Secure Channels Key Manager is an appliance that helps organizations meet compliance requirements with FIPS 140-2 compliant encryption key management. The symmetric encryption key management solution creates, manages, and distributes 128-bit, 192-bit, and 256-bit AES keys for any application or database running on any Enterprise operating system. Secure Channels Key Manager also supports on-appliance encryption and decryption services. Whether you want to run Secure Channels Key Manager as a physical hardware security module (HSM), as a VMware instance, or in the vCloud, encryption key management has never been easier.
Works with all major business platforms (IBM Power Systems i, IBM System z, Windows, Linux and UNIX), leading encryption applications, and legacy devices.
Binary key retrieval and encryption libraries are provided for all major operating systems to enable rapid deployment of encryption key retrieval or on-device encryption applications.
Secure Channels Key Manager is compliant to the FIPS 140-2 Level 1 specification.
Secure Channels Key Manager mirrors keys between multiple key management appliances over a secure and mutually authenticated SSL/TLS connection for hot backup and disaster recovery support.
Built in logging allows administrators to track all key retrieval, key management, and system activity. Reports can be sent automatically to central log management, alerting facilities, or SIEM products for a timely and permanent record of activity.
Encryption keys can be restricted based on several criteria. The most permissive level requires a secure and authenticated SSL/TLS session to the key server. Individual encryption keys can be restricted to users, groups, or specific users in groups. Enterprise-wide groups can be defined and keys can be restricted to Enterprise users, groups, or specific users in groups.
Automatically or manually rotate encryption keys. Security administrators can define the frequency of key rotation based on internal security policies. When a key change occurs, the new version is created and the old version is moved to a historical database and available for cryptographic operations.
Secure Channels Key Manager provides a Java GUI application to create and manage encryption keys and access policies. All access to security administration is authenticated using SSL/TLS client and server authentication. A system option allows requiring multiple security administrator logins to meet compliance regulations for Dual Control.
For applications that require the highest level of security, you can use the on-board encryption and decryption services. The encryption key never leaves the key server device with on-board encryption services.