Cryptomathic Blog

Hardware security modules (HSMs) are physical devices that provide cryptographic functions such as encryption/decryption and digital signing. They are used in many industries where strong security is necessary, including finance, banking, government, military and healthcare. In banking in particular, HSMs are used to validate all payment card transactions.

HSMs are typically installed in a secure rack in private bank datacenters around the globe. For evident security reasons, accessing these datacenters is strictly controlled and in nature, accessing these HSMs inside the datacenter is inconvenient even for the security teams responsible for this infrastructure.

There is a need to remotely administer these HSMs once provisioned and to manage and to load the cryptographic keys required for payment processing. This is what we call “remote key loading”.

Java’s recent Elliptic Curve Digital Signature Algorithm (ECDSA) vulnerability underscores the fact that organizations cannot rely solely on outside vendors for effective cybersecurity. The financial services industry must evolve its encryption and key management strategies in line with its changing infrastructure models, advocating an inside-out approach that has proven itself over time.

The IBM mainframe series (“z-series”) has become a backbone for security, privacy and resilience in a large share of payment and banking related applications across the globe. This article explains why a cryptographic key management system (KMS) that supports the hybrid-cloud is a prerequisite to effective and compliant security management of these mainframes.

The protection and secure management of cryptographic keys is crucial for ensuring that cryptography is used in the most effective way to keep data secure. Picking the wrong key management system (KMS) can thwart all the efforts that have been made in using cryptography to protect information.

ATM Remote Key Loading has become a common practice in the industry. Yet managing the top-level keys to establish trust between the Host and the ATM units remains a challenge. This article describes how Cryptomathic CKMS addresses the challenges of key generation and distribution for ATM Remote Key Loading.

This article explains the concept of meta-data in the context of cryptographic keys, explaining why it is used and the necessity to manage it well.

A key management system is a critical component in achieving PCI DSS compliance for a banking institution. It involves implementing a crypto system that manages the secure creation, exchange, distribution, storage and use of cryptographic keys for the ultimate goal of protecting users’ or clients’ sensitive data.

For identifying, detecting, and eliminating flaws in a key management system, independent third-party testing is required (KMS). Third-party testing firms frequently have specialised facilities and expertise to conduct testing and provide objective testing reports. These activities should be carried out on each module, including its security functions and protective measures. This article discusses the advantages of third-party key management system testing.

This article talks about how different factors and controls can affect the strength and effectiveness of a cryptographic system's security. It gives particular consideration to the requirements of the Payment Card Industry (PCI).