Multiple Application Key Management
Key Management: Capture rules and key states for all host systems MEK Key Receipts, including standard key states (Live, Exhausted, Expired, Compromised, Retired, Terminated)
Encryption: supports AES, 3DES, CBC, CTR and others
Security:
- Secure storage of Keys with Dual Management
- For increased security, Securi-Key gives you the option to only issue a Key Receipt and no keys are sent out of Securi-Key vault. The application will send data that needs to be encrypted via SSL to Securi-Key where it is encrypted and ciphered data is either returned or will be kept in the Securi-Key database vault and only the Key Receipt(token) is returned.
Key Management System protects keys:
- The user must be authenticated
- The process must be authenticated
- Keys are randomly generated
- Keys are assigned using key families, striping and key lifecycle
- Keys are stored in a key vault
Advanced Key Management Strategies
Key Striping: The use of the same key is restricted to a certain
number of fields (for example, the first three social security numbers are encrypted using the same key and the next three social security numbers are encrypted using a different key). Administrators can configure the size of the striping in the Key Management System. The Striping size should be based on the performance and data requirements of each application and the hardware configuration.
Key Aging: To add a further layer of protection, keys expire and are replaced after a certain amount of time. The length of the key lifecycle may be set by the administrator in the Key Management System depending on the level of security required by the application.
Tamper-Proof Logging
Console: Quick view of current log files
Email Notification: Provides support team proactive notification
- Disk Full Status Reminders
- Backup Log Reminders
Log Viewer Tool: Secure remote viewing of all logging
Key Naming and Versioning
Securi-Key has the option to issue a Key Receipt(token) to each key and automatically handles all the processing for this activity. The key information is kept in the SECURI-KEY vault and only the Key Receipt is returned.
Key Failover and Load Balancing
Securi-Key supports clustering that can be setup in either and active-active or active passive configurations.
Host Integrity Checking
The system is unique in the way that it handles frontend clients. The frontend client is setup by identifying critical dlls and other system files. These files have calculated hash values which will be sent to the backend system for storage. Once configured, it will then calculate and send the hash sums with the transaction data. The backend system then checks these values to ensure that the critical system components haven’t changed. If the hash values don’t match, the frontend client is cutoff and no more communication is allowed from this frontend client until the system has been checked.
| 
