Cryptosec PCI and Cryptosec LAN, HSM solutions for encryption and digital signature from REALSEC
On this occasion, REALSEC talks to us about encryption and digital signature based on HSM, Hardware Security Module, and presents its solutions in this area: Cryptosec PCI and Cryptosec LAN.
There are many organizations that in adopting digital encryption system, electronic billing… require that they be supported on Hardware based cryptographic systems. Today, HSM Hardware Security Module systems are the only ones recognized by the industry as secure due to the independence and integrity regarding system interaction.
Cryptosec PCI is an HSM Hardware Security Module solution in board format to connect to a PCI Express bus inside the equipment where the used application is stored offering high performance, versatility, and suitability for integrators who want to strengthen their solutions with approved cryptographic hardware; certified and recognized by the highest security standards.
The system is composed of a cryptographic module with flexible software that transmits its functions to the server, with the following capabilities:
• Symmetric-key encryption, both Data Encryption Standard (DES), triple DES two key, triple DES three keys; such as AES, and Secure And Fast Encryption Routine (SAFER) in 64 and 128 bit and K and SK modes.
• HASH functions: MD5, SHA-1, SHA-2, and RIPEMD in 128 and 160 bit.
• RSA algorithm operations with key length of up to 4096.
• Time control, for Timestamp purposes.
• Key generation through a random number generator, as specified in FIPS 186-2 with amendment and approved by FIPS 140-2 Level 3
Another feature that should be pointed out is that one of the versions of the internal firmware incorporates the PKCS #11 standard interface. This hardware is ready to work with all willing applications. In addition, other versions will include specific firmware for use in other environments.
Cryptosec PCI also has PINblock functions for banking; it allows the use of several modules simultaneously; the firmware makes upgrading easy through a secure authentication mechanism; The construction characteristics of the hardware allow another set of capabilities, such as elliptic curves, to be implemented and it is also possible to transport to the module the application code that the customer wants to execute securely.
Cryptosec LAN is a network cryptographic server, with high performance and security levels, for encryption services and digital signature applications, regardless of the operating system where they reside.
Cryptosec LAN offers the maximum security guarantee for encryption applications, high speed cryptographic calculation (encryption, digital signature, key generation..), storage and key custody protected by anti-intrusion mechanisms (TAMPER RESISTANT), inviolability against attempts at manipulation and intrusion, serial port communications for key import and export, asymmetric key operations up to 4096 bits, and native API and PKCS #11 for the development of cryptographic applications.
The server allows access to the HSM through the network. To send a command the client application must form a TCP packet according to the selected command format.
In the case of PKCS #11 interface, it delivers a layer of software in accordance with the communication network standards allowing load balance between several HSM.
In all cases, the system allows the reception of simultaneous requests from one or more clients.
In addition to network access, it has a direct serial connection to the HSM for a VT100 terminal. Through this connection, it carries out administrative tasks such as updates, user registration, loading keys, among others.
Both Cryptosec PCI and Cryptosec LAN (in its HSM Cryptosec PCI) recognize FIPS 140-2 level 3 and Common Criteria EAL 4 + certification standards and have the following safety features:
• Module firmware prevents confidential data from being sent
• Makes access to the different parts of the HSM impossible; with sensors that detect intrusions or anomalies, by deleting the information.
• The HSM is covered by an opaque epoxy resin, a metal cover protects the unit.
• Secure system for loading and key custody from external sources via direct connection to an asynchronous terminal plate.
More information of HSM Hardware Security Module Cryptosec PCI HERE
More information of Cryptographic Server, Cryptosec LAN HERE
Source: Hay Canal