Crypto Service Gateway allows businesses to deliver Cryptography as a Service. Gone are the days where each business application manages its own security policies, encryption keys, crypto hardware and compliance requirements. With CSG, you can regain control of your organisation's crypto and benefit from a robust, scalable and cost-saving management platform.

CSG-Fig-01.png

 

In addition to standard crypto operations, Crypto Service Gateway supports various algorithms, e.g. RSA, AES, 3DES, HMAC, etc. and offers several advanced functions that address common business problems, including:


  • Code signing

  • EMV transaction authorisation

  • Tokenization

  • Data at rest encryption

  • Data signing

  • Non-repudiation

  • PIN translation

  • Data in transit encryption

  • Data masking

  • Data scrambling

  • Signature verification

  • Hybrid encryption

  • Integrity checking

  • Random data generation

  • CVV verification

  • Credential management

  • PIN re-advise

  • Format Preserving Encryption

  • MACing and MAC verification
 


Crypto Service Gateway is a cryptographic control centre that delivers and manages crypto for any application in your business.

 

PDP-CSG-CTA-Button.png

Crypto Service Gateway
Selected Features

Managed Data Encryption

CSG's managed encryption technology addresses a common crypto headache - ensuring encrypted data can be safely decrypted at a later date, even if the original key has been replaced. This technique is ideally suited for long-term storage of encrypted data within a business database, for example. Managed encryption is an optional feature that can be made available to any application using CSG.

Managed encryption provides confidentiality, authenticity and integrity (while normal encryption only offers the first of these). This means CSG can ensure the data hasn't been modified while it was stored. The encrypted data returned by CSG contains a pointer to the key used to perform the encryption. Even if the encryption key is updated, CSG retains access to the old key and can use it to decrypt historical data. Support is also provided for updating old encrypted data to use a newer key.

Tokenization

Tokenization is a common technique for protecting sensitive data, such as PANs, as they pass through business systems. The original data is replaced with a token of the same length, using a reversible process.

CSG offers tokenization as a basic crypto function available to any application. The tokenization process is customisable and can allow parts of the data to pass through un-changed (e.g. the last four digits of the PAN). A configurable mixture of format-preserving encryption and database storage is used to produce the token values.

For those concerned with PCI-DSS, tokenization may provide a way to bring systems out of scope for audits. For more information on PCI-DSS compliance with CSG, please refer to PCI-DSS topic paper

Secure PIN Translation

Secure PIN translation is the process of changing the key that encrypts a PIN, without exposing the PIN data in server memory. This operation is commonly needed in payment systems, where the PIN must travel through different systems which use different zone-related keys.

CSG supports PIN translation using our secure code execution (SCE) technology, which is a vendor-neutral approach to executing code within an HSM. The PIN translation function supports a variety of standard PIN block formats.

We are always ready to assist you 

It doesn't matter where you are. We can work anywhere in the world! And we would love to hear from you, be sure we will reply asap.

LEARN MORE

Case Study

Read the case study to see why Barclays Bank chose CSG as their strategic enterprise crypto service.

Business Benefits

Understand how Crypto Service gateway offers tremendous advantages over alternative technology. 

Resources

At the leading edge of security provision within its key markets, Cryptomathic closely supports its global customer base with many multinationals as longstanding clients.