ICSF uses the master key concept to protect cryptographic keys. Master keys, which are stored in secure hardware in the cryptographic feature, are used to encrypt all other keys on the system. All other keys that are encrypted under these master keys are stored outside the protected area of the cryptographic feature. This is an effective way to protect a large number of keys while needing to provide physical security for only a few master keys.

The master keys are used only to encipher and decipher keys. Other key-encrypting keys that are called transport keys also encipher and decipher keys and are used to protect cryptographic keys you transmit to other systems. These transport keys, while on the system, are also encrypted under a master key.