Key management (KMIP)

If KMIP master keys are used, data encryption keys are stored on an external server that supports the Key Management Interoperability Protocol (KMIP) version 1.1.

IBM® Safer Payments retrieves the keys over a secure connection at run time. The process is triggered by a user through the user interface.

Configuring key management to use KMIP master keys

Complete the following steps to use KMIP master keys:

  1. Enable and configure global data encryption settings. For more information, see Enabling and configuring global data encryption settings.
  2. Set up key entry and key management users. For more information, see Setting up key entry and key management users.
  3. Prepare a KMIP master key for activation. For more information, see Preparing a KMIP master key for activation.
  4. Activate a KMIP master key. For more information, see Activating a KMIP master key.
  5. Enable cardholder data encryption. For more information, see Enabling cardholder data encryption.
  6. Enforce regular key changes. For more information, see Enforcing regular key changes.

For information about resolving problems that might occur, see Troubleshooting key management.

After the system is operational, the following maintenance tasks can be completed as needed: