KeyBRIDGE Key Management System (KMS)


Centralized Cryptographic Key Management

The KeyBRIDGE Key Management System (KMS) is the most comprehensive centralized key management system in the market. The single greatest challenge to centralized key management is the utilization of proprietary formats, proprietary naming conventions, and unique interfaces that are utilized by each individual HSM or application. This causes enormous confusion and necessitates duplicate key ceremonies on multiple systems that possess either limited audit functionality or none at all. KeyBRIDGE KMS is the only solution with the ability to align the proprietary key management techniques used throughout the cryptographic industry. Instead of waiting for an interoperable key management technique to be approved and finally implemented on all the systems that must be managed, GEOBRIDGE has worked cooperatively with each individual major HSM provider and adapted their proprietary techniques in order to create a truly centralized key management system with seamless integration for any third party device.

 

By utilizing KeyBRIDGE KMS as the cryptographic key management anchor for the enterprise, key imports, exports, and translations can be centrally managed and tracked for use with any third party end-point. Automated backups to USB or network file share locations ensure that the inventory and history of each key is protected and preserved. Restore processes can be completed in under five minutes. KeyBRIDGE KMS provides support for secure key component and cryptogram handling. Any number of secure mailer formats can be utilized for print capabilities and tracking.

 

GEOBRIDGE has maintained support for dozens of technology manufacturers that realize the value of a centralized system that allows for them maintain their own proprietary key handling techniques thereby eliminating the need for new development and increased costs. GEOBRIDGE is continuing to add support for new technology manufacturers on a continual basis as a result of customer demand. So, if additional end-points require integration the GEOBRIDGE KeyBRIDGE KMS system can easily accommodate additional key management requirements.

 

Resolving Common Key Management Problems

The KeyBRIDGE KMS appliance is uniquely designed to help solve a growing enterprise problem: consistent, centralized key lifecycle management. As the need for reliable data protection increases, the number of keys used to protect that data increases. Consequently, an organization’s IT data security team faces the following issues:

  • How will data protection keys be generated and stored?
  • Who is authorized to manage those keys?
  • How can keys be securely conveyed between systems that require them?
  • How will they ensure key diversity (required to contain the damage of a breach)?
  • How will they track and rotate the keys on a regular schedule?
  • How can parts of this process be automated as keys proliferate?

The KeyBRIDGE KMS appliance can assist in all of the areas listed above. However, the KMS features are especially focused on solving these tasks:

  • Generating and warehousing keys.
  • Securely moving keys to the system nodes that require them.
  • Formatting keys to be compatible with specific industry-standard HSMs.

 

Key Format Interoperability

KeyBRIDGE KMS enables key format interoperability allowing you to use any key in a variety of third party systems.  KMS eliminates the necessity of duplicate key ceremonies.  Once a key exists within KMS, it is stored as a TR-31 bundle.  But, that same key can then be enabled for use under the Thales Payshield LMK, the Thales nShield Security World, as an Atalla variant or Key Block, or contained in a PKCS #11 wrapper all from simple GUI navigation rather than multiple key ceremonies.  Moreover, KMS applies the full lifecycle key management, compliance enforcement, and audit logging for these keys in every disparate third party system.  Additionally, KeyBRIDGE KMS allows users to associate and store unique meta-data and custom key attributes with any key, ultimately allowing for more seamless management of all keys and keying materials.

 

Architecture

The KMS is built on the KeyBRIDGE platform. The KeyBRIDGE KMS is a hardware-based cryptographic key management system developed to provide both comprehensive key management and distribution capabilities.   KeyBRIDGE KMS protects all keys by utilizing a 256 Bit AES System Master Key. This key strength allows for the compliant interoperability of nearly any system that needs to connect and establish key encryption keys in order to transport keys among disparate systems. Leveraging a graphical interface, built-in compliance-based controls and multiple key bundling formats, KeyBRIDGE supports a broad framework of key management requirements for both the enterprise and for specific payment functions.

From a high-level, a system incorporating the KMS is straightforward:

 KMS Diagram

 

 

 

 

For more information on KeyBRIDGE KMS, please contact us at sales@GEOBRIDGE.net.