GEOBRIDGE
KeyBRIDGE Platform Solutions Overview
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net INTRODUCTION
The KeyBRIDGE platform is a turnkey solution that serves as a centralized key management solution for the secure storage and exchange of cryptographic keys. KeyBRIDGE provides local and remote key delivery capabilities and integrates with third party Host Security Modules (HSMs), providing valuable key generation, import and export functions while providing full key lifecycle tracking with rich automated audit features.
KeyBRIDGE supports compliant key management and stringent dual control features while offering an easy to use graphical interface. Built as a TRSM, leveraging an internal FIPS 140-2 Level 3 HSM, KeyBRIDGE utilizes true hardware-based encryption and random number generation. It is a complete, secure and compliant key management solution.
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net 2 KEY PRODUCT FEATURES
. Easy to navigate Graphical User Interface for local console access. . Simple JSON Schema RESTful API (ARCK™) – API for Remote Central Key Management. . Remote administration using a set of ARCK commands. . Enforcement of key separation through the use of dedicated key custodian groups. . Key management support for all TR-31 Key Usage types and optional custom key types and attributes. . Key Import and Export available with third party Host Security Module (HSM) master key and/or ZMK encryption. . Secure key entry, with optional SCD component entry. Using the SCD, components may be entered and managed remotely, allowing components to be securely entered by authorized key custodians without requiring physical access to the appliance. . Symmetric key support: generation, import, export and storage of double and triple- length TDES keys, as well as AES 128, 192 and 256-bit keys. . Asymmetric key support: generation, import, export and storage of RSA and ECC key pairs; CSR generation and certificate storage. . Integrated key bundling - import and export of keys in commonly-adopted key block formats. . TDES/AES DUKPT and Master/Session key-loading support for over 350 unique payment devices, including key erasure. . Detailed Key Inventory – Track generation, import, export, termination details and optional key expiration dates. . Full life-cycle key management tracks all instances of imported and exported keys; key history is maintained even if the key has been terminated and removed from the system. . Hierarchical user administration. Dual-control required for all sensitive operations.
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net 3 . Extensive audit logging tracks all functional key management activities and access. . Customizable interface for Remote Key Delivery (RKD) capabilities. . Secure secret data storage provided a “virtual safe” for sensitive data like passwords, combinations, key components, and door codes. . Configurable network settings enable access to shared network storage for secure file storage and access. . Configurable automated daily backup function. . Designed to ensure compliance with:
o ANS X9.24 -2017: Parts 1, 2, & 3 (AES DUKPT) o ANS X9 TR-31 2018: Interoperable Secure Key Exchange Key Block Specification for Symmetric Algorithms. Supports Version “D” key blocks, with symmetric and asymmetric keys. o ANS X9 TR-34 Asymmetric Distribution of Keys o Payment Card Industry PIN 2.0 Key Management Security Requirements o ANS/X9.TR.39-2009: TG-3 Retail Financial Services Compliance Guideline Part 1: PIN Security and Key Management o ANS X9.97-2009: Financial Services – Secure Cryptographic Devices (Retail) Part 1: Concepts, Requirements and Evaluation Methods o NIST SP 800-67 - Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher o ANS X9.8/ISO 9564: Banking – Personal Identification Number Management and Security – Key Management Requirements o ISO 13491-1: Banking – Secure Cryptographic Devices (Retail), Part 1 Concepts, Requirements and Evaluation methods o FIPS 140-2: Security Requirements for Cryptographic Modules, Security Level 3 o FIPS 197 - Advanced Encryption Standard (AES), November 26, 2001
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net 4 PRODUCT BENEFITS
.Enables secure storage and access of sensitive keying material within a single, centralized location. .Organize keys, keying materials and sensitive data by creating a logical relationship structure for more compliant handling. .Integrates with third party HSMs, including Thales, Safenet, Utimaco and HP Atalla. This integration allows for users to perform key management activities through the KeyBRIDGE GUI, as well as ARCK™ API (JSON Schema RESTful API), streamlining operational efficiency. .Secure, remote key distribution enables organization to load new keys to deployed Point of Sale terminals and other SCD endpoints without having to remove them from service. .De-clutter safes of paper and other keying materials including PINs, Passwords, IV’s, Safe Combinations, or other sensitive meta-data with the built-in secure secret data storage protected under custodial control. .Offers built-in dual control functions and backup and recovery tools that in the event of a disaster, allow an entire system to be restored in minutes. .Automates activity tracking within the system, capturing key activity details, and user activity, as well as comprehensive audit logging of all sensitive functions. .Physically secure enclosure – opening or penetrating the enclosure automatically erases the System Master Key (SMK), preventing access to the entire key database.
