TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
de
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • key management
      • Enterprise Key Management
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • key management
      • Enterprise Key Management
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / products / KeyBRIDGE / KeyBRIDGE RKD

KeyBRIDGE RKD

KeyBRIDGE Remote Key Delivery (RKD) supports the remote distribution of keys to deployed (POI) terminals. By enabling remote key delivery, organizations save valuable time and resources by securely automating the delivery of keys to remote terminals.

More and more, the industry is demanding the ability to implement remote symmetric key distribution without relying on the physical security, policies procedures and personnel associated with physical Key Injection Facilities (KIF). Moreover, in order to maintain a competitive advantage in the growing virtual marketplace, it is imperative to utilize solutions that allow for the reduction of operational delays and high costs associated with shipping devices to KIFs simply to receive new cryptographic keys.

Organizations are better equipped to perform periodic key rotations and contend with a suspected or known key compromise by quickly and efficiently replacing terminal keys in the field. KeyBRIDGE RKD supports numerous APIs, including support for communicating and connecting with client-defined terminal management systems. KeyBRIDGE RKD leverages TR-34 for terminal payload generation, assuring secure, compliant and interoperable key transfer. Through the use of TLS 1.2, communications to and from the KeyBRIDGE RKD appliance are maintained and secured. As a licensed feature, KeyBRIDGE can fully support the requirements of Verifone Remote Key (VRK). This feature allows customers with their own Terminal Management Systems to build a remote keying facility, fully compatible with the latest Verfone terminal requirements.

KeyBRIDGE can also form the core of a system to remotely deploy PKI trust to terminals. In this role, it receives requests for key pairs; it generates the keys, forms CSRs and sends them to a CA, then gets the certificates and forms terminal payloads to be returned to the requesting Terminal Management System. This system functionally mirrors our standard RKD offering, but is focused on delivering terminal trust anchors.

The KeyBRIDGE RKD server is the core component in a cost-effective, compliant RKD solution.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

In addition to its intuitive, easy-to-use graphical user interface, state of the art security features and robust auditing, the KeyBRIDGE platform provides the following essential RKD services:

  • An easy-to-manage key inventory that holds the keys and their associated metadata necessary for terminal deployment. The inventory permits keys to be grouped into named containers called Relationships; this mechanism allows key managers to segregate keys for management and compliance purposes.
    • A rich collection of tools to generate, import and export inventory keys, and specify their properties.
    • The ability to build a KeyBRIDGE farm that will automatically partition DUKPT DID space, thereby ensuring that no KeyBRIDGE will ever inject a duplicate KSN.
    • Complete key lifecycle management and tracking.
  • An asymmetric key database used to sign the terminal key payloads, and their corresponding CA certificate chain. These keys provide the mutually authenticated trust required for a secure, standards-compliant implementation.
  • Full support for all common secret key distribution scenarios: Fixed-key, Master/Session and DUKPT (both TDES and AES).
  • The ability to collect all necessary key injection properties for a given terminal estate into a named container called a Key Profile. Key Profiles simplify the process of specifying injection requests at the Terminal Management System (TMS), allowing operators with little or no cryptographic expertise to accurately and securely inject terminals, thereby minimizing incorrect and insecure configurations.
  • A simple JSON Schema RESTful API used to receive TMS key requests and return the corresponding terminal key payloads.
  • Protecting the TMS interfaces using mutually-authenticated TLS v1.2, and the resources to import and manage the required TLS authentication keys.
  • Complete, detailed audit logging of all user management activity and secret key distribution request processing.
  • Automated database backup with support for numerous endpoint storage locations.

The KeyBRIDGE platform is designed with compliance in mind, and supports the requirements of:

  • ASC X9.24, parts 1, 2 and 3
  • ASC X9 TR-31 Interoperable Secure Key Exchange Key Block Specification
  • ASC X9 TR-34 Interoperable Method for Distribution of Symmetric Keys using Asymmetric Techniques
  • PCI PIN and PCI P2PE key management

Also supported are methods that are similar but not conforming perfectly to the standard. Additionally, GEOBRIDGE has implemented symmetric key distribution protocols supported by many device manufacturers, and similar secret key distribution techniques employed by other manufacturers are supported as well.

Lastly, the KeyBRIDGE appliance supports a simple JSON Schema RESTful API that can also be leveraged for remote key distribution techniques. This API may be accessible from a self managed KeyBRIDGE appliance, or available in a service model maintained by the GEOBRIDGE KEES™ Team

Find out more about GEOBRIDGE KEES™ on our website.

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

intarsys AG SecureMetric Technology Sdn. Bhd. MIcrosec Komar Consulting Inc. - Utimaco Hardware Security Modules Partner EUROPEAN DYNAMICS SA. Ascertia - Utimaco Hardware Security Modules Partner ESYSCO Sp. z o.o. Primekey Solutions AB Nexus Technology GmbH Clearkey Consulting - Utimaco Hardware Security Modules Partner Nexus - Utimaco Hardware Security Modules Partner Perceptus-sp.-z-o.-o. JJNet International Co., Limited - Utimaco Hardware Security Modules Partner Cyber Armor Pte Ltd Thomas-Krenn.AG Softline Solutions GmbH Compumatica secure networks GmbH Baas Control s.r.o. Fortiedge Pte Ltd. Cryptomathic A/S CEGA Security Macroseguridad Rohde & Schwarz Cybersecurity GmbH Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner Fornetix - Utimaco Hardware Security Modules Partner Utimaco HSM - PTESA_profesionales en transacciones electronicas cv cryptovision GmbH PrimeKey Labs GmbH AKEA S.A. - Utimaco Hardware Security Modules Partner Encryption Consulting LLC CewTec S.A. Nexus - Utimaco Hardware Security Modules Partner Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner Cryptomathic GmbH Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner Compumatica secure networks B.V. Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner Envoy Data Corporation - Utimaco Hardware Security Modules Partner Utimaco HSM - QuintessenceLabs Altacom UAB Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner CREAplus Italia S.r.l Versasec CertiSur S.A. Telegrupp AS CREA plus d.o.o. PKI Solutions Inc. Cryptomathic Inc. MALKOM D.Malińska i Wspólnicy s.j. Cogito Group Pty Ltd VAR Group SpA - Utimaco Hardware Security Modules Partner Utimaco HSM - InfoGuard Swiss Cyber Security Real security d.o.o. E-Sign S.A. MTG - Utimaco Hardware Security Modules Partner Abrantix AG Microexpert Limited Safesoft Kft. IQuantics Corp PETA (Thailand) Co., Ltd.
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • key management
      • Enterprise Key Management
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research