More and more, the industry is demanding the ability to implement remote symmetric key distribution without relying on the physical security, policies procedures and personnel associated with physical Key Injection Facilities (KIF). Moreover, in order to maintain a competitive advantage in the growing virtual marketplace, it is imperative to utilize solutions that allow for the reduction of operational delays and high costs associated with shipping devices to KIFs simply to receive new cryptographic keys.
Organizations are better equipped to perform periodic key rotations and contend with a suspected or known key compromise by quickly and efficiently replacing terminal keys in the field. KeyBRIDGE RKD supports numerous APIs, including support for communicating and connecting with client-defined terminal management systems. KeyBRIDGE RKD leverages TR-34 for terminal payload generation, assuring secure, compliant and interoperable key transfer. Through the use of TLS 1.2, communications to and from the KeyBRIDGE RKD appliance are maintained and secured. As a licensed feature, KeyBRIDGE can fully support the requirements of Verifone Remote Key (VRK). This feature allows customers with their own Terminal Management Systems to build a remote keying facility, fully compatible with the latest Verfone terminal requirements.
KeyBRIDGE can also form the core of a system to remotely deploy PKI trust to terminals. In this role, it receives requests for key pairs; it generates the keys, forms CSRs and sends them to a CA, then gets the certificates and forms terminal payloads to be returned to the requesting Terminal Management System. This system functionally mirrors our standard RKD offering, but is focused on delivering terminal trust anchors.
The KeyBRIDGE RKD server is the core component in a cost-effective, compliant RKD solution.
In addition to its intuitive, easy-to-use graphical user interface, state of the art security features and robust auditing, the KeyBRIDGE platform provides the following essential RKD services:
The KeyBRIDGE platform is designed with compliance in mind, and supports the requirements of:
Also supported are methods that are similar but not conforming perfectly to the standard. Additionally, GEOBRIDGE has implemented symmetric key distribution protocols supported by many device manufacturers, and similar secret key distribution techniques employed by other manufacturers are supported as well.
Lastly, the KeyBRIDGE appliance supports a simple JSON Schema RESTful API that can also be leveraged for remote key distribution techniques. This API may be accessible from a self managed KeyBRIDGE appliance, or available in a service model maintained by the GEOBRIDGE KEES™ Team
Find out more about GEOBRIDGE KEES™ on our website.