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net 5 PRODUCT SUPPORT
.8x5 standard support with optional 24x7 extended support. .Dedicated and knowledgeable U.S. based support team comprised of Level 1 and Level 2 Engineers, Crypto Developers, and Crypto Consultants. .Tailored customer training to ensure end users are well-equipped to use the product and all of its features. .The KeyBRIDGE platform is built on customer feedback, standards and our agile development environment which is based on the requirements of the user community.
PRODUCT OVERVIEW The KeyBRIDGE appliance has three different configurations.
KEYBRIDGE Enterprise Key Management System™ (eKMS) KeyBRIDGE eKMS enables organizations to securely manage and store all keys and sensitive data for the entire enterprise in a single, centralized location. By enabling integration of HSMs from manufacturers including Thales, SafeNet, Utimaco and HP Atalla, organizations can perform key management functions through a single, easy-to-use interface with both local console or RESTful API access.
The ARCK™ API is a unique Bi-Directional RESTful API service allowing client requests to KeyBRIDGE, but also enabling KeyBRIDGE to distribute keys and associated data to designated endpoints. The ARCK™ API enables a broad range of functions categorized as Global, Administrative, Key Management, Audit Management, and Custom- Specific.
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net 6 Additional built-in features such as enforcement of dual control/split knowledge, role-based access and automated logging dramatically streamlines all key ceremonies and key management activities.
Users are able to generate, import and export keys quickly and efficiently through the KeyBRIDGE interface. KeyBRIDGE’s centralized key management allows for tracking of key details in a single location. Keys may be exported under the HSM master key or shared Zone Master Keys (ZMKs)/Key Encrypting Keys (KEKs), saving organizations valuable time and resources by reducing the scope of time- consuming key ceremonies.
Management of the HSMs is performed within the KeyBRIDGE interface allowing users to add/connect additional HSMs, as well as view and manage existing HSMs within their environment. Multiple HSMs from any supported manufacturer can be linked to KeyBRIDGE as well as logical endpoint applications needing to utilize keys or materials for use on specific HSMs.
KEYBRIDGE Point of Interaction™ (POI) Direct Connect
KeyBRIDGE POI (formerly Direct Connect) caters to organizations that deploy Point-of-Interaction terminals and/or perform key distribution. Over 350 unique Point-of-Interaction terminals are supported, including VeriFone, Ingenico, Equinox, Miura, Poynt and ID Tech products, utilizing both serial and USB interfaces. Organizations can quickly and efficiently load keys and applicable files, security settings, etc. to Point-of-Sale terminals, as well as perform key erasure for previously deployed terminals.
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net 7 The KeyBRIDGE platform is a robust key management tools allow users to generate, import and export keys from one central location. Users may import and export keys via clear key components with system-enforced validation of dual control and split knowledge. Keys may also be imported or exported as cryptograms or key blocks.
The platform supports all TR-31 defined key usages. Additionally, users may define custom key usages to support key types unique to their environment.
KeyBRIDGE POI supports both DUKPT and Master/Session terminal key management methodologies. AES DUKPT Initial Key derivation is included, fully compliant to ANS X9.24-3-2017.
Additional terminal-specific functionality is also supported through the KeyBRIDGE injection dashboard for each supported device. Custom wiring diagrams detail all of the necessary features and functions of KeyBRIDGE-certified Point-of-Interaction terminals so that users have all of the necessary details to properly connect and load each device.
