Key Management

Certified Zero Trust

Zero trust means zero exposure of all key material from generation to distribution and use. Ultra offers the highest FIPS 140-2, Level 4 certified hardware security module (HSM) to protect cryptographic key throughout their lifecycle. Ultra’s Keyper and CARDS product suites provide assured management of keys between devices and users.

COMSEC Experts

A comprehensive cybersecurity strategy includes policies and procedures for controlled tracking and use of cryptographic assets throughout an organisation. We simplify these complex tasks with products and services to help security departments maintain the fleet of equipment and keys required for the mission.

Cryptographic Key Management - A Beginner’s Guide

Trusted Distribution

Complex supply chains and partner networks require controlled sharing of keys across multiple sites and groups. Ultra’s solution allows for the remote electronic distribution of cryptographic keys, while reducing costs and security breaches by ensuring all assets are tracked and audited.

Watch the The Hidden Key: Cryptographic Key Management and HSMs Webinar

HSMs and Key Management Solutions

Ultra’s comprehensive key lifecycle management solutions provide the highest level of certified protection; including key-generation, storage, audit, distribution and destruction of keys and digital trust assets.

KeyperPLUS

A network Hardware Security Module (HSM) for organisations that have the highest security requirements. Keyper^PLUS enforces zero trust through zero exposure protection of the most sensitive keys in government, Internet and industry. Entirely NIST FIPS 140-2 and Level 4 certified, Keyper^PLUS provides security features beyond the competition:

Capabilities above Level 3 HSMs

Multi-factor, identity-based authentication using N of M smartcards
Active and passive tamper detection and response
Temperature/Voltage Environmental failure protection

Capabilities above Level 4 (Physical) HSMs

Common Criteria EAL4 evaluated operating software
Formal model design and validation

Level 4 devices are designed for use in physically unprotected environments, and with additional defences against environmental attacks, including fluctuations outside normal operating ranges.

HSMs are at the root of trust in the generation, storage, distribution and controlled use of cryptographic keys within supply chain security infrastructures. Ultra’s experts support your security development teams with easy integration and support. This includes:

Industry standard interface libraries: PKCS#11, MSCAPI, and CNG
Platforms supported (to date): Windows Server 2012R2, 2016, 2019, 2022 (64 bit), RHE Linux 7.9 & 8.3 (64 bit)
Third party interoperability: Entrust Authority Security Manager, Oracle database TDE, UniCERT, Microsoft ADCS, IIS, Bloombase Storesafe, EJBCA, ISC BIND, OpenDNSSEC, KnotDNS, OpenVPN, LibraSwan, OpenSSL, Java, Apache, Nginx

Built on a tradition of trust and customer support for over 15 years, KeyperPLUS includes a robust suite of interface libraries and algorithms at no extra charge.

Additional Capabilities

Remote management application software provided, permitting run-time application key backup, audit log retrieval and firmware update
N of M storage key backup via smartcard
Encrypted application key backup on to smartcard(s) or USB
Load Balancer software provides redundancy and improved overall system performance
Rack-mount installation kit including redundant power supply available

Keyper^PLUS remains the highest certified protection of public key infrastructures across industries worldwide: Internet, Banking, Financial Services, Insurance, Crypto Currency, Telecommunications, Governments, Manufacturing, Energy, IoT, Medical Devices, Aerospace and Defense and Transportation.

INTEGRATION SUPPORT

Ultra supports your project with our expert services in:

Assistance with third-party integration
Periodic replacement of internal battery
Firmware and external management tools updates
Implementation of bespoke algorithms and APIs

KeyperPLUS datasheet

pdf 2.69MB

COMSEC Accounting, Reporting & Distribution System (CARDS)

Improve your security operations by simplifying complex COMSEC asset management tasks. CARDS streamlines the business of COMSEC with inventory management, automated reporting, and controlled transfer of assets. Custodians and key managers at every tier benefit from the features of CARDS:

Track the location, usage and transfer of physical and digital assets
Generate SF-153s and other required reports
Record and schedule equipment maintenance
Controlled distribution and management of black keys to remote users
Manage configurations and documents associated with each asset

Electronic Key Distribution

The CARDS server is interoperable with U.S. and international Electronic Key Management System (EKMS-308) sources. This bridges the gap between Tier 2 and Tier 3 with controlled distribution and management of ‘black keys’ to remote locations, contractors and coalition partners. CARDS Key Hold client software provides off-line storage of assigned keys and direct on-site loading to Fill Devices.

CARDS is deployed around the world in these locations:

Ultra supports your COMSEC security operations with training and services to deploy the best CARDS solution for the mission.

CARDS datasheet

pdf 0.55MB

Remote Cryptographic Management System (RCMS)

RCMS provides over the network rekey (black key) of COMSEC equipment at remote unmanned sites. Ultra Key Management (UKM) software controls central operation and distribution of multiple RCMs performing DS-101 key loads.

MIDS-LVT and MIDS-JTRS Link 16 radio support
Legacy and Block Upgrade 2 (BU2) black key formats
Intuitive mission planner allows for a single operator initiating vital tasks

UKM is a user-friendly mission planner enabling a single operator to perform the following important tasks: receiving key, zeroizing key locally and remotely, initiating rekey operations and providing a COMSEC account for the black keys; and the management of several remote sites from the central site.