Key Management System

A Key Management System (KMS), also known as a cryptographic key management system (CKMS) or enterprise key management system (EKMS), is an integrated approach for generating, distributing and managing cryptographic keys for devices and applications. They may cover all aspects of security – from the secure generation of keys over the secure exchange of keys up to secure key handling and storage on the client. Thus, a KMS includes the backend functionality for key generation, distribution, and replacement as well as the client functionality for injecting keys, storing and managing keys on devices.

Key management components

To ensure online data remains protected, it’s critical to understand the different components of an encryption key management service, so that you know the right questions to ask when evaluating new and existing types of KMS technologies that can be implemented.

Key storage: As a general principle, the person or company who stores your encrypted content should not also store the encryption keys for that content (unless you’re comfortable with them accessing your data).

Policy management: While the primary role of encryption keys is to protect data, they can also deliver powerful capabilities to control encrypted information. Policy management is what allows an individual to add and adjust these capabilities. For example, by setting policies on encryption keys, a company can revoke, expire, or prevent the sharing of the encryption keys, and thus of the unencrypted data, too.

Authentication: This is needed to verify that the person given a decryption key should be allowed to receive it. When encrypting digital content, there are several ways to achieve this.

Authorization: Authorization is the step that verifies the actions that people can take on encrypted data once they’ve been authenticated. It’s the process that enforces encryption key policies and ensures that the encrypted content creator has control of the data that’s been shared.

Key transmission: This is the final step in the overall encryption key management process and is related to how keys get transmitted to the people who need them, yet still restrict access to those who don’t.

Related Products

CLX Enroll Biometrics (Enroll, Verify with AFIS & ABIS, and Validate) biometric users information

$499.00 – $6,799.00

Select options Details
Versasec vSEC:CMS S-Series Card Management System

Details
CardLogix Enrollment Software

$599.00

Details

NXP Semiconductors Presents the MIFARE SAM AV3

Nick Schooler2023-08-01T13:51:31-07:00January 12th, 2023|

Securing Connected Systems with NXP Semiconductors More and more of daily life has become contactless. As we navigate through our lives, people around the world use devices like smartphones, wearables and smart cards to do things like pay for purchases,

PSIA introduces Secure Credential Interoperability initiative

Nick Schooler2023-03-13T14:07:50-07:00April 20th, 2021|

(SANTA CLARA, Calif.—April 20, 2021) The Physical Security Interoperability Alliance (PSIA) today announced its Secure Credential Interoperability (SCI) initiative and a working group to advance its development. “The physical access control industry has demonstrated a need for a universally compatible

These 5 features are essential for a Covid-19 vaccination certificate

Nick Schooler2023-03-13T14:07:56-07:00March 10th, 2021|

Berlin, 10. March, 2021 – The introduction of the Covid-19 vaccines across the globe has prompted discussions on the need for vaccination documentation. Veridos, a world-leading provider of integrated identity solutions, explains the five prerequisites of a secure and effective

ACS Launches CryptoMate EVO and EVO PKI Kit

Nick Schooler2023-03-13T14:08:19-07:00March 26th, 2020|

HONG KONG, 26 Mar, 2020 - Advanced Card Systems Ltd. (ACS), Asia Pacific's top supplier and one of the world's top 3 suppliers of PC-linked smart card readers (Source: Frost & Sullivan), launches the CryptoMate EVO and EVO PKI Kit.

ePasslet Suite soon available on Infineon’s SECORA ID

Nick Schooler2023-03-13T14:08:36-07:00November 14th, 2019|

Nov 14, 2019 -- ePasslet Suite v3 – cryptovision’s Java card framework for electronic ID documents – will be available in 2020 on SECORA™ ID, Infineon’s new Java card operating system. Using ePasslet Suite, users of SECORA™ ID can easily and flexibly

Entrust Datacard Earns Frost & Sullivan North American Product Leadership Award for its IoT Cybersecurity Solution, ioTrust

Nick Schooler2023-03-13T14:16:14-07:00July 25th, 2019|

Santa Clara, CA, United States, 2019/07/25 - Based on its recent analysis of the North American Internet of Things (IoT) cybersecurity market, Frost & Sullivan recognizes Entrust Datacard Corporation with the 2019 North American Product Leadership Award for its ioTrust

Infineon CIPURSE™SAM Card (Secure Access Module) – SLF 9630
- Secured transaction (< 100 ms)
- Ready-to-use for personalization
- Future proven cost effective solution for security application
- CIPURSE™ certified
- CC EAL 6+ (high) for hardware

Categories: Access Control, Cryptography, Logical Access, PKI, Security

Tags: Card Management System, CMS, Hardware Security Module, HSM, PKI, Public Key Infrastructure

« Back to Glossary Index

Key Management System (KMS)

Key management components

Related Products

Related Articles