Remote Key Delivery (RKD)
KeyBRIDGE RKD supports the remote distribution of keys to deployed (POI) terminals. By enabling remote key delivery, organizations save valuable time and resources by securely automating the delivery of keys to remote terminals.
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net 8 Organizations are better equipped to perform periodic key rotations and contend with a suspected or known key compromise by quickly and efficiently replacing terminal keys in the field.
KeyBRIDGE RKD supports numerous APIs, including support for communicating and connecting with client-defined terminal management systems. KeyBRIDGE RKD leverages TR-34 for terminal payload generation, assuring secure, compliant and interoperable key transfer. Through the use of TLS 1.2, communications to and from the KeyBRIDGE RKD appliance are maintained and secured.
As a licensed feature, KeyBRIDGE can fully support the requirements of Verifone Remote Key (VRK). This feature allows customers with their own Terminal Management Systems to build a remote keying facility, fully compatible with the latest Verfone terminal requirements.
KeyBRIDGE can also form the core of a system to remotely deploy PKI trust to terminals. In this role, it receives requests for key pairs; it generates the keys, forms CSRs and sends them to a CA, gets the certificates and forms terminal payloads to be returned to the requesting Terminal Management System. This system functionally mirrors our standard RKD offering, but is focused on delivering terminal trust anchors.
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net 9 THE APPLIANCE
KeyBRIDGE is self-contained tamper responsive security module (TRSM). The 256-bit AES System Master Key (SMK), used to encrypt all key data stored on the KeyBRIDGE appliance, is stored and utilized only in the protected FIPS 140-2, Level 3 internal HSM. Physical tampering of the KeyBRIDGE appliance, whether in a powered-on or powered-off state, results in SMK erasure, rendering all encrypted data on the system to be unrecoverable. Recovery is enabled through the use of backups and availability of System Master Key Components separated on smart cards to be provisioned to dedicated key custodians.
APPLIANCE FEATURES
.FIPS 140-2, Level 3 internal HSM .Dual power supplies (field replaceable) .4 USB ports .2 serial ports .2 Ethernet ports .Smartcard reader .Physical and logical tamper responsive controls .Field replaceable Fan Trays .UL & CE Certified .DES, 3DES, AES, ECC, and RSA, along with many regional derivation techniques.
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net 10 SUPPORTED PERIPHERALS
The KeyBRIDGE system supports the following peripherals:
.Mouse & Keyboard .Monitor (VGA) .Printer (IBM Proprinter I and II compatible with provided USB- to Centronics adapter) .Label Printer (Dymo® LabelWriter®400, 400 Turbo, 450, 450 Turbo) .USB Flash Drive (cannot contain any special drivers or firmware) .Barcode Scanner (Symbol® LS4208) .16-channel Serial Switch .Ethernet .SCD for entry of clear key components .SMK component smart cards
KEY MANAGEMENT
SYSTEM MASTER KEY The SMK is managed as three components, each of which is written to a PIN protected smart card and under the control of a unique Key Custodian. The SMK is securely stored and utilized within the KeyBRIDGE appliance only in the FIPS-140-2 level 3 HSM tamper- protected memory. Opening the appliance automatically erases the SMK.
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net 11 Because each SMK component is written to and loaded from smart cards, the KeyBRIDGE appliance also includes smart card management capabilities, as follows:
Format Cards Applies a Card ID and PIN to a blank card. Duplicate Cards Makes an additional card copy for backup purposes.
Read Card Displays the Card ID and the date/time it was created.
Verify Card Verifies the card has not been corrupted. Displays Card ID, date/time created, Component Check Value and SMK Check Value associated with the card. Update PIN Allows the PIN associated with the card to be changed.
MANAGED KEY INVENTORY
KeyBRIDGE provides centralized key management capabilities and detailed inventory tracking for all keys that are generated by or imported to the KeyBRIDGE key inventory. All keys are centrally managed based on user-defined Relationships. Relationships allow users to group keys and maintain contact information for each Relationship.
