Trusted cryptographic key management services for a variety of payment and general-purpose business applications
Utimaco's KEES delivers trained staff, highly available access, and trusted cryptographic key management services for a variety of payment and general-purpose business applications.
- Subject matter experts carrying out associated key management responsibilities
- Hosted in a highly secure datacenter
- Create, rotate, and distribute keys in days, not weeks
Product Type:
As-a-serviceAvailability:
Key Benefits
Key Generation and Escrow
Cryptographic key generation and their secure transfer to their intended destinations, whether within a device, manufacturing facility, or shared with an Acquirer.
Legacy Key Exchange
Import of legacy keys, conversion to new, X9.143 formats (i.e. TR-31) and following export.
Multi-Cloud Capability
Providing cloud flexibility (public, private or hybrid cloud) by offering interoperable support for all major public cloud providers.
Compliant
KEES datacenters are operated in accordance with the highest financial and cybersecurity security standards to include PCI DSS, PCI PIN and PCI P2PE and SOC2 as well as ISO 27001, ISO 9001, ISO 14001 standards.
Available
KEES infrastructure delivers reliable and highly available service from geo-redundant data centers to ensure customers have access 24x7x365.
Versatile
Key Exchange and Escrow as a Service satisfies multiple use cases to include disaster recovery storage, key generation and migration, POS remote key distribution, public cloud trust and IoT platform provisioning.
Details
Key Exchange and Key Escrow Services (KEES)
Key Management as a Service
With the expansion of encryption requirements for any enterprise today, the necessity to maintain a centralized key management utility or team is more vital than ever before. Key Exchange and Escrow as a Service releases organizations from the burden to find and dedicate subject matter experts and technologies to manage their growing number of tasks related to key generation, key distribution, key rotation, key escrow, and compliance scope reduction.
Key Management Lifecycle
The Key Exchange and Escrow as a Service supports a variety of practical use cases, all underpinned with Utimaco’s core trust service full key lifecycle management (LCM).
Key Escrow
Whether functioning for disaster recovery or legally mandated escrow requirements, any key that has been or is currently used for production purposes must be protected with the same security requirements as the production environment itself. Key Exchange and Escrow as a Service offers a full or partial production key inventory, fully protected under AES 256 Bit encryption.
By that it also ensures that your organization is in control of your own keys, without being held captive by any specific manufacturer or technology.
Furthermore, it enables to migrate keys to new wrapping formats such as TR-31, without interrupting production systems.
Easy Integration with HSM as a Service
While most organization’s technical infrastructure is migrating to cloud-based services, HSM technology does not lend itself to this strategy quite so easily.
Key Exchange and Escrow as a Service is the ideal bridge between hardware requirements and the quest for virtual HSM technology. By leveraging cryptographically segregated relationship structures, it extends a simple JSON scheme RESTful API for remote access to a dedicated clients protected key store. Connections are supported over TLS 1.2. From there, Key Exchange and Escrow as a Service translates the inbound RESTful API to many different proprietary APIs for various HSM manufacturers.
Certifications and Compliance
- PCI PIN
- PCI P2PE
- FIPS 140-2 L3 HSM
- PCI PTS HSM
- SOC2
- PCI-DSS
- ISO27001
- ISO9001
- ISO14001
- NIST SP800-53
Hardware-Based Security
Based on hardware appliances with integrated HSM as Root of Trust
- Dedicated to secure key generation and storage inside a tamper-protected HSM
- Fully protecting cryptographic keys under AES 256 Bit encryption
- Hosted in Utimaco Datacenter
Hosting Information
Hosted in a highly secure datacenter providing:
- 24x7 onsite security personnel
- CCTV with 90-day backup
- Biometric / Photo badge access
- Crash-rated / Anti-climb gates
- Geo-redundancy
Subject matter experts carrying out associated key management responsibilities including:
- Key Generation
- Key Escrow
- Key Inventory
- Key Exchange
- Key Storage
- Key Migration
- Key Rotation
- Key Export
- Key Distribution (e.g. to POS Devices and other endpoints including IoT Platforms)
- Key Custody
- Key Management
