Creating Trust in the Digital Society
Reducing compliance complexity with KEESTM: Key Exchange and Escrow Services Jason Way, Vice President – Payment TechnologiesEyal Worthalter, Vice President – Platform Solutions & Growth
UTIMACO · Aachen, Germany · © 2020 utimaco.com Page 2
About us
50+ years in IT and 35+ years in IT-SecurityPrivate company
Founded 1964
300+ highly skilled experts58 Mio € Revenue FY 18/19
Worldwide customer and partner network in more than 90 countries
UTIMACO is an international provider of » cyber security & compliance solutions «
with headquarters in Aachen, Germany & Campbell, California
UTIMACO · Aachen, Germany · © 2020 utimaco.com Page 3
Milestones
US-based world leader in electric
vehicle manufacturing
selects UTIMACO HSMs to secure connected cards
UTIMACO starts
partnership with leading
Asian network-equipment
vendor
UTIMACO HSMs are chosen for the German
road-toll system
1st Generation KryptoServer
(HSMs)
Re-focused on providing IT security
and encryption solutions
UTIMACO exceeds 150 employees and winsTOP JOB
award
Foundedas data center for enterprises
New productinnovations
for Cloud and post-quantum
safe encryption
UTIMACO acquires
GEOBRIDGE
HPacquires
Atalla
Atallainvents
Keyblock
1964 1983 1991 2002 2006 2012 2015/16 2018
2020
2000 2002 2010 2017AtallaAx160HSM
AtallaAT1000
HSM
2018
UTIMACO acquires
Atalla Business
UTIMACO · Aachen, Germany · © 2020 utimaco.com Page 4
About GEOBRIDGE
Core Competencies ▪ Payment Security▪ Encryption & Key Management▪ Network Security ▪ Compliance Services▪ Cryptographic Advisory Consulting
Manufacturer of the KeyBRIDGE family of key management products since 2005
Compliance Experts▪ PCI Data Security Standard▪ PCI Pin Security▪ X9 TR-39 for EFT Payment Networks
Strong Partnerships
UTIMACO · Aachen, Germany · © 2020 utimaco.com Page 5
GEOBRIDGE Products & Services at a glance
The KeyBRIDGEplatform has expandedover time since 1997.
KeyBRIDGE Manufacturer
GEOBRIDGE performsCustom Firmware Development on a widerange of industry solutions.
Cryptographic Development
A PCI PO Company, active in various industrycompliance groups.
Compliance Services
PCI PIN Certified Managed Services for CryptographicKey Management.
KEESTM
Key Escrow & Exchange Service
GEOBRIDGE writesenterprise compliancepolicies and procedures.
Technical Documentation
GEOBRIDGE assistsnumerous intitieswith Key InjectionFacilitiy Management.
KIF Management
GEOBRIDGE provides cryptographicconsulting to numerousindustry leaders.
Cryptographic Consulting
UTIMACO · Aachen, Germany · © 2020 utimaco.com Page 6
Payment SecurityCompliance solutionsfor the Payment Industry
Payment Hardware Security Modules
Key Management for POI/POE
PCI compliantTokenization
Information SecurityEncryption-based, high-assurance solutions
We offer Cyber Security and Compliance solutions
General Purpose Hardware Security Modules
Key Management for encryption ofdata at rest
Cyber Security &
Compliance Solutions
UTIMACO · Aachen, Germany · © 2020 utimaco.com Page 7
Key Lifecycle Management
Key Injection:POS / POI
SecureTokenization
ATMNetworks
E-Wallets, Online and Mobile Payments
Payment Card Issuance
Credit, Debit/ATM cards, Acquirer, Issuer,
Merchants
Credentialsfor IAM
Credentials for Key Injection
Credentialsfor PKI
DigitalSigning
UTIMACO‘s Payment Product Portfolio at a glance
UTIMACOCryptoServer
Key Managementfor Encryptionof Data at Rest
UTIMACOESKM
UTIMACOAtalla AT1000
UTIMACO · Aachen, Germany · © 2020 utimaco.com Page 8
Move
Run
Build
▪ Move Keys:To/From On-Prem to the Cloud. Transport Keys Across Public Clouds and hybrid environments.
▪ Manage Keys: Create, Store, Rotate & Protect
UTIMACO U-Trust Cloud:Atalla PaymentHSMHSMaaS for Payment Use Cases
GEOBRIDGE KEESTM
Key Escrow & Exchange Services
▪ Enable Private & Public Cloud Service Providers to Build their own IaaS & PaaS Cryptographic Services.
