The Key Encryption Key (KEK) is a critical security component in Mi-Token's solution for provisioning mobile soft tokens to users. The KEK is used to encrypt the seed values and initialization data that are sent to users' mobile devices when they activate a new soft token app.


Without the KEK, Mi-Token cannot securely deliver soft token seeds to mobile apps, as the data would be transmitted unencrypted and vulnerable to interception. The KEK essentially protects the encryption keys used for each user's mobile soft tokens.


Key features of the KEK:

  • It is a highly encrypted file generated by Mi-Token and delivered to customers upon request.
  • Each Mi-Token installation has a unique KEK associated with its installation certificate.
  • The KEK file must be imported into the Mi-Token system to enable secure mobile soft token provisioning.
  • Without an imported KEK, mobile provisioning is disabled to prevent security vulnerabilities.
  • The KEK can optionally be used to embed a custom company logo into the soft token mobile app.

Proper handling of the KEK is crucial for Mi-Token security. Administrators should treat the KEK file as extremely sensitive and never share it publicly or over insecure channels. If the KEK is compromised, new encryption keys must be generated and redeployed.


In summary, the Key Encryption Key allows Mi-Token to securely provision and update mobile soft tokens for enterprise users without exposing sensitive seed data during transmission.