Key Block Migration

PCI PIN Key Block migration is the most significant HSM disruptive service transition aside from changing a vendor.

ID-3 has proven experience in Key Block migrations and can support services surrounding the current and target standards enabling a clear strategy to be developed.

Many organisations have been dependant on the Variant standard for well over a decade with numerous platforms using HSMs to provide the right degree of assurance integrated into their fabric.

Replacing Variant legacy key material inevitably means changing application code and storage repositories, furthermore the move to the new Key Block Standard requires planning based on a solid understanding of the legacy key material that is currently in place and what is being protected.

This is no trivial task…

Phase 1

This requires updating legacy systems to support Key Blocks and storage within service provider environments; including applications and databases connected to Hardware Security Modules (HSMs). This requires well informed planning, PCI grade procedure development before the key migration on all the cryptographic keys in your environment without security compromise.

Phase 2

This requires Key Block to be in place for external connections to associations and networks. This will signal the demise of X9.17 in favour of the superior security controls provided by TR-31. Do you understand enough about TR-31 to securely apply the controls of the standard to your platform?

Phase 3

Seeks to extend support out to the retail environments and ATMs. Organisations all over the world need to act now to prepare for this radical change. Are you ready and, what does this mean for your business?

Expert support is at hand with ID-3.

ID-3 can help you to plan and deliver on the demands of compliance as dictated by the standards. We can help you to:

  • Perform initial Gap Analysis for PCI Compliance
  • Understand what Key Block is and how it will affect your business through workshops and seminars
  • Support your planning for Phase 1 by providing expert advice on exactly what to ask the application teams in order to get what you need to plan next steps
  • Assist in development of your documentation to ensure your processes reasonably demonstrate the regulatory requirements
  • Prepare your HSMs for migration in both Test and Production and assist with planning for the migration procedure
  • Support the initial key type discovery and the destination Key Block identification
  • Support the execution of the migration’s key translationSupport the execution of the migration’s key translation
  • Support manual migration of the application’s keys that have no migration in their product roadmap
  • Support the requirements for Phases 2 and 3 as they come into force