Managing Keys

Key management encompasses the generation, storage, distribution, and use procedures for card keys. Key management procedures must not compromise the security of other systems; and the key management procedures must be specific to the system hosting the key management application.

Two main players are involved during actual deployment:

Both entities must securely exchange cryptographic keys to protect the card content and prevent attacks. The card manufacturer makes the cards and sends them to the card issuer. The card issuer processes the cards and must protect them with appropriate security measures. Specifically, each entity performs the following procedures.

Note: This section is a generic overview of key management process. It is not intended to be the only possible way to handle key management.

Key Management Steps

This section describes the basic steps to key management. It is an overview of best practices and does not provide step-by-step instructions.
For step-by-step directions on how to perform ActivID KMS key ceremonies, how to initialize HSMs A Hardware Security Module (HSM) securely stores secret key material. They are similar to large-storage, multisession smart cards. However, unlike smart cards, they are used mainly on the server side of a system., and other operations, see Using ActivID KMS.