AWS Payment Cryptography のアイコン

AWS Payment Cryptography Specialized2023年〜

A managed service providing cryptographic key management and operations for payment processing

About 2 min read

What It Does

AWS Payment Cryptography is a managed service that provides cryptographic key management and operations (PIN verification, card verification value generation, transaction data encryption) needed for credit card payment processing. It protects cryptographic keys in HSMs (Hardware Security Modules) compliant with PCI DSS and PCI PIN.

Use Cases

Used for credit card payment PIN verification, CVV/CVV2 generation during card issuance, encrypting and decrypting transaction data between payment networks, and cloud migration of payment processing systems.

Everyday Analogy

Think of it like a cryptographic device in a bank vault. It performs card payment PIN verification and card number encryption on a device inside a strictly managed vault (HSM).

What Is Payment Cryptography?

AWS Payment Cryptography is a cryptographic service for the payments industry. Traditionally, cryptographic operations for payment processing required on-premises Payment HSMs (Thales payShield, Futurex, etc.), but Payment Cryptography provides this as a managed cloud service. It holds PCI DSS Level 1 and PCI PIN certifications.

Cryptographic Keys and Operations

Payment Cryptography manages payment industry-standard cryptographic keys (BDK, DUKPT, KEK, PEK, etc.). It provides cryptographic operations including PIN block translation, CVV/CVV2 generation and verification, MAC (Message Authentication Code) generation and verification, and data encryption/decryption. Key import/export supports TR-31/TR-34 formats. For a comprehensive view of cryptographic keys and operations, reference books (Amazon) are a great resource.

Getting Started

Create or import cryptographic keys in the Payment Cryptography console and execute cryptographic operations via the API. Key migration from existing Payment HSMs is done using TR-31/TR-34 formats.

Things to Watch Out For

  • Holds PCI DSS Level 1 and PCI PIN certifications, meeting compliance requirements for payment processing
  • Billed based on the number of cryptographic keys and cryptographic operations
共有するXB!

Related Services

AWS KMS iconAWS KMSA managed encryption key service for securely creating and managing keys used to encrypt dataAWS Lambda iconAWS LambdaA serverless compute service that runs code without server managementAmazon API Gateway iconAmazon API GatewayA fully managed service for creating, publishing, managing, and monitoring APIsAWS CloudTrail iconAWS CloudTrailA service that records and monitors API activity in your AWS account

Related Articles

Cloud Payment Processing with AWS Payment Cryptography - Cryptographic Key Management and PIN VerificationLearn how Payment Cryptography manages payment cryptographic keys, encrypts and decrypts PIN blocks, and achieves PCI DSS compliance.

More in This Category

IAM Access Analyzer iconIAM Access Analyzer SpecializedA service that detects externally accessible resources and unused access permissionsAWS Certificate Manager iconAWS Certificate Manager EssentialA service that automates provisioning, management, and deployment of SSL/TLS certificatesAWS Artifact iconAWS Artifact SpecializedA service for on-demand access to AWS compliance reports and agreementsAWS Audit Manager iconAWS Audit Manager SpecializedA service that automates evidence collection and assessment for compliance auditsAWS CloudHSM iconAWS CloudHSM SpecializedA service for managing encryption keys using dedicated hardware security modulesAmazon Cognito iconAmazon Cognito PopularA service that provides authentication, authorization, and user management for web and mobile applicationsAmazon Detective iconAmazon Detective SpecializedA service that automatically analyzes security findings and investigates root causesAWS Directory Service iconAWS Directory Service SpecializedA service that provides managed Active Directory on AWS

Similar Articles and Services

Cloud Payment Processing with AWS Payment Cryptography - Cryptographic Key Management and PIN VerificationLearn how Payment Cryptography manages payment cryptographic keys, encrypts and decrypts PIN blocks, and achieves PCI DSS compliance.HSM Architecture of AWS Payment Cryptography - A Deep Dive into PCI DSS Compliant Payment EncryptionAWS Payment Cryptography is a managed HSM service purpose-built for the payment industry, providing PCI DSS compliant encryption and tokenization in a serverless model. This article takes a deep dive into the technical mechanisms of payment encryption, including PIN block generation, DUKPT key management, and how it differs from CloudHSM.Hardware Security Modules - Dedicated Cryptographic Key Management with AWS CloudHSMLearn about dedicated cryptographic key management with AWS CloudHSM. Covers when to choose CloudHSM over KMS, FIPS 140-2 Level 3 compliance, TLS offloading, and Oracle TDE integration.Where Are KMS Encryption Keys Stored? - How Envelope Encryption and HSMs WorkThis article explains how KMS master keys are stored inside FIPS 140-2 certified HSMs, how envelope encryption provides double protection for data keys, and the internal workings of key rotation.AWS CloudHSMA service that provides dedicated FIPS 140-2 Level 3 certified hardware security modules for generating, storing, and performing cryptographic operations with encryption keys in the cloud