Encryption Key Management | Townsend Security

By: Patrick Townsend Security Solutions  11-11-2011
Keywords: Security, Encryption, Audit Trail

Certified. Comprehensive. Cost Effective. 

Enterprise compatibility

Works with all major business platforms (IBM Power Systems i, IBM System z, Windows, Linux and UNIX), leading encryption applications, and legacy devices.

Sample client binary and source applications

Certified solutions ensures compliance with regulations

Alliance Key Manager is certified to the FIPS 140-2 Level 1 specification.

Dependable, reliable and secure

Alliance Key Manager mirrors keys between multiple key management appliances over a secure and mutually authenticated SSL/TLS connection for hot backup and disaster recovery support.

Complete audit trail

Built in logging allows administrators to track all key retrieval, key management, and system activity. Reports can be sent automatically to central log management, alerting facilities, or SIEM products for a timely and permanent record of activity. 

Key access control addresses PCI-DSS separation of duties, dual control, and split knowledge requirements

Encryption keys can be restricted based on several criteria. The most permissive level requires a secure and authenticated SSL/TLS session to the key server. Individual encryption keys can be restricted to users, groups, or specific users in groups. Enterprise-wide groups can be defined and keys can be restricted to Enterprise users, groups, or specific users in groups.

Key change and rotation

Automatically or manually rotate encryption keys. Security administrators can define the frequency of key rotation based on internal security policies. When a key change occurs, the new version is created and the old version is moved to a historical database and available for cryptographic operations.

GUI system administration

Alliance Key Manager provides a Java GUI application to create and manage encryption keys and access policies. All access to security administration is authenticated using SSL/TLS client and server authentication. A system option allows requiring multiple security administrator logins to meet compliance regulations for Dual Control.

Command Line automation

For ISVs and customers who need to create or manage a large number of encryption keys, the security management functions can be executed from a command line facility. All security functions available via the GUI security console can be automated through the command line console using standard shell scripts.

On-device encryption and decryption services

For applications that require the highest level of security, you can use the on-board encryption and decryption services. The encryption key never leaves the key server device with on-board encryption services.

ISV integration features

OEM Integration


NIST AES validation (all key sizes , ECB, CBC, CTR, OFB, CFB1, CFB8, CFB128 modes of encryption)

NIST SHA validation

NIST RNG validation (x9.31)

NIST HMAC validation

NIST FIPS 140-2, level 1

Key sizes

128-bit AES symmetric keys

192-bit AES symmetric keys

256-bit AES symmetric keys


SSL/TLS authenticated secure communications

GUI and Command Line console for key management

Secure web application for server management

Keywords: Audit Trail, Encryption, Security

Contact Patrick Townsend Security Solutions

Email - none provided

Print this page


Other products and services from Patrick Townsend Security Solutions


AES Encryption | Townsend Security

Extensive document of the encryption APIs and developer guidelines will help shorten the development and deployment time for a project. Advanced Encryption Standard has been adopted as a standard by the US government and many state and local agencies. Alliance AES provides a number of resources to developers to make it easy to deploy data security solutions.


Tokenization for IBM i | Townsend Security

Generate non-recoverable tokens, (when the original data does not need to be recovered) using a separate token server and eliminate the need to store the original data in an encrypted format, usually taking the server out of scope for compliance. Supports the masking of tokens using the following options: Mask using the last 4 digits, the first 5 digits, the first 6 digits or mask using the first 2 and last 4 digits.


PGP File Encryption | Townsend Security

PGP for System i provides a native i5/OS implementation of PGP with sophisticated and easy-to-use automation features, including automation of encryption and decryption through library scan, IFS file system scan, and scheduling. PGP Command Line 9 for System z provides full support for all native functions of PGP including LDAP integration, Additional Decryption Key, PGP Key Server, and XML configuration.


Encryption Key Management HSM for SQL Server 2008

Enforce separation of duties and prevent administrators from having access to SQL Server data and the encryption keys to meet compliance standards. Any organization can now deploy a cost-effective, comprehensive and certified solution to meet key management compliance requirements. It utilizes Microsoft’s interface to support both Transparent Data Encryption and Cell Level Encryption on Microsoft SQL Server 2008.


Secure Managed File Transfer | Townsend Security

Automatically transfer files using Secure Shell sFTP or secure SSL FTP to banks, insurance companies, benefits providers, payment networks, and any other internal or external server. Alliance Secure Shell SSH sFTP and encrypted SSL FTP meet the data protection requirements of these regulations and use the NIST recommended encryption levels for transferring data.


XML Translation | Townsend Security

Alliance XML/400 automates the inbound and outbound process of XML documents and web services through a combination of HTTP servers, automatic data mapping to IBM I formats, and user application integration. IBM I customers can deploy Alliance XML/400 for business integration with a variety of XML compliant services such as WebMethods, Microsoft .NET, WebSphere, and others.