All keys stored in the KeyBRIDGE inventory are wrapped into PCI- compliant key blocks, encrypted under the AES-256 SMK. Key blocks are based on the TR-31 standard. KeyBRIDGE allows users to set TR- 31 key attributes to indicate how the key may be used and whether or not the key may be exported.
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net 12 Key details are presented in a user-friendly interface. To view key details, users may use define custom filters to search for keys that match the criteria provided. At a glance, the key inventory displays high-level key information for all keys, such as the key name, key check value (KCV), key length, key usage, relationship, status, etc. Automated key rotation is supported with Current, Next, and Restore slots.
More granular key details may be viewed by selecting individual key records from the key inventory screen. The key details screens include additional information relevant to each key, such as editable key name and comments fields, as well as the entire key history from the point that the key was introduced to the KeyBRIDGE appliance through key termination.
The key details also include details for each instance of key export, as well as termination details if the key was terminated. Note that when a key is terminated the key value is erased from the KeyBRIDGE appliance but all key details and activity information are retained for historical tracking purposes.
In addition to the standard key attributes, users may define up to twelve custom key attributes per key usage. This allows individual organizations to add and track additional information that is specific to their individual key management needs.
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net 13 KeyBRIDGE also generates, imports and exports asymmetric keys (RSA and ECC keys are supported). Public keys may be exported in PKCS#10-formatted Certificate Signing Requests (CSR), and any number of X.509 certificates can be imported and attached to a key pair in inventory.
ADD EXPORT TERMINATE •Generate in KeyBRIDGE •Export as Clear Components •Erase the key value from the •Import as Clear Components •Export as a Crytogram under system •Import as a Cryptogram KEK/ZMK or HSM Master Key •Retain the attributes and •Import as a Key Block File Encryption history •Export as a Key Block File •Export in TR-34 form (RKD)
THIRD PARTY HSM INTEGRATION By enabling users to generate keys within the KeyBRIDGE interface and export the keys under HSM Master Keys and ZMK/KEK encryption, KeyBRIDGE reduces the number of steps required to perform key management tasks, saving organizations valuable time and resources.
KeyBRIDGE supports integration of HSMs from a number of manufacturers, including Thales, Utimaco, Safenet, and HP Atalla. Setup and administrative functions of the HSMs are controlled directly through the KeyBRIDGE interface. KeyBRIDGE also provides HSM diagnostics and key synching between environments for HSMs that support this functionality.
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net 14 Third party HSM integration enables organizations to manage and store keys for multiple environments in a single, centralized location, while maintaining critical key history and details through the KeyBRIDGE centralized key store. In addition, generation and export of keys can be performed quickly with minimal resources, while tracking key history details through comprehensive audit logging.
API KEY REQUEST PROCESSING KeyBRIDGE features the ARCK™ API, (API for Remote Centralized Key management). This is a simple JSON Schema RESTful API that allows for new schemas to be included for support in rapid fashion. Basic key generate, import, export, and delete operations, along with a suite of administrative and audit functions are all available as GET and POST commands. Additionally, KeyBRIDGE supports the ability to serve as the client, allowing designated endpoints to pull keys from KeyBRIDGE. The API can even be used for the purposes of fulfilling Cryptographic Signing Requests to third party Certificate Authorities. The KeyBRIDGE architecture supports the ability to define custom APIs for automated key exchanges to external systems and applications. Baseline key exchange formats leverage X9 TR-34 key payload formats, but APIs may be tailored to support specific requirements of the receiving system. The APIs leverage TLS 1.2 for secure data transport and built-in certificate management supports full trust chain validation for each communicating device.
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net 15 Third party HSM integration enables organizations to manage and store keys for multiple environments in a single, centralized location, while maintaining critical key history and details through the KeyBRIDGE centralized key store. In addition, generation and export of keys can be performed quickly with minimal resources, while tracking key history details through comprehensive audit logging.
