From the PCI DSS2 docs: https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf
3.4.1.b Verify that cryptographic keys are stored securely (for example, stored on removable media that is adequately protected with strong access controls).
We're using a batch-processing fulfillment house that handles credit card data once every 24 hours. This requires we store customer credit card data for as long as a week worst-case if there's an outage, etc.
During this time we'd like the CC info stored to be stored as securely as possible. I've seen setups where the data is stored encrypted with the key stored on a thumb drive that's attached nightly to run the batch process, but t开发者_如何学Gohis is an incredibly flimsy and manual method of handling the batch process. Surely there's a better way to store the key, but protect it from hackers who get access to the machine, or exploit software installed on the machine.
What's the best way to store a key without this manual process?
精彩评论