Certified. Comprehensive. Cost Effective.
Works with all major business platforms (IBM Power Systems i, IBM System z, Windows, Linux and UNIX), leading encryption applications, and legacy devices.
Sample client binary and source applications
Certified solutions ensures compliance with regulations
Alliance Key Manager is certified to the FIPS 140-2 Level 1 specification.
Dependable, reliable and secure
Alliance Key Manager mirrors keys between multiple key management appliances over a secure and mutually authenticated SSL/TLS connection for hot backup and disaster recovery support.
Complete audit trail
Built in logging allows administrators to track all key retrieval, key management, and system activity. Reports can be sent automatically to central log management, alerting facilities, or SIEM products for a timely and permanent record of activity.
Key access control addresses PCI-DSS separation of duties, dual control, and split knowledge requirements
Encryption keys can be restricted based on several criteria. The most permissive level requires a secure and authenticated SSL/TLS session to the key server. Individual encryption keys can be restricted to users, groups, or specific users in groups. Enterprise-wide groups can be defined and keys can be restricted to Enterprise users, groups, or specific users in groups.
Key change and rotation
Automatically or manually rotate encryption keys. Security administrators can define the frequency of key rotation based on internal security policies. When a key change occurs, the new version is created and the old version is moved to a historical database and available for cryptographic operations.
GUI system administration
Alliance Key Manager provides a Java GUI application to create and manage encryption keys and access policies. All access to security administration is authenticated using SSL/TLS client and server authentication. A system option allows requiring multiple security administrator logins to meet compliance regulations for Dual Control.
Command Line automation
For ISVs and customers who need to create or manage a large number of encryption keys, the security management functions can be executed from a command line facility. All security functions available via the GUI security console can be automated through the command line console using standard shell scripts.
On-device encryption and decryption services
For applications that require the highest level of security, you can use the on-board encryption and decryption services. The encryption key never leaves the key server device with on-board encryption services.
ISV integration features
NIST AES validation (all key sizes , ECB, CBC, CTR, OFB, CFB1, CFB8, CFB128 modes of encryption)
NIST SHA validation
NIST RNG validation (x9.31)
NIST HMAC validation
NIST FIPS 140-2, level 1
128-bit AES symmetric keys
192-bit AES symmetric keys
256-bit AES symmetric keys
SSL/TLS authenticated secure communications
GUI and Command Line console for key management
Secure web application for server management