Sandhiguna Key Management System "SG-KMS"
- Flexible and user friendly software-based key management system with hardware-based root of trust and protection.
- Run on a wide range of Intel based servers with enabled Intel® Software Guard Extensions (Intel SGX).
- Designed to support high-performance real time applications.
- Implement state-of-the-art international standard cryptographic algorithms.
- Separation of concerns between Cryptographic Services, Key Management Service and Audit Log Service, either logically or physically.
- Business applications get cryptographic services by using SDK or REST API.


Sandhiguna Key Management System
Software-Based Key Management System with Hardware-Based Root of Trust
- Sandhiguna builds a Key Management System (SG-KMS) to manage cryptographic keys throughout their life cycles and to protect the keys from breaches due to improper key management.
- We deploy state-of-the-arts cryptographic tools that run on Hardware-based Secure Enclave technology (Intel® Software Guard Extensions) to provide both key management system and cryptographic services at the enterprise level.
- SG-KMS is built locally by an all-Indonesian team of experts to meet stringent international standards (Common Criteria for Information Technology Security Evaluation – expected by end of March 2023).
- SG-KMS continues to be developed to include, by Q2 of 2023, quantum-secure cryptographic services, to protect against adversaries capable of implementing large-scale quantum attack algorithms
Application-Level Data Protection
SG-KMS Provides Highest Data Protection at Application Level

Highest Data Protection
• Application Level
• Protect against Database Administrator and Database Users

Advanced Data Protection
• Database Level
• Protect against administrator abuse and
containers theft

Basic Data Protection
• Server and Storage Storage Level
• Protect against loss or theft of physical
media

Use Cases
How SG-KMS Helps Your Business …

KEY MANAGEMENT
Provide management of keys and
cryptographic services across
multiple environments

APPLICATION DATA ENCRYPTION
Provide key management and
encryption solution to keep data secure
at the application level

TOKENIZATION
Substitutes token for sensitive data
to achieve privacy compliance and protect
against data breaches

SECRET MANAGEMENT
Manages secrets natively on-premises and
on-cloud by providing extensive REST APIs and friendly SDK

END TO END PROTECTION
Ensures end-to-end protection for
sensitive information, especially for
authentication purposes

DIGITAL SIGNING
Ensures the security of the private keys associated with certificates across
multiple environments

BRING YOUR OWN KEY
Generate and store keys and perform encryption in customer’s data center with a single point of management & auditability

MULTI CLOUD PROVIDER
Secures sensitive data in public, private, hybrid or multi cloud environments

RANSOMWARE PROTECTION
Encrypts backup data to avoid data loss,
ensure availability and avoid regulatory penalties