AWS Payment Cryptography now supports exchanging cryptographic keys using Elliptic-curve Diffie–Hellman (ECDH). With this new feature, customers now have a method to electronically exchange keys up to 256 bits in strength. These capabilities bring more flexibility in addition to existing support for industry norms such as TR-34 and TR-31/X9.143. With AWS Payment Cryptography, you can simplify cryptography operations in your cloud-hosted payment applications with a service that grows elastically with your business and has been assessed as compliant with PCI PIN Security and Point-to-Point Encryption (P2PE) requirements.
While payment processing has traditionally relied on TDES (Triple DES) encryption schemes, customers have shown a greater interest in moving to the more secure AES (Advanced Encryption Standard) standard including the 256-bit option. With this feature, AWS Payment Cryptography provides an interoperable method to exchange any key supported by the service with a customers on-premise HSM, providing a secure method of key synchronization and migration. ECDH can also be used when transferring keys to mobile payment applications such as those certified under the PCI MPoC (Mobile Payments on Commercial-off-the-shelf devices) standard. This removes the risks and hassle of manual processes and makes it easier to upgrade to the latest cryptographic standards.
These features are available in all AWS Regions where AWS Payment Cryptography is available. For detailed information and samples for utilizing the new key exchange features, please download the latest AWS CLI/SDK and review importing and exporting keys in the AWS Payment Cryptography Developer Guide.
Source:: Amazon AWS