Sandhiguna Key Management System "SG-KMS"

  • Flexible and user friendly software-based key management system with hardware-based root of trust and protection.
  • Run on a wide range of Intel based servers with enabled Intel® Software Guard Extensions (Intel SGX).
  • Designed to support high-performance real time applications.
  • Implement state-of-the-art international standard cryptographic algorithms.
  • Separation of concerns between Cryptographic Services, Key Management Service and Audit Log Service, either logically or physically.
  • Business applications get cryptographic services by using SDK or REST API.​

Sandhiguna Key Management System

Software-Based Key Management System with Hardware-Based Root of Trust

  • Sandhiguna builds a Key Management System (SG-KMS) to manage cryptographic keys throughout their life cycles and to protect the keys from breaches due to improper key management.
  • We deploy state-of-the-arts cryptographic tools that run on Hardware-based Secure Enclave technology (Intel® Software Guard Extensions) to provide both key management system and cryptographic services at the enterprise level.
  • SG-KMS is built locally by an all-Indonesian team of experts to meet stringent international standards (Common Criteria for Information Technology Security Evaluation – expected by end of March 2023).
  • SG-KMS continues to be developed to include, by Q2 of 2023, quantum-secure cryptographic services, to protect against adversaries capable of implementing large-scale quantum attack algorithms

Application-Level Data Protection

SG-KMS Provides Highest Data Protection at Application Level

Highest Data Protection

• Application Level
• Protect against Database Administrator and Database Users

Advanced Data Protection

• Database Level
• Protect against administrator abuse and containers theft

Basic Data Protection

• Server and Storage Storage Level
• Protect against loss or theft of physical media

Use Cases

How SG-KMS Helps Your Business …

KEY MANAGEMENT

Provide management of keys and
cryptographic services across
multiple environments

APPLICATION DATA ENCRYPTION

Provide key management and
encryption solution to keep data secure
at the application level

TOKENIZATION

Substitutes token for sensitive data
to achieve privacy compliance and protect against data breaches

SECRET MANAGEMENT

Manages secrets natively on-premises and
on-cloud by providing extensive REST APIs and friendly SDK

END TO END PROTECTION

Ensures end-to-end protection for
sensitive information, especially for
authentication purposes

DIGITAL SIGNING

Ensures the security of the private keys associated with certificates across
multiple environments

BRING YOUR OWN KEY

Generate and store keys and perform encryption in customer’s data center with a single point of management & auditability

MULTI CLOUD PROVIDER

Secures sensitive data in public, private, hybrid or multi cloud environments

RANSOMWARE PROTECTION

Encrypts backup data to avoid data loss,
ensure availability and avoid regulatory penalties