A Key Management System (KMS), also known as a cryptographic key management system (CKMS) or enterprise key management system (EKMS), is an integrated approach for generating, distributing and managing cryptographic keys for devices and applications. They may cover all aspects of security – from the secure generation of keys over the secure exchange of keys up to secure key handling and storage on the client. Thus, a KMS includes the backend functionality for key generation, distribution, and replacement as well as the client functionality for injecting keys, storing and managing keys on devices.

Key management components

To ensure online data remains protected, it’s critical to understand the different components of an encryption key management service, so that you know the right questions to ask when evaluating new and existing types of KMS technologies that can be implemented.

  • Key storage: As a general principle, the person or company who stores your encrypted content should not also store the encryption keys for that content (unless you’re comfortable with them accessing your data).
  • Policy management: While the primary role of encryption keys is to protect data, they can also deliver powerful capabilities to control encrypted information. Policy management is what allows an individual to add and adjust these capabilities. For example, by setting policies on encryption keys, a company can revoke, expire, or prevent the sharing of the encryption keys, and thus of the unencrypted data, too.
  • Authentication: This is needed to verify that the person given a decryption key should be allowed to receive it. When encrypting digital content, there are several ways to achieve this.
  • Authorization: Authorization is the step that verifies the actions that people can take on encrypted data once they’ve been authenticated. It’s the process that enforces encryption key policies and ensures that the encrypted content creator has control of the data that’s been shared.
  • Key transmission: This is the final step in the overall encryption key management process and is related to how keys get transmitted to the people who need them, yet still restrict access to those who don’t.

Related Products

Related Articles

« Back to Glossary Index