FKMS - Frankenstein Key Management System

The Frankenstein Limes® Key Management System (FKMS) was developed to provide customers who have no cryptographic infrastructure of their own with a solution that enables them to manage the granting of privileges for keys needed by FLAM in an easy and professional way.

Benefits

  • Professional key-management system for the local storage, controlled exchange, centralized distribution, and archiving of encrypted FLAMFILEs for arbitrarily many entities
  • FKMS does not require a cryptographic infrastructure
  • Minimal integration costs
  • Maximum protection for the data

 

The product

  • Easy-to-use user interface with integrated SQL-database
  • Registration of participating entities and their roles
    • Mediator: may rekey data but not read them
    • End node: may create and process data
  • Scheme determines who may send to whom (Having the right to send to myself implies the right to store (archive, backup). Same is true for mediator)
  • Definition of key versions with expiration dates
  • Generation of entire key materials by pushing a button
  • Storage of key materials as backup in the database
  • Provision of entities with key materials via an encrypted key file (online) and a passphrase (key letter)
  • Logging of all activities and key distribution
  • Firm control over usage of keys (mediator may send only to mediators or end nodes confirmed by owner)
 

Our added value

  • Proven security, cryptography, Hardware-Security-Module (HSM), and key management are core competencies of our enterprise.
  • Tight control of the usage of a key prevents its misuse by insiders.

 

Note

IBM developed for us FKMS as a prototype. It must be modified to match the respective customer's needs. Beside the software, its deployment requires an integration project with professional service.

Resolved Issues

0000665: Add function to map condition code in a message to FLUCUP
May 8, 2023
0000295: Element interface for original data
Apr 15, 2023
0000592: Support of round trip conversion and identity conversion as error handling for invalid characters
Apr 15, 2023
0000824: Extend table support for IMS/DB2 unload formats (more than one table format per file)
Apr 15, 2023
0000867: Add column encryption, tokenisation, anonymisation to table support
Apr 15, 2023
0001028: Support 64->31 bit interoperability for 64 bit java application using 31 bit FLAM MVS byte interface
Oct 28, 2022
0000783: Add match of regular expression to string converter
May 4, 2022
0000962: Limit the maximal internal block size to prevent memory exhausting through expansion at decompression
Mar 9, 2022
0000998: Support RACF keyrings for SSH keys
Jan 6, 2022
0001022: Check if XML before decoding in read.xml() to improve performance
Jan 6, 2022