UTIMACO’s vision to enable customer transition to the hybrid cloud
UTIMACO U-Trust Platform Solutions & Services
UTIMACO · Aachen, Germany · © 2020 utimaco.com Page 9
UTIMACO and GEOBRIDGE Combined Offering
HSMaaS Key Management as a Service
HSM Key Management
As a Service
On-Premise
UTIMACOESKM
UTIMACOAtalla AT1000
Payment HSM
UTIMACOCryptoServer
GP HSM Enterprise Secure Key Manager
Key Escrow & Exchange ServiceU-Trust Cloud: Atalla PaymentHSM
GEOBRIDGEKEESTM
KeyBRIDGE
UTIMACO · Aachen, Germany · © 2020 utimaco.com Page 10
Service Providers, Large Enterprises and Emerging Fintech navigate complex guidelines
Compliance Challenges across the landscape
Adopting New Technologies & Migrating Applications to the Cloud
Competing Against New Entrants
Protecting Against New Security Threats
Staying Compliant as Mandates Grow and Change
UTIMACO · Aachen, Germany · © 2020 utimaco.com Page 11
Overcoming Compliance Challenges requires a different approach
Cryptographic Keys: Shared Trust Model
Decision based on customer situation in terms ofRegulatory requirements / compliance • Data sensitivity • Risk propensity • TCO • …
Cryptographic Key Security
GEOBRIDGEKEESTM
UTIMACOu.trustCloud
Customer-managed keys
100%Customer
Control
Partiallymanaged
keys
Fullymanaged keys
100% Service Provider Control
Cloud SecurityShared Responsibility Model
Shared Trust Service Model
UTIMACO · Aachen, Germany · © 2020 utimaco.com Page 12
DestructionArchival
StorageDistribution
KEESTM redefines the lifecycle management of keys in your organization
Introducing KEESTM Key Exchage & Escrow Service
▪ Staff Augmentation capability for Enterprise Key Management
▪ PCI-PIN Certified Key Generation, Escrow and Distribution Service
▪ Remote HSM Operation & Management
Generation
RotationUsage
Backup
Escrow
UTIMACO · Aachen, Germany · © 2020 utimaco.com Page 13
KEESTM augments your organization’s capabilities
Benefits – Key Exchange and Escrow Services
Begin Transitionto the Cloud
Harness the possibilities of a cloud-based infrastructure by leveraging KEESTM.
OperationalSavings
Focus your team on your core business and use KEESTM as Augmentation for Key Management Responsibilities.
Improved Securitythrough Best Practices
Rely on Qualified Experts that are 100% dedicated to Key Management.
Agility& Time to Market
Create, rotate and/or distribute keys in days, not weeks.
SimplifyScope Compliance
Outsource the burden of PCI compliance to subject matter experts.
Adaptableto your Requirements
Dedicated and/or Shared models w/ High availability. Can provide turnkey solution or discreet operations Validation/ Verification, Tokenization, Key rotation, injection, etc.
UTIMACO · Aachen, Germany · © 2020 utimaco.com Page 14
Private RoutingInfrastructure
U.S. West
Santa Clara, CA
U-Trust Cloud: Atalla PaymentHSM– Launching in June
Customer Application
U.S. East
Ashburn, VA
CustomerCryptographic Officers
Support & Admin
UTIMACO · Aachen, Germany · © 2020 utimaco.com Page 15
Key Exchange Facility
Private RoutingInfrastructure
KEESTM as part of UTIMACO
Customer Application
U.S. East
Ashburn, VA
Worldwide Key Exchange Network
CustomerCryptographic Officers
UTIMACO · Aachen, Germany · © 2020 utimaco.com Page 16
Use Case 1: Mass Key Distribution
Gaming AcquirerManaging 800+ ATM/Kiosks
Customer profile
▪ Requiring Master Key Rotation▪ Load in Field by component parts▪ Update Acquiring Host
▪ No Written Policies/Procedures▪ No Physical Support Infrastructure▪ Must generate 1,600 components
Business Challenge(s)
Demonstrate Compliance for Audit
Solution▪ Leverage outsourced
compliance infrastructure▪ KEES™ created 1,600 in < 1 Week
UTIMACO · Aachen, Germany · © 2020 utimaco.com Page 17
Major RetailerMerchant Acquirer
Use Case 2: PCI Scope Reduction
Customer profile
▪ Managing 70,000 POI Terminals▪ Deployment Center (Primary)
▪ Mid – West US
▪ Corporate HQ (All Back Up Data)▪ North – East US
▪ All of HQ was in scope for PCI▪ Operations did not need to leverage HQ
Business Challenge
Reduce Audit Footprint
Solution▪ Store Back Up Data
with PCI PIN Certified Site▪ Eliminate HQ as PCI Scope
UTIMACO · Aachen, Germany · © 2020 utimaco.com Page 18
Use Case 3: On-Demand Key Generation
Major POI Vendor with embedded applications
Customer profile
▪ On-Demand Key Generation▪ 4 Hour SLA▪ Asymmetric Wrapping▪ Symmetric Wrapping▪ Secure Distribution
▪ Merchant▪ Enabling Payment App
Generate and Deploy App Key
Payment Use Case
Solution▪ Set Primary KEK▪ Enabling On-Demand Key Generation
and Distribution
UTIMACO · Aachen, Germany · © 2020 utimaco.com Page 19
Once with every business partner you will ever have
KEESTM initialization fees waived for a limited time
Perform Key Ceremony once with UTIMACO KEES™
11
22
33
Day 1
Day 2
Day 3
UTIMACO · Aachen, Germany · © 2020 utimaco.com Page 20
Summary
Utimaco & GEOBRIDGE
U-Trust Cloud: Atalla PaymentHSM
KEESTM
A service that eliminates the challenges of in-house cryptographic key management by hosting all HSM infrastructure
Leverage KEES™ PCI-PIN certified offering to augment your organization with qualified backup personnel, or operate as primary on behalf your behalf.
UTIMACO · Aachen, Germany · © 2020 utimaco.com Page 21
Upcoming Schedule
• AT1000: Benefits and Capabilities of Remote Management – May 2020
• U-Trust Cloud: Atalla PaymentHSM – May 2020
• Vision360 – Monitoring HSMs – June 2020
• Remote Key Injection for POI – June 2020
Past webinar recordings available for download on our website: https://hsm.utimaco.com/downloads/webinars/
Utimaco Webinars
Creating Trust in the Digital Society
Thank you for your attention!Start Today: [email protected] Inc.
900 East Hamilton Avenue Campbell, CA-95008United States of America Phone +1 (844) UTI-MACOhttps://[email protected]
Copyright © 2020 – UTIMACO GmbHUTIMACO® is a trademark of UTIMACO GmbH. All other named Trademarks are Trademarks of the particular copyright holder. All rights reserved. Specifications are subject to change without notice.