SpanKey™ Cryptographic Key Management System

SpanKey and SpanKey Special Edition provide all the cryptographic requirements for issuing and processing EMV Credit and Debit cards in an IBM System z mainframe environment.

 

SpanKey Highlights

• Provides functions for all cryptographic processes for EMV Credit and Debit card systems.
• All processing is performed on the System z mainframe - there is no requirement for external processing, file transfers, out-sourcing of crypto functions, etc.
• All controls and processing are built in to your application systems, so there is no scope for operational errors.
• No external cryptographic hardware is required - everything is in one box.
• All Key Management and cryptographic functions required for card processing are provided.
• No cryptographic hardware at all is required for testing or development systems.
• We believe that SpanKey offers the highest levels of performance, reliability and integrity, with the lowest overall cost of ownership, of any commercial Key Management and EMV offering available today.
• We can also help with conversion from other cryptographic implementations.

SpanKey Automatic creation of EMV chip data for card issuing:

• Input an existing-format Magnetic Stripe card production data file, or an appropriate extract file from a customer or card-holder database.
• Output is an EMV chip card production file including all EMV Tag Elements, EMV DGIs, cryptographic keys, etc.
• No customer application programming required.
• All processing is performed under z/OS on the System z mainframe, with enormous performance, reliability and integrity benefits.

A 30-day free no-obligation trial of SpanKey is available upon request. Contact Span Software for details.*

Product Description

SpanKey is a general-purpose Cryptographic Key Management system for the IBM mainframe environment with z/OS.

In addition, it includes a full set of facilities for Banks and financial institutions for supporting the issuing of EMV (Europay MasterCard VISA) chip cards for Credit and Debit.

With the full version of SpanKey, all cryptographic processing is performed in secure hardware on the IBM mainframe (see below for details of SpanKey/SE). SpanKey requires the use of the CCF (Cryptographic Coprocessor Feature) and the PCICC (PCI Cryptographic Coprocessor). This implies an IBM G5 or G6 CMOS CPU, or a zSeries processor. The IBM zSeries z890, z990 and System z9, z10 and z196 require the PCIXCC, Crypto Express 2 or Crypto Express 3 crypto co-processor, as appropriate. Full details of the hardware and software requirements for running SpanKey are included in the documentation available on this web site or directly from Span Software Consultants Limited.

SpanKey also provides APIs (Application Programming Interfaces) for many cryptographic functions within the IBM mainframe environment.  These make programming applications that require encryption or key generation functions much easier.

Cryptography in the IBM mainframe environment is a large and complex subject that is often beyond the experience of programmers and systems designers. However, there are great benefits to it in terms of extremely high performance, and a very high degree of security and system integrity. SpanKey provides an easy-to-use route to exploit the power and functionality provided by the IBM hardware and software infrastructure.

In addition, Span Software Consultants Limited has a great deal of experience and expertise in this area, and we offer consultancy and development services in addition to our software products.

Follow this link for a set of presentation slides giving a high-level overview of SpanKey. Please contact us for further details.

Back to top

 

SpanKey Version 3.10

SpanKey Version 3.10 is now available, and contains many enhancements and new features, including:

• Automatic EMV card data generation without application programming.
• New API for creation of EMV Tag elements in user programs.
  Support for RSA keys up to 4096 bits long.
• SpanKey API support for Derived Unique Key Per Transaction (DUKPT) encryption of PIN blocks.
• Expiry date support for DES keys.
• Support for customer card account numbers of greater than 16 digits in various SpanKey APIs.
• New Import facility for adding existing non-SpanKey DES keys in the ICSF CKDS to the SpanKey database.
• New COMPAT option for generating DES keys with 8-character names for compatibility with legacy systems.
• Support for creating a new DES key with the same key value as an existing DES key.
• New Report features for DES and RSA keys and certificates allow searching for expired or logically-deleted keys.
• DES keys defined with the MDK option no longer include an EXPORTER variant.
• New TSO/ISPF panel options allow setting the working SpanKey database to match the online system, and define presets for identification values.
• Key Management support for the ICSF PKDS dataset, for storing RSA key tokens.
• Support for cryptographic functionality provided with z/OS 1.6 and later.
• Optional tracing of cryptographic API calls.
• Improved support for migration of cryptographic keys from one MVS image to another.
• Various improvements and extensions to the TSO/ISPF panel user interface.
• New Dataset Encryption Utility program included with SpanKey.
• Many new features and usability improvements to the user interface.

Follow this link for a set of presentation slides giving a high-level overview of SpanKey. Please contact us for further details.

Back to top

 

SpanKey Special Edition Version 3.15

SpanKey/SE has the full functionality of the standard SpanKey product, Version 3.10, but performs all cryptographic operations in software.

• SpanKey/SE is ideal for evaluating the benefits of using the mainframe for cryptographic key management, Credit and Debit card processing, PIN processing, and all EMV requirements, without first having to install mainframe cryptographic hardware.  In addition, SpanKey/SE can be used for all stages of application development and testing, and can be a long-term solution to minimising the hardware costs for secure card processing.
• SpanKey/SE will run on any IBM, IBM-compatible or emulated mainframe system that runs z/OS.  There are no other hardware or software requirements.
• SpanKey/SE provides an emulation facility for ICSF functions for systems without cryptographic hardware.
• Cryptographic Keys can optionally be shared with the standard SpanKey product by the use of key import and export features in both products.

Follow this link for a set of presentation slides giving a high-level overview of SpanKey. Please contact us for further details.

* 30-day no-obligation free trial of SpanKey or SpanKey/SE is available to banks and card issuers and acquirers who run or plan to run their card systems on IBM System z mainframes. Non-Disclosure Agreement required.

Back to top