The Partner Key Management (PKM) process is used by J.P. Morgan as a way to verify that the credentials submitted for activation on the Host-to-Host servers not only meet the requirements for validity period and key strength, but also that they have been submitted by persons duly authorized by the client.
There are three options for submitting renewal keys for inspection and approval.
a. You must have the Key Management entitlement for the applicable Host-to-Host Partner ID
b. These entitlements are managed by your company’s J.P. Morgan ACCESS Security Administrator.
a. If Certificate is used, the key file must be Ascii Armor signed with your current PGP key
a. Filenames must not contain spaces or special characters
b. SSH and PGP key filenames must have a .txt extension
c. SSL certificates must be in p7b format and extension
The use of Rapid Renewal is a secure submission process in which you use your existing credentials to submit new certificates.
Rapid Renewal Process
<Partner ID>.TRANSPORT.IN.DAT (for SSH or SSL keys)
<Partner ID>.PAYLOAD.IN.DAT (for PGP keys)
a. The email will be sent to the contacts of record in Host-to-Host.
b. Please contact your J.P. Morgan Service representative to update these contacts.
a. The activation filename must be: <Partner ID>.ACTIVATE.IN.DAT.
b. The content of the activation file is structured XML, as shown below.
c. After the activation file has been successfully processed, you will receive an email, and your PGP key will be live.
d. The previous PGP key can no longer be used.
Activation File Contents
<!—Replace ‘XXXXXX’ with your Partner ID. -->
<!--This serialNumber is the eight character short KeyID of the PGP key to replace the ‘1A2B3C4D’ string below. Add '0x' at the start of the serial number if it is missing.-->
If you do not meet the criteria for Rapid Renewal, the email submission process must be used as described below. The J.P. Morgan Security Services (IMSD) group will action only those requests received from authorized individuals listed as Security Administrators using the Security Administration Designation Form (SADF). Using the SADF, you will identify the individuals with their names, mailing addresses, signatures, phone numbers and email addresses. IMSD cannot disclose security administrator or SADF information, so please contact your J.P. Morgan client service representative for further assistance with this requirement.
Email Submission Process (Requires two Security Administrators)
The email request must be received at least five days prior to the key implementation date.
Requests are actioned Monday through Friday, 8:00 a.m. to 1:00 a.m. Eastern Time.
a. If the key/certificate is approved, IMSD will forward the approved keys for installation.
i. You will then be informed of receipt of the key file via email and the scheduled date and time for the action to take place will be confirmed or requested.
b. If the key is not approved, IMSD will notify you directly via email to indicate the rejection reason(s) and provide steps to remediate the issue, copying the associated service representatives for awareness.
IMSD Security Operations: Key Management
Contact the Solution Center Transmissions Support team at 978-805-1200 with any questions about the Host-to-Host platform. Representatives are available to assist you, 24 hours a day, Monday through Friday. Please note that the support team cannot advise on specific actions needed to make required changes to your systems. You should contact your application vendors for assistance.