable, and scalable way to store, retrieve and share data. As a third-party cloud vendor, AWS manages and operates the data storage as a service. Because the data is delivered on demand using JIT capacity and costs, it eliminates having to buy and manage your own infrastructure for storing data. This service supplies anytime, anywhere data access which gives agility, durability, and global scalability for users. To maintain compliance with major industry standards like GDPR, HIPAA, PCI-DSS while harnessing the advantages of cloud storage, this article suggests a bring your own key solution with automated audit features.

An issuer is one of the corners in the ‘four corner’ model. An issuer is a financial organization (e.g. a bank) that produces payment cards and allows the cardholders to use them.

This article addresses some of the challenges of symmetric cryptography as applied in banks, describing how it works and what are its unbeaten advantages as opposed to asymmetric cryptography.

As part of the global drive for digital transformation, legally binding digital signatures are at the forefront of many businesses’ ambitions to provide an enhanced and complete digital customer journey. Even though most people can understand the general concept of digital signatures, reaching the highest level of assurance with a Qualified Electronic Signature contains quite a few things to consider.

Here we provide a high-level comparison between Cryptomathic Signer and other eIDAS remote signing solutions available in the market.

The IBM mainframe series (“z-series”) has become a backbone for security, privacy and resilience in a large share of payment and banking related applications across the globe. This article explains why a cryptographic key management system (KMS) that supports the hybrid-cloud is a prerequisite to effective and compliant security management of these mainframes.

Thales Key Blocks are an essential cryptographic key wrapping format. In comparison to other key block formats, they are proprietary and only work with Thales payShield HSMs. In what follows, we delve into detail about this key block format.

Banks and financial institutions must adhere to a rigorous set of security and regulatory practices to protect data, communications, and processes.

How can keys be securely exchanged over potentially unprotected channels? The answer to this question is “key blocks”. A key block is an essential cryptographic key format that allows users to securely exchange and utilize keys over various environments.