API KEY REQUEST PROCESSING KeyBRIDGE features the ARCK™ API, (API for Remote Centralized Key management). This is a simple JSON Schema RESTful API that allows for new schemas to be included for support in rapid fashion. Basic key generate, import, export, and delete operations, along with a suite of administrative and audit functions are all available as GET and POST commands. Additionally, KeyBRIDGE supports the ability to serve as the client, allowing designated endpoints to pull keys from KeyBRIDGE. The API can even be used for the purposes of fulfilling Cryptographic Signing Requests to third party Certificate Authorities. The KeyBRIDGE architecture supports the ability to define custom APIs for automated key exchanges to external systems and applications. Baseline key exchange formats leverage X9 TR-34 key payload formats, but APIs may be tailored to support specific requirements of the receiving system. The APIs leverage TLS 1.2 for secure data transport and built-in certificate management supports full trust chain validation for each communicating device.
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net 16 INTERNAL CERTIFICATE MANAGEMENT KeyBRIDGE includes features for the centralized management of X.509 and PKCS #7 certificates for payload signing and TLS session management. KeyBRIDGE supports the import of multiple Certificate Authority (CA) and Sub-CA certificates as well as CA-signed certificates, so submitted client certificates can be fully validated. KeyBRIDGE uses TLS for session security for API requests. A unique certificate must be designated for TLS authentication in order for incoming requests via the API to be accepted.
ADDITIONAL CAPABILITIES
SECURE SECRET DATA STORAGE The solution enables secure storage of secret data (up to 128 characters), such as HSM master key components, passwords, PINs, safe combinations, access codes, and derivation data. Virtually any piece of information that is frequently stored in physical safes can be securely stored and tracked within KeyBRIDGE.
Each secret is owned by a designated Key Custodian Group. Retrieval of the secure data requires dual control access from two key custodians assigned to the group to which the secret data is associated. Once the credentials have been validated, the secret data may be printed to a secure form.
ACCESS CONTROLS The architecture is rooted in role-based access to ensure appropriate controls and restrictions for performing sensitive functions. There are four user types in KeyBRIDGE: Manager, Key Custodian, Supervisor, and Operator (some user types will not be applicable based on the KeyBRIDGE product line).
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net 17 The assigned role will dictate the access and capabilities of a given user. The privileges associated with each role are as follows:
MANAGER •Key and Secret Data Management •System Administration •User Management •Certificate Management •Audit Logs & Archive •Key Custodian Privileges •Key Loading (PEDS) KEY CUSTODIAN •Key and Secret Data Management •Audit Logs SUPERVISOR •User Management (Operators only) •Audit Logs •Key Loading (PEDs) OPERATOR •Audit Logs •Key Loading (PEDs)
Figure 2 - KeyBRIDGE User Roles
Accessing the KeyBRIDGE appliance requires authentication of two users. Sessions are initiated through a primary login process that collects the user ID and password of the user that will be performing functions in the appliance. Access privileges are based on the primary user and their appropriate menu will be displayed once the secondary user’s credentials have been authenticated. The primary user is the session owner.
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net 18 USER MANAGEMENT Only Managers may create or edit users in the KeyBRIDGE appliance.
User Profiles Each user record contains the following information: User First Name User Last Name User ID Password Role Key Custodian (Y/N) Key Custodian Group Assignment (if designated as Key Custodian) Status (Active/Inactive/Locked) Editing User Profiles Once created, the only items that can be changed on a user profile are role, custodian privilege and status. De-provisioning Users Users no longer requiring access to the appliance will be set to a status of “Inactive”. Key Custodian Access Key Custodian privileges can be assigned to users with a role of Manager or Key Custodian. Once assigned, Key Custodian access may be deactivated and/or reactivated as needed. Key Custodian Group Numbers are permanent once assigned to a user and cannot be edited. Key Custodian privileges are required for import and export of clear key components, as well as the ability to add and export secure secret data.
