Key Management System


Convenience and automation of cryptographic keys management With the introduction of EMV cards issuance in large organizations the problem of cryptographic keys management aroused. We offer the Key Management System (KMS), which generates, stores, translates, deactivates and activates keys would be a convenient solution. The system also provides access to the cryptographic material to other information systems, for example, personalization, acquiring, smart card management systems.
 

Key Management System Architecture.

 

KMS executes standard functions of cryptographic materials management:

  • cryptographic keys generation;
  • generation of requests to obtain keys certificates;
  • keys certificates verification;
  • translation of keys between cryptographic zones.

Apart from the standard functions, KMS makes cryptographic materials operations far more structured and well-ordered, and automates routine processes. Hence, KMS executes the following functions:

  • stores keys cryptogramms and certificates parameters;
  • activates and deactivates cryptographic keys in due course;
  • translates keys between cryptographic zones;
  • automates LMK change in cryptographic devices.

Cryptographic keys may be associated with entities such as companies and individuals, payment systems and cryptographic devices. KMS enables to generate documents, which correspond to executed operations:

  • keys generation, issuer certificates requests and generation processes protocols;
  • statistical and analytical reports and other customizable dicuments.

Key Management System maintains an audit trail of all the events that occured in the system and its objects, including cryptographic materials.
Key Management System provides interfaces for both operators (individuals) and external information systems. Access conditions of security officers, administrators and users (both individuals and information systems) are strictly monitored.

To ensure information security in open networks Key Management System applies secure data exchange technologies and extended mechanisms of database access restriction.