Posted: Sat Nov 15, 2008 4:05 am Post subject: PCI 1.2 and key management
This is my first post here so hopefully I am hitting the right audience. I am tasked with architecting an environment that is PCI 1.2 compliant from a systems and network perspective. We will be in the level 1 service provider category. That being said, I am mostly concerned (and confused) on how to tackle section 3.6. I am not a programmer but understand most concepts pretty well. That being said, can anyone lend me an understand of how a webserver is supposed to access encrypted PAN data in a database if the webserver is not to hardcode or store they key to decrypt the data? I have heard of hardware encryption devices but is that pretty much it. I know nothing more than they exist and may solve this problem. Can anyone lend me some ideas?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum