Key Management System

AKMS Key Management System is a highly available enterprise level cryptographic product that uses hardware security modules to protect key security. Support the management of various encryption objects, including symmetric and asymmetric keys, digital certificates, and one-time-password. By unifying the management of encryption objects, key management operations can be simplified, making encryption easier to configure and manage, reducing the maintenance cost, and meeting the needs of users in multiple applications and business scenarios.

System provides functions such as full life-cycle management of keys, configurable key usage policy and access permissions, and key encryption, decryption, and signature verification. System supports a variety of encryption interface types and Key Management Interoperability Protocol (KMIP), users only need to deploy one system to manage all encryption systems in the enterprise.

PRODUCT FEATURES

Secure Key Generation

The key uses the random numbers generated by a physical noise source generator chip, and after the key is generated, it is encrypted and stored by the system protection key in the HSM module.

Enrich Development Interfaces

AKMS provides International-algorithms-based encryption and decryption, signature verification, and cryptographic operations for international algorithms, supporting interfaces or protocols such as KMIP, JCE, P11, REST, etc.

Complete Management Functions

AKMS supports management functions such as backup and restoration, cluster management, service management, system configuration, certificate management, system monitoring, alarm management, Syslog, NTP, etc.

Multiple Identity Authentication

AKMS supports authentication of clients and keys through various methods such as IP whitelist, SSL certificate, key owner, and password.

Full Lifecycle Management of Encryption Objects

AKMS provides unified life-cycle management such as symmetric keys, asymmetric keys, digital certificates, etc. Based on the KMIP protocol, complete operations such as generation, storage, activation, distribution, update, logout, destruction, and deletion of encrypted objects.

High Availability

AKMS can be deployed independently in one data center or simultaneously in different data centers. Multiple AKMS can synchronize key data through secure protocols to achieve collaborative efforts among multiple nodes.

PRODUCT ADVANTAGES

Hybrid Cloud Support

Support linkage with AWS KMS, Key Vault, Alibaba Cloud KMS, Tencent Cloud KMS and other cloud providers.

Have seamless integration with multiple cloud products such as distributed databases and cloud hard drives to enable easy centralized management of keys within these services.

Massive Key Management

Support life-cycle management of billion level keys, including generation, storage, distribution, and usage.

Support usage in scenarios with a large number of business interactions to ensure the security of business data.

Compliance

AKMS adopts compliant cryptographic algorithms, products,  protocols, and technologies, the HSM adopts the hardware complies FIPS 140-2 level 3 .

Integrated Polymorphism

Support deployment forms such as physical HSMs, VSMs, docker containerization, and seamless integration with other products as a key management component.

Support KMIP Protocol

AKMS supports the standard KMIP protocol, there is no need for any integration with client systems that have already implemented the KMIP protocol. After registration, system calls can be directly implemented, greatly reducing the operating costs of enterprises.

Fine Grained Key Strategy

Each key has its unique owner. Encryption/decryption and key acquisition policies can be set for the key. Fine grained control over access time can be set for key operations.

SUPPORTING ALGORITHMS

Symmetric key generation and management:  AES, 3DES…

Asymmetric key generation and management: RSA,ECDSA…

Digest key generation and management: HMAC-SHA512…