Alliance Key Manager HSM

FIPS 140-2 Compliant Encryption Key Management

Easily Meet Encryption Key Management Compliance Requirements: 
A Verizon PCI Compliance Report (PCIR) states that "about 42 percent of organizations have trouble implementing a proper encryption key management strategy to keep information safe."  Proper encryption key management, experts say, is becoming more important than encryption itself.  Encryption keys represent "the keys to the kingdom," if someone has access to the encryption key, they have access to the most sensitive data in your organization - the encrypted data.  Proper encryption key management is a requirement for PCI-DSS compliance. Auditors are scrutinizing how organizations manage keys in response to evolving regulations. 

Compliant. Comprehensive. Cost Effective. 

Alliance Key Manager HSM is a hardware security module (HSM) that helps organizations meet compliance requirements with FIPS 140-2 compliant encryption key management. The symmetric encryption key management solution creates, manages, and distributes 128-bit, 192-bit, and 256-bit AES keys for any application or database running on any Enterprise operating system. Alliance Key Manager HSM also supports on-appliance encryption and decryption services. 

Enterprise compatibility 

Works with all major business platforms (IBM Power Systems i, IBM System z, Windows, and Linux), leading encryption applications, and legacy devices.

Sample client binary and source applications 

Binary key retrieval and encryption libraries are provided for all major operating systems to enable rapid deployment of encryption key retrieval or on-device encryption applications. Sample source code is also provided for Java.NET (C#)CRPG, and COBOL applications.  

Validated encryption key management ensures compliance with regulations

Alliance Key Manager is compliant to the FIPS 140-2 Level 1 specification.

Dependable, reliable, and secure 

Alliance Key Manager mirrors keys between multiple key management appliances over a secure and mutually authenticated TLS connection for hot backup and disaster recovery support.

Complete audit trail 

Built in logging allows administrators to track all key retrieval, key management, and system activity. Reports can be sent automatically to central log management, alerting facilities, or SIEM products for a timely and permanent record of activity. 

Key access control addresses PCI-DSS requirements 

Encryption keys can be restricted based on several criteria. The most permissive level requires a secure and authenticated TLS session to the key server. Individual encryption keys can be restricted to users, groups, or specific users in groups. Enterprise-wide groups can be defined and keys can be restricted to Enterprise users, groups, or specific users in groups.

Key change and rotation

Automatically or manually rotate encryption keys. Security administrators can define the frequency of key rotation based on internal security policies. When a key change occurs, the new version is created and the old version is moved to a historical database and available for cryptographic operations.

GUI system administration 

Alliance Key Manager provides a Java GUI application to create and manage encryption keys and access policies. All access to security administration is authenticated using TLS client and server authentication. A system option allows requiring multiple security administrator logins to meet compliance regulations for dual control.

On-device encryption and decryption services

For applications that require the highest level of security, you can use the on-board encryption and decryption services. The encryption key never leaves the key server device with on-board encryption services.

ISV integration features 

ISV and OEM customers can rapidly deploy embedded key management solutions using Alliance Key Manager's binary APIs. Encryption keys include user-defined fields for encryption key cross-reference requirements. Townsend Security works with ISVs and OEMs for branded and independently NIST validated solutions.

OEM Integration 

Alliance Key Manager is built for OEM integration.  Learn more about our OEM program and how to boost revenue and stay ahead of the competition.


Microsoft SQL Server

Case Studies


Quantum realizes revenue increase with custom encryption key management.  

SlimTrader Protects Africa’s Personal Data

SlimTrader says, “AKM for AWS is a Godsend. Finally we can do encryption and key management properly.”


Shift Left - Designing Applications for Encryption & Key Management

Learn how to approach data security (encryption and key management) both from a design point of view as well as from an implementation point of view.

Solution Briefs

Alliance Key Manager

Alliance Key Manager (AKM) is a solution that provides Enterprise customers, OEMs, and ISVs with a secure method of managing encryption keys for their data security applications.

Alliance Key Manager for AWS

Encryption and Key Management in Amazon Web Services (AWS).

Alliance Key Manager for Microsoft Azure

Encryption key management for Microsoft Azure.

Alliance Key Manager for VMware

Using the same FIPS 140-2 compliant technology that is in Townsend Security’s (HSM), Alliance Key Manager for VMware enables enterprises to meet compliance requirements and accelerate deployment of mission critical security technology.

Alliance Key Manager Platforms and Languages

Alliance Key Manager (AKM) provides the strong protection for encryption keys that is central to a secure encryption strategy.


Alliance Key Manager

Alliance Key Manager works with all major business platforms, cloud platforms, and leading encryption applications.