Trusted cryptographic key management services for a variety of payment and general-purpose business applications
Utimaco's KEES delivers trained staff, highly available access, and trusted cryptographic key management services for a variety of payment and general-purpose business applications.
- Subject matter experts carrying out associated key management responsibilities
- Hosted in a highly secure datacenter
- Create, rotate, and distribute keys in days, not weeks
Product Type:
As-a-serviceAvailability:
Key Benefits
Details
Key Exchange and Key Escrow Services (KEES)
Key Management as a Service
With the expansion of encryption requirements for any enterprise today, the necessity to maintain a centralized key management utility or team is more vital than ever before. Key Exchange and Escrow as a Service releases organizations from the burden to find and dedicate subject matter experts and technologies to manage their growing number of tasks related to key generation, key distribution, key rotation, key escrow, and compliance scope reduction.
Key Management Lifecycle
The Key Exchange and Escrow as a Service supports a variety of practical use cases, all underpinned with Utimaco’s core trust service full key lifecycle management (LCM).
Key Escrow
Whether functioning for disaster recovery or legally mandated escrow requirements, any key that has been or is currently used for production purposes must be protected with the same security requirements as the production environment itself. Key Exchange and Escrow as a Service offers a full or partial production key inventory, fully protected under AES 256 Bit encryption.
By that it also ensures that your organization is in control of your own keys, without being held captive by any specific manufacturer or technology.
Furthermore, it enables to migrate keys to new wrapping formats such as TR-31, without interrupting production systems.
Easy Integration with HSM as a Service
While most organization’s technical infrastructure is migrating to cloud-based services, HSM technology does not lend itself to this strategy quite so easily.
Key Exchange and Escrow as a Service is the ideal bridge between hardware requirements and the quest for virtual HSM technology. By leveraging cryptographically segregated relationship structures, it extends a simple JSON scheme RESTful API for remote access to a dedicated clients protected key store. Connections are supported over TLS 1.2. From there, Key Exchange and Escrow as a Service translates the inbound RESTful API to many different proprietary APIs for various HSM manufacturers.
Certifications and Compliance
- PCI PIN
- PCI P2PE
- FIPS 140-2 L3 HSM
- PCI PTS HSM
- SOC2
- PCI-DSS
- ISO27001
- ISO9001
- ISO14001
- NIST SP800-53
Hardware-Based Security
Based on hardware appliances with integrated HSM as Root of Trust
- Dedicated to secure key generation and storage inside a tamper-protected HSM
- Fully protecting cryptographic keys under AES 256 Bit encryption
- Hosted in Utimaco Datacenter
Hosting Information
Hosted in a highly secure datacenter providing:
- 24x7 onsite security personnel
- CCTV with 90-day backup
- Biometric / Photo badge access
- Crash-rated / Anti-climb gates
- Geo-redundancy
Subject matter experts carrying out associated key management responsibilities including:
- Key Generation
- Key Escrow
- Key Inventory
- Key Exchange
- Key Storage
- Key Migration
- Key Rotation
- Key Export
- Key Distribution (e.g. to POS Devices and other endpoints including IoT Platforms)
- Key Custody
- Key Management