Abstract: A payment card data preparation and personalization platform provides a card production environment that provides a production context in which card products and card configurations are able to be defined, for example using various guided user interfaces. Furthermore, the platform implements a data preparation engine and a personalization engine. User interfaces guide definition of payment card products, and aspects of data preparation and personalization are independently executable. A product wizard assists with guided definition of a payment card product to be used within the platform.

Abstract: Methods and systems for remote, asynchronous key entry and extraction are provided. A credential device can store a first key thereon, and can store an encrypted key component. A hardware security module manages a key template including a plurality of key components. The hardware security module manages a complementary key to the first key. The key component on the credential device can be encrypted with the first key for storage on the credential device and decrypted by the complementary key at the hardware security module. Alternately, the key component can be encrypted with the complementary key and provided to the credential device for decryption at a secure system via the first key. Accordingly, a key custodian may supply or extract a key component at a hardware security module remotely and at a time convenient to that key custodian.

Abstract: Systems and methods for managing cryptographic tokens within a hardware security module are disclosed. A parent cryptographic token contains a plurality of parent cryptographic objects, and a child cryptographic token contains a plurality of child cryptographic objects. The child cryptographic token is associated with the parent cryptographic token. A session established with the child token provides access to at least some of the plurality of child cryptographic objects and at least some the plurality of parent cryptographic objects.

Abstract: A cryptographic object management system is provided that includes physically separated first and second object management sites. The first and second object management sites each respectively include HSMs, a HSM server connected to each of the HSMs, and a persistent layer connected to the HSM server. The HSM servers respectively manage operation of each of the HSMs. The HSM server of the first object management site includes an object manager module that manages and controls the cryptographic object management system. The persistent layers respectively store cryptographic objects for use by the HSMs. Each of the HSMs respectively performs crypto-processing on one or more of the cryptographic objects.

Abstract: A cryptographic object management system is provided that includes physically separated first and second object management sites. The first and second object management sites each respectively include HSMs, a HSM server connected to each of the HSMs, and a persistent layer connected to the HSM server. The HSM servers respectively manage operation of each of the HSMs. The HSM server of the first object management site includes an object manager module that manages and controls the cryptographic object management system. The persistent layers respectively store cryptographic objects for use by the HSMs. Each of the HSMs respectively performs crypto-processing on one or more of the cryptographic objects.

Abstract: Methods and systems for remote, asynchronous key entry and extraction are provided. A credential device can store a first key thereon, and can store an encrypted key component. A hardware security module manages a key template including a plurality of key components. The hardware security module manages a complementary key to the first key. The key component on the credential device can be encrypted with the first key for storage on the credential device and decrypted by the complementary key at the hardware security module. Alternately, the key component can be encrypted with the complementary key and provided to the credential device for decryption at a secure system via the first key. Accordingly, a key custodian may supply or extract a key component at a hardware security module remotely and at a time convenient to that key custodian.

Abstract: A cryptographic object management system is provided that includes physically separated first and second object management sites. The first and second object management sites each respectively include HSMs, a HSM server connected to each of the HSMs, and a persistent layer connected to the HSM server. The HSM servers respectively manage operation of each of the HSMs. The HSM server of the first object management site includes an object manager module that manages and controls the cryptographic object management system. The persistent layers respectively store cryptographic objects for use by the HSMs. Each of the HSMs respectively performs crypto-processing on one or more of the cryptographic objects.

Abstract: A system and method for remote monitoring and management of an instant issuance system is provided. The embodiments provide secure communication between different entities within the instant issuance system. Security can be established via mutual authentication between the communicating entities of the instant issuance system prior and/or concurrent with a communication taking place.

Abstract: A system and method for remote monitoring and management of an instant issuance system is provided. The embodiments provide secure communication between different entities within the instant issuance system. Security can be established via mutual authentication between the communicating entities of the instant issuance system prior and/or concurrent with a communication taking place.

Abstract: A system and method for remote monitoring and management of an instant issuance system is provided. The embodiments provide secure communication between different entities within the instant issuance system. Security can be established via mutual authentication between the communicating entities of the instant issuance system prior and/or concurrent with a communication taking place.

Abstract: A system and method for remote monitoring and management of an instant issuance system is provided. The embodiments provide secure communication between different entities within the instant issuance system. Security can be established via mutual authentication between the communicating entities of the instant issuance system prior and/or concurrent with a communication taking place.

Abstract: A system and method for remote monitoring and management of an instant issuance system is provided. The embodiments provide secure communication between different entities within the instant issuance system. Security can be established via mutual authentication between the communicating entities of the instant issuance system prior and/or concurrent with a communication taking place.

Abstract: A cryptographic object management system is provided that includes physically separated first and second object management sites. The first and second object management sites each respectively include HSMs, a HSM server connected to each of the HSMs, and a persistent layer connected to the HSM server. The HSM servers respectively manage operation of each of the HSMs. The HSM server of the first object management site includes an object manager module that manages and controls the cryptographic object management system. The persistent layers respectively store cryptographic objects for use by the HSMs. Each of the HSMs respectively performs crypto-processing on one or more of the cryptographic objects.

Abstract: A system and method for remote monitoring and management of an instant issuance system is provided. The embodiments provide secure communication between different entities within the instant issuance system. Security can be established via mutual authentication between the communicating entities of the instant issuance system prior and/or concurrent with a communication taking place.