Enterprise Key Management Foundation - The Future of ...€¦ · Enterprise Key Management Foundation - The Future of Crypto Key Management ... Introducing - IBM Enterprise Key Management
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
IBM Enterprise KeyManagement Foundation isa Centralized KeyManagement Solution onzEnterprise which is wellsuited for banks, paymentcard processors and otherbusinesses that must meetPayment Card Industryrequirements
Key enablers are z/OS withICSF, IBM DB2 Version 9.1for z/OS, IBM z9 – zEC12& CryptoExpress 2/3/4S
Introducing - IBM Enterprise Key Management FoundationProvide a centralized key management solution that leverages clients investments inSystem z Hardware Crypto for the ultimate protection of sensitive keys and meetingcompliance standards
Solution Summary
Provide a simple centralized key management whichadheres to industry standards
Provides a foundation that can be tailored toaddress the needs of multiple industry segments tohelp identify compliance issues and assist keyofficers in enforcing a enterprise key managementpolicy requirements
Features crypto analytic capabilities that helpidentify compliance issues to assist key officers inunderstand how and who has access to key material
Solution Benefits
Provide higher quality of service by efficient keymanagement and automation
Leverages clients investments in System z hardware
Simplifies business continuity considerations formission critical key material
Business outcomesVantiv, the #1 Largest processor of PIN debit
transactions in the US*, performs over 2billion crypto transactions per month
“The cryptographic coprocessors provide the ability tocreate tremendous encryption capacity for all operatingplatforms. Our use of the Crypto Express processorshas expanded beyond a single purpose, mainframe-only solution, to an enterprise-wide encryption service”- Vantiv
Colony Brands, believes that Secured platformfor critical business applications enablingthe best possible customer experience
“The zEnterprise provides us with a secure platform thatenables us to ensure our customers’ private data issecure which improves our customer experience andoverall satisfaction.” – Todd Handel Director ITStrategy& Architecture
The IBM EKMF solution comprises a highly securedworkstation, a browser application and a centralrepository.
All new keys are generated on the securedworkstation by users authenticated with smartcards. The EKMF Workstation includes a IBM 4765.
The EKMF Browser application features monitoringcapabilities and enables planning of future keyhandling session to be executed on the workstation.
The central repository contains keys and metadatafor all cryptographic keys produced by the EKMFworkstation. This enables easy backup and recoveryof key material.
Note that while this is a mainframe centric view, EKMF supportsdistributed platforms as well
Auditing & Compliance•Compliance with Payment Card Industry Requirements•Bringing a heterogeneous HSM environment in control and in compliance by utilizing the IBM system zplatform as a proven base•Centralization of key management simplifies the Security Officer or the Key Managers need to identifycompliance issues for key material
Simplification•Facilitates a standardized set of procedures and operations to enforce a enterprise key managementpolicy•Simple to manage task oriented dash board with automated management tasks to help simplify keymanagement operations•Monitoring and reporting facilities provided to help identify compliance issues and assist key officers inenforcing policy requirements
The following are trademarks of the International Business Machines Corporation in the United States and/or other countries.
The following are trademarks or registered trademarks of other companies.
* Registered trademarks of IBM Corporation
* All other products may be trademarks or registered trademarks of their respective companies.
Notes:Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput thatany user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, andthe workload processed. Therefore, no assurance can be given that an individual user will achieve throughput improvements equivalent to the performance ratios stated here.IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply.All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they mayhave achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions.This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may besubject to change without notice. Consult your local IBM business contact for information on the product or services available in your area.All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm theperformance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography.
GDPS*HiperSocketsHyperSwapIBM*IBM eServerIBM logo*IMSLanguage Environment*Lotus*Large System Performance Reference™ (LSPR™)
Multiprise*MVSOMEGAMON*Parallel Sysplex*Performance Toolkit for VMPowerPC*PR/SMProcessor Resource/Systems Manager
RACF*Redbooks*Resource LinkRETAIN*REXXRMFS/390*Scalable Architecture for Financial ReportingSysplex Timer*Systems Director Active Energy ManagerSystem/370System p*System StorageSystem x*System zSystem z9*System z10
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries.Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom.Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of IntelCorporation or its subsidiaries in the United States and other countries.UNIX is a registered trademark of The Open Group in the United States and other countries.Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office.IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency, which is now part of the Office of Government Commerce.