HSM remote key loading using CKMS and PCI-certified KLD

HSM remote key loading using CKMS and PCI-certified KLD

Hardware security modules (HSMs) are physical devices that provide cryptographic functions such as encryption/decryption and digital signing. They are used in many industries where strong security is necessary, including finance, banking, government, military and healthcare. In banking in particular, HSMs are used to validate all payment card transactions.

HSMs are typically installed in a secure rack in private bank datacenters around the globe. For evident security reasons, accessing these datacenters is strictly controlled and in nature, accessing these HSMs inside the datacenter is inconvenient even for the security teams responsible for this infrastructure.

There is a need to remotely administer these HSMs once provisioned and to manage and to load the cryptographic keys required for payment processing. This is what we call “remote key loading”.

Secure BYOK for AWS Simple Storage Services (S3)

Secure BYOK for AWS Simple Storage Services (S3)

Cloud storage via AWS Storage Services is a simple, reliable, and scalable way to store, retrieve and share data. As a third-party cloud vendor, AWS manages and operates the data storage as a service. Because the data is delivered on demand using JIT capacity and costs, it eliminates having to buy and manage your own infrastructure for storing data. This service supplies anytime, anywhere data access which gives agility, durability, and global scalability for users. To maintain compliance with major industry standards like GDPR, HIPAA, PCI-DSS while harnessing the advantages of cloud storage, this article suggests a bring your own key solution with automated audit features.

Crypto Service Gateway: Enabling Crypto-Agility with the CSG Policy Engine

Crypto Service Gateway: Enabling Crypto-Agility with the CSG Policy Engine

Today's businesses rely heavily on cryptography to authenticate people and processes, secure communications, and safeguard critical data.

How to implement efficient Key Management in a Legacy Infrastructure

How to implement efficient Key Management in a Legacy Infrastructure

This article discusses the various issues around key management and presents Cryptomathic’s approach to central key and crypto management that has been adopted by major banks.

How to Reduce Cryptography-Risks related to PCI DSS

How to Reduce Cryptography-Risks related to PCI DSS

The payment card industry data security standard (PCI DSS) calls for all financial institutions and merchants to protect their client's sensitive data, typically including strong cryptography as dictated by PCI DSS requirement 3. Most organizations empty this burden on the IT department or IT management teams and hope that all compliance requirements are met. However, in most cases when a data breach occurs, the burden lies on the shoulders of the C-level management, who are left to answer the difficult questions.

EMV Payment Security - Issuers

EMV Payment Security - Issuers

An issuer is one of the corners in the ‘four corner’ model. An issuer is a financial organization (e.g. a bank) that produces payment cards and allows the cardholders to use them.

How to Deploy and Manage Cryptography in a Project the Right Way

How to Deploy and Manage Cryptography in a Project the Right Way

With the ever increasing number of online services and electronic transactions, business owners are becoming ever more dependent on the use cryptography to prevent sensitive information from cyber attackers.

Symmetric Cryptography in Financial Institutions: Key Management Challenges

Symmetric Cryptography in Financial Institutions: Key Management Challenges

This article addresses some of the challenges of symmetric cryptography as applied in banks, describing how it works and what are its unbeaten advantages as opposed to asymmetric cryptography.

Turning Cryptography into a Service - Part 2

Turning Cryptography into a Service - Part 2

Part 2 – Accelerating Time-to-Market

 

With the increase in e-commerce and electronic communications on the one hand and the growing challenges of cybercrime and data protection regulation, on the other hand, cryptography is becoming an increasingly important business enabler.