By encrypting data with FLAM via the key management extension (FKME) with protection of the key by a hardware security module (HSM) comlies with the requirement to “Protect Card Holder Data“ with one move for both the encrypted storage and encrypted transport of the card data. In this context, a special FKME was specified for the cryptographic infrastructure used in the finance sector for protecting the PIN, to save network operators, authentication systems, publishers, and card manufacturers the need of deploying new processes or techniques. By that access method just the data records needed reside in memory for a short period of time, which is going to comply with future requirements.
- Complying with the major part of the requirements and, above all, the actual goals of PCIDSS with just one product.
- Use of proven processes for key management and permission granting can be continued.
- Highest possible security by supporting various hardware security modules (HSM).
- Future-proof and efficient since all data are encrypted just once while individual records remain accessible.
- Integrated anonymization for search of data records within encrypted and compressed data.
- Easy integration, transparent for the applications.
- Specification of a concrete instance of FKME for the Financial PIN Support
- Support for PKCS#11 and CCA-Based HSMs including ICSF on z/OS
- Other HSM (THALES, ATALLA, UTIMACO, …) can be integrated easily
- All data sets can be stored and transferred consistently anonymized, compressed, and encrypted
- Only in the actual case of an access to some particular record, a small portion is converted to plain data for display or, at input, is entered into the encrypted data set
- This access is provided by various subsystems on the respective platforms transparently for the applications
Our added value
- More than 25 years of experience with cross-platform data exchange and long-term archiving.
- Proven security, cryptography, Hardware-Security-Module (HSM), and key management are core competencies of our enterprise.
- Compliance with security requirements (such as PCIDSS), secure clouding and oursourcing, as well as professional key management were in the focus of the development.
- Searches within encrypted and compressed data sets with access to individual data elements (without decrypting files entirely) is being combined with strict protection of data elements (Need to know).