Encryption Key Management
Alliance Key Manager - FIPS 140-2 Certified
Easily Meet Encryption Key Management Compliance Requirements
A Verizon PCI Compliance Report (PCIR) states that "about 42 percent of organizations have trouble implementing a proper encryption key management strategy to keep information safe." Proper encryption key management, experts say, is becoming more important than encryption itself. Encryption keys represent "the keys to the kingdom," if someone has access to the encryption key, they have access to the most sensitive data in your organization - the encrypted data. Proper encryption key management is a requirement for PCI-DSS compliance. Auditors are scrutinizing how organizations manage keys in response to evolving regulations. Learn more about PCI-DSS encryption key management requirements with this whitepaper.
Certified. Comprehensive. Cost Effective.
Alliance Key Manager is an appliance that helps organizations meet compliance requirements with FIPS 140-2 compliant encryption key management. The symmetric encryption key management solution creates, manages, and distributes 128-bit, 192-bit, and 256-bit AES keys for any application or database running on any Enterprise operating system. Alliance Key Manager also supports on-appliance encryption and decryption services. Whether you want to run Alliance Key Manager as a physical hardware security module (HSM), as a VMware instance, or in the vCloud, encryption key management has never been easier.
Works with all major business platforms (IBM Power Systems i, IBM System z, Windows, Linux and UNIX), leading encryption applications, and legacy devices.
Sample client binary and source applications
Binary key retrieval and encryption libraries are provided for all major operating systems to enable rapid deployment of encryption key retrieval or on-device encryption applications. Sample source code is also provided for Java, .NET (C#, VBNET, J#), C, RPG, and COBOL applications. Click here to download a podcast on encryption key management for Microsoft Windows.
Certified encryption key management ensures compliance with regulations
Alliance Key Manager is certified to the FIPS 140-2 Level 1 specification.
Dependable, reliable and secure
Alliance Key Manager mirrors keys between multiple key management appliances over a secure and mutually authenticated SSL/TLS connection for hot backup and disaster recovery support.
Complete audit trail
Built in logging allows administrators to track all key retrieval, key management, and system activity. Reports can be sent automatically to central log management, alerting facilities, or SIEM products for a timely and permanent record of activity.
Key access control addresses PCI-DSS requirements
Encryption keys can be restricted based on several criteria. The most permissive level requires a secure and authenticated SSL/TLS session to the key server. Individual encryption keys can be restricted to users, groups, or specific users in groups. Enterprise-wide groups can be defined and keys can be restricted to Enterprise users, groups, or specific users in groups.
Key change and rotation
Automatically or manually rotate encryption keys. Security administrators can define the frequency of key rotation based on internal security policies. When a key change occurs, the new version is created and the old version is moved to a historical database and available for cryptographic operations.
GUI system administration
Alliance Key Manager provides a Java GUI application to create and manage encryption keys and access policies. All access to security administration is authenticated using SSL/TLS client and server authentication. A system option allows requiring multiple security administrator logins to meet compliance regulations for Dual Control.
On-device encryption and decryption services
For applications that require the highest level of security, you can use the on-board encryption and decryption services. The encryption key never leaves the key server device with on-board encryption services.
ISV integration features
ISV and OEM customers can rapidly deploy embedded key management solutions using Alliance Key Manager's binary APIs. Encryption keys include user-defined fields for encryption key cross-reference requirements. Townsend Security works with ISVs and OEMs for branded and independently NIST validated solutions.
Alliance Key Manager is built for OEM integration. Learn more about our OEM program and how to boost revenue and stay ahead of the competition.
Network attached, hardware security module (HSM) or VMware instance
AES 128, 192, 256 bit keys
Secure key retrieval with TLS 1.2
Encrypt/Decrypt with AES 128, 192, 256
Encrypt/Decrypt with AES ECB and CBC modes of encryption
Maximum keys: Unrestricted
Maximum clients: Unrestricted
High availability mirroring for failover and load balancing;
Mirror selective keys; multiple mirror servers. Active-Active or Active-Passive.
Key access controls by user and group
Server management via secure web browser
Key management via Windows GUI console
Systems management with syslog-ng, logrotate, etc.
Tamper-evident case option
Memory: 2GB RAM
Processor: Intel I3-540, DUAL CORE, 3.06GHZ
Storage: 2 x 300GB 15K SAS, RAID, Hot Swap
Dimensions: 16.8” (W) x 1.7” (H) x 16.8” (D)
Weight: 37.0 lbs ship weight
Power: Dual redundant 100/240 VAC (auto-range); 280W, 955 BTU/HR
Temperature: 10°C ~ 35°C
Humidity: 8 to 90%, non-condensing
Compliance: CS, FCC, RoHS, VCCI
Certifications and Validations
NIST AES validation (all key sizes , ECB, CBC, CTR, OFB, CFB1, CFB8, CFB128 modes of encryption)
NIST SHA validation
NIST RNG validation (x9.31)
NIST HMAC validation
NIST FIPS 140-2, level 1
RoHS compliant, FCC, CE
NTP, Syslog-ng, automatic log rotation, secure encrypted and integrity checked backups
SSL/TLS authenticated secure communications
GUI console for key management
Secure web application for server management
Microsoft SQL Server
2005 all editions
2008 Express, Standard, Web Editions
2008 Enterprise or higher with EKM (TDE and Cell Level Encryption)
2008 R2 Express, Standard, Web Editions
2008 R2 Enterprise or higher with EKM (TDE and Cell Level Encryption)
2012 Express, Standard, Web Editions
2012 R2 Enterprise or higher with EKM (TDE and Cell Level Encryption)
Oracle Database 10g
Oracle Database 11g
SQLite, PostgreSQL, etc.
Microsoft .NET (C#, VBNET, J#)
RPG (IBM i)
Amazon Web Services