RKD improves
operational efficiencies
RKD improves
operational efficiencies
by trevorw

symmetric key distribution

The KeyBRIDGE platform extends a simple and intuitive interface for managing and distributing cryptographic keys and keying materials across a broad spectrum of use cases.  In today’s threat landscape, encryption is a business critical requirement.  Encryption can be simple when there is no requirement to share information.  However, when encrypted information has to be shared, as is always the case in the Payment Industry, the generation and distribution of cryptographic keys and keying materials can be a daunting task.  The KeyBRIDGE platform eliminates the burden and worry associated with cryptographic key management by supporting this vendor agnostic approach.


KeyBRIDGE Appliance

More and more, the industry is demanding the ability to implement remote symmetric key distribution without relying on the physical security, policies procedures and personnel associated with physical Key Injection Facilities (KIF). Moreover, in order to maintain a competitive advantage in the growing virtual marketplace, it is imperative to utilize solutions that allow for the reduction of operational delays and high costs associated with shipping devices to KIFs simply to receive new cryptographic keys.

Since 2011, GEOBRIDGE has supported Remote Key Delivery. Similar to the direct connect concept, each target endpoint may support unique protocols. Remaining committed to our vendor-agnostic approach, the KeyBRIDGE platform continues to support many different techniques for remote symmetric key distribution.

The KeyBRIDGE RKD server is the core component in a cost-effective, compliant RKD solution.

In addition to its intuitive, easy-to-use graphical user interface, state of the art security features and robust auditing, the KeyBRIDGE platform provides the following essential RKD services:

  • An easy-to-manage key inventory that holds the keys and their associated metadata necessary for terminal deployment. The inventory permits keys to be grouped into named containers called Relationships; this mechanism allows key managers to segregate keys for management and compliance purposes.
    • A rich collection of tools to generate, import and export inventory keys, and specify their properties.
    • The ability to build a KeyBRIDGE farm that will automatically partition DUKPT DID space, thereby ensuring that no KeyBRIDGE will ever inject a duplicate KSN.
    • Complete key lifecycle management and tracking.
  • An asymmetric key database used to sign the terminal key payloads, and their corresponding CA certificate chain. These keys provide the mutually authenticated trust required for a secure, standards-compliant implementation.
  • The ability to collect all necessary key injection properties for a given terminal estate into a named container called a Key Profile. Key Profiles simplify the process of specifying injection requests at the Terminal Management System (TMS), allowing operators with little or no cryptographic expertise to accurately and securely inject terminals, thereby minimizing incorrect and insecure configurations.
  • Full support for all common secret key distribution scenarios: Fixed-key, Master/Session and DUKPT (both TDES and AES).
  • A simple JSON Schema RESTful API used to receive TMS key requests and return the corresponding terminal key payloads
  • Protecting the TMS interfaces using mutually-authenticated TLS v1.2, and the resources to import and manage the required TLS authentication keys.
  • Complete, detailed audit logging of all user management activity and secret key distribution request processing.
  • Automated database backup with support for numerous endpoint storage locations.

The KeyBRIDGE platform is designed with compliance in mind, and supports the requirements of:

  • ASC X9.24, parts 1, 2 and 3
  • ASC X9 TR-31 Interoperable Secure Key Exchange Key Block Specification
  • ASC X9 TR-34 Interoperable Method for Distribution of Symmetric Keys using Asymmetric Techniques
  • PCI PIN and PCI P2PE key management

Also supported are methods that are similar but not conforming perfectly to the standard. Additionally, GEOBRIDGE has implemented symmetric key distribution protocols supported by many device manufacturers, and similar secret key distribution techniques employed by other manufacturers are supported as well.

With its intuitive, easy-to-use graphical user interface, state of the art security features, robust auditing and the best support in the industry, you can count on KeyBRIDGE to be the tool of choice for symmetric key distribution projects, both now and in the future. GEOBRIDGE is committed to provide the payment industry with best-in-class tools for secret key distribution that embrace state-of-the-art security protocols to ensure your key management initiatives are delivered on time, on budget and fully compliant with the latest standards. Let GEOBRIDGE partner with you for your current and future key management needs.

Lastly, the KeyBRIDGE appliance supports a simple JSON Schema RESTful API that can also be leveraged for remote key distribution techniques.  This API may be accessible from a self-managed KeyBRIDGE  appliance, or available in a service model maintained by the GEOBRIDGE KEES™ Team.

For more information about GEOBRIDGE KEES™ Visit Page


For additional information or to schedule a demonstration, CLICK TO MESSAGE US

Keybridge 3100 Key Management



For additional information or to schedule a demonstration:

call:  (571) 799-0145