The power of a Key Management System is to meet the high demands on electronic security, smart card infrastructures as well as e-commerce platforms must be based on a wellconsidered, safe and properly tested key management system. The ANDiS Key Management System offers such a system, providing security concepts based on secure production, storage and distribution of cryptographic keys. Keys can be used for data encryption and decryption, verification, authentication and authorization.

The most important features of the ANDiS Key Management System are:

• Cryptographic key production and life cycle management
• Cryptographic keys import
• Cryptographic keys export
  

Systematic Working Method

The ANDiS KMS is based on key profiles with key definitions. Key profiles enable the production, import and export of cryptographic keys. All keys are stored in an encrypted form in a secured database. The ANDiS Key Management System takes care of key distribution to other third party applications. Being a key part of the ANDiS product suite, the functionality of the ANDiS Key Management System is directly available to the ANDiS Card and Application Management System (CAMS).

Perfect security

The ANDiS KMS uses a Hardware Security Module (HSM Box) to produce the cryptographic keys. This box can also encrypt and decrypt keys. Importantly, keys produced in the HSM box never appear in legible text, so they are never recognizable for third parties. Plus, all keys are positioned according to a specific hierarchy. Second level keys are only available if the first level key is available.

User-Friendly Interface

Working with cryptographic keys is a complicated matter. The ANDiS platform enables you to accommodate this complexity in a very user-friendly interface. As a result new system users settle in quickly. Furthermore, functionality is grouped together to create roles. Each role implies a specific security level and requires a dedicated authorization procedure.

There are three roles in the ANDiS Key Management System:

• The Profile Manager is capable of defining the keys and the key profiles. After defining the key profiles, they can be used to create keys in ‘test mode'. the Profile Manager. The Key Manager can not change the key profiles!
• The Administrator is capable of managing the database and maintaining the authorization procedures for the other
• The Key Manager is capable of producing the keys in the ‘production mode', using the key profiles created by roles.

Application Programming Interface

To be able to provide third party applications with the ANDiS KMS functionality directly, an Application Programming Interface (API) has been developed to give direct access to the main functionality of the ANDiS Key Management System.

Tailor-Made and Ready-to-Use

The ANDiS Key Mangement System is available as a readymade system and can easily be applied to your specific demands and wishes in consultation.