ACCESS CONTROL SPECIFICATIONS Password Rules Password minimum length is set in System Settings. The allowable range is 8-24 characters. Valid passwords must contain at least one numeric or special character and are case sensitive. Password expirations are configurable to 1-180 days. No new password may match any of the previous 16. Password Users may change their own passwords. Management Managers may reset a user’s password if it is forgotten. The user will then be required to change their password on their next login attempt. In the event the system cannot be accessed due to lost credentials or locked Manager account(s), emergency access to reset a Manager password may be initiated from the login screen, which requires loading of the three SMK components (via smart card). Account Lockout User accounts are locked after 5 consecutive failed login attempts. Locked accounts may be unlocked by a Manager. Session Timeout Session Timeout is configurable from 1-60 minutes. Session Timeout settings are role specific, allowing a different timeout setting for Manager/Key Custodians vs. Supervisor/Operator roles. Critical Functions The following functions require the secondary Manager user to re-enter their login credentials: Adding or editing user accounts. Resetting passwords. Deleting archived audit records. Updating the SMK. Applying system updates. Terminating keys or certificates. Adding or removing the SCD for clear component entry.
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net 19 SYSTEM ADMINISTRATION
BACKUP & RECOVERY Backups may be performed manually through the KeyBRIDGE interface or using the automated backup feature. Automated backups are scheduled to run daily at the desired time specified during the automated backup setup process. Once completed, the backup file, which is encrypted under the AES-256 SMK, is automatically saved to the designated shared network location. The backup file contains all keys, key details, the user database, audit and archive records and system settings and can be used in the event that a system needs to be recovered.
A KeyBRIDGE appliance may be initialized or restored using an existing backup file. When initializing a new or existing system, users will be required to reload the SMK and then load the backup file. For active systems with a loaded SMK, loading the backup file under dual control is all that is required to restore the system.
Backup files capture all system data, including keys, user information and audit logs.
Backup files are written to a USB or network drive, encrypted under the SMK.
System restore uses the backup file to completely initialize the appliance.
Disaster recovery requires only a set of matching SMK cards, a system backup file and a KeyBRIDGE appliance.
Figure 3 - System Recovery
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net 20 AUDIT AND ARCHIVE Every user action regardless of status (pass or fail) is logged within KeyBRIDGE. Each record in the audit log will contain the following information:
. A unique audit record ID . Date and timestamp . User IDs . Function performed . Relationship . POS Terminal Details (injection only) . Key Serial Number - KSI & DID (injection only) . Status: Pass or Failure . Additional discretionary data (function specific)
Managers may view all audit records and select specific records to be printed or saved to a USB drive or shared network resource using the search filter and selecting the appropriate records. Other roles may only view audit records.
The KeyBRIDGE appliance limits the size of audit logs and requires periodic archival. The range of records may be chosen by either a date or an absolute number. Once the range is chosen, it will be saved to a file on a USB drive or shared network resource. The appliance will assign a batch ID, and both the batch and each individual record is cryptographically protected to ensure batch integrity. The appliance will maintain an archive record batch log to keep a record of archive activity.
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net 21 CONCLUSION
Whether supporting HSM integration, remote key delivery, or direct key loading, the KeyBRIDGE product line is fully scalable from the smallest to largest of organizations. Built around industry standards and direct customer feedback since 2005, the KeyBRIDGE platform provides robust key management to meet the needs of growing key environments. Organizations can securely store, distribute and access sensitive keying material and secret data within a single, centralized location. With built-in automated tracking, organizations can manage key details and history for all keys within their environment, leading to more effective, secure and compliant key management.
About GEOBRDIGE
Established in 1997, GEOBRIDGE emerged as one of the first information security solutions providers to support cryptography and payment applications for payment processors, financial institutions and retail organizations. Today, GEOBRIDGE is a leading information security solutions and compliance provider that provides Cryptography and Key Management, Payment Security , Compliance, and HSM Virtualization solutions and services to our clients. Our client list includes Fortune 500 companies, financial institutions, healthcare organizations and government clients across North America and around the globe. GEOBRIDGE leverages our team’s expertise in data protection, program development, enforcement and governance to help architect solutions to help mitigate risk for our clients.
For questions or more information, please email: [email protected].
GEOBRIDGE Corporation – 20110 Ashbrook Place, Suite #125, Ashburn, Virginia 20147 www.GEOBRIDGE.net 22