A Key Management System (KMS), also known as a cryptographic key management system (CKMS) or enterprise key management system (EKMS), is an integrated approach for generating, distributing and managing cryptographic keys for devices and applications. They may cover all aspects of security – from the secure generation of keys over the secure exchange of keys up to secure key handling and storage on the client. Thus, a KMS includes the backend functionality for key generation, distribution, and replacement as well as the client functionality for injecting keys, storing and managing keys on devices.
Key management components
To ensure online data remains protected, it’s critical to understand the different components of an encryption key management service, so that you know the right questions to ask when evaluating new and existing types of KMS technologies that can be implemented.
- Key storage: As a general principle, the person or company who stores your encrypted content should not also store the encryption keys for that content (unless you’re comfortable with them accessing your data).
- Policy management: While the primary role of encryption keys is to protect data, they can also deliver powerful capabilities to control encrypted information. Policy management is what allows an individual to add and adjust these capabilities. For example, by setting policies on encryption keys, a company can revoke, expire, or prevent the sharing of the encryption keys, and thus of the unencrypted data, too.
- Authentication: This is needed to verify that the person given a decryption key should be allowed to receive it. When encrypting digital content, there are several ways to achieve this.
- Authorization: Authorization is the step that verifies the actions that people can take on encrypted data once they’ve been authenticated. It’s the process that enforces encryption key policies and ensures that the encrypted content creator has control of the data that’s been shared.
- Key transmission: This is the final step in the overall encryption key management process and is related to how keys get transmitted to the people who need them, yet still restrict access to those who don’t.
Related Products
Related Articles
NXP Semiconductors Presents the MIFARE SAM AV3
Securing Connected Systems with NXP Semiconductors More and more of daily life has become contactless. As we navigate through our lives, people around the world use devices like smartphones, wearables and smart cards to do things like pay for purchases,
PSIA introduces Secure Credential Interoperability initiative
(SANTA CLARA, Calif.—April 20, 2021) The Physical Security Interoperability Alliance (PSIA) today announced its Secure Credential Interoperability (SCI) initiative and a working group to advance its development. “The physical access control industry has demonstrated a need for a universally compatible
These 5 features are essential for a Covid-19 vaccination certificate
Berlin, 10. March, 2021 – The introduction of the Covid-19 vaccines across the globe has prompted discussions on the need for vaccination documentation. Veridos, a world-leading provider of integrated identity solutions, explains the five prerequisites of a secure and effective
ACS Launches CryptoMate EVO and EVO PKI Kit
HONG KONG, 26 Mar, 2020 - Advanced Card Systems Ltd. (ACS), Asia Pacific's top supplier and one of the world's top 3 suppliers of PC-linked smart card readers (Source: Frost & Sullivan), launches the CryptoMate EVO and EVO PKI Kit.
ePasslet Suite soon available on Infineon’s SECORA ID
Nov 14, 2019 -- ePasslet Suite v3 – cryptovision’s Java card framework for electronic ID documents – will be available in 2020 on SECORA™ ID, Infineon’s new Java card operating system. Using ePasslet Suite, users of SECORA™ ID can easily and flexibly
Entrust Datacard Earns Frost & Sullivan North American Product Leadership Award for its IoT Cybersecurity Solution, ioTrust
Santa Clara, CA, United States, 2019/07/25 - Based on its recent analysis of the North American Internet of Things (IoT) cybersecurity market, Frost & Sullivan recognizes Entrust Datacard Corporation with the 2019 North American Product Leadership Award for its ioTrust