Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • 01 ProtectServer - Part I - Product Overview

    Загружено:

    masanjaya
    170 просмотров20 страниц
    explaining about HSM product server from SafeNet inc.

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PPTX, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    explaining about HSM product server from SafeNet inc.

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PPTX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    170 просмотров20 страниц

    01 ProtectServer - Part I - Product Overview

    Загружено:

    masanjaya
    explaining about HSM product server from SafeNet inc.

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PPTX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 20

    Protect Server HSM

    Product Overview

    SafeNet Confidential and Proprietary

    Agenda
    What is an HSM?
    Protect Server - Product Description
    Questions and Answers

    SafeNet Confidential and Proprietary

    What is an HSM?

    SafeNet Confidential and Proprietary

    Why use an HSM?


    HSMs are used to store vital data objects (e.g. cryptographic keys) in
    a secure environment in a separate physical device
    Securely generate and protect sensitive encryption keys in hardware
    Symmetric Keys
    Asymmetric Keys

    Protect sensitive applications deployed in un-trusted or hostile


    environments
    Accelerate cryptographic operations
    Encryption; Decryption; Signing; Time Stamping; Hashing

    SafeNet Confidential and Proprietary

    Hardware Security Modules Features


    HSMs device can be a PCI card or a network attached
    HSM (appliance)
    Can be analogous to a safe
    Purpose Isolate Keys from Application/Data
    Provide main 2 Functions: Crypto storage and high
    performance processing (Application Acceleration)
    Certified hardware FIPS/CC

    SafeNet Confidential and Proprietary

    Hardware Security Modules Features


    Strong 2-factor role-based authentication for administrator
    access
    Auditing and Reporting
    Wide range of SDKs/Toolkits for flexible integration is
    provided
    Load Balancing/High Availability
    Secure backup and restore

    SafeNet Confidential and Proprietary

    Hardware Security Modules Integration


    HSMs always integrated with application on same server or
    network attached
    Application communicates with keys stored in HSM usually via a
    client. The keys are always stored by default in the hardware HSM.
    HSM Usage:
    PKI Key storage for CAs signing of Digital Certificates
    EFT Retail and Banking (PIN processing for Credit/Debit Cards at
    ATMs or Point of Sale, Smart Card issuance). PCI DSS requirements
    Customised Applications document signing, time stamping,
    ePassport projects, DNSSEC

    SafeNet Confidential and Proprietary

    Protect Server

    SafeNet Confidential and Proprietary

    ProtectServer
    General Purpose or Developer HSM
    Very Flexible no Cryptographic limitations
    Commonly used for applications such as:
    Document Signing, TimeStamping, ID Cards, ePassports
    Can run non-Standard Applications & Specialist
    Applications (Customised Code)
    Normally used by customers with development skills
    (possibly using Professional Services)

    SafeNet Confidential and Proprietary

    ProtectServer HSM Product Range

    ProtectServer Gold
    (PCI-X)

    ProtectServer Internal-Express
    (PCI express x4)

    ProtectServer External
    Network-Attached
    SafeNet Confidential and Proprietary

    10

    Protect Server HSMs


    Protect Server Gold/Protect Server Internal-Express
    General purpose PCI/Express HSM for:
    PKCS#11 apps
    Microsoft apps
    Java apps
    Executing secure PKCS#11 app (C Code) - with FM
    EFT - with FM
    3 performance modes: 25, 220 or 600 signing/second
    (RSA1024)
    Protect Server External
    Protect Server (Gold) in Network-attached chassis
    3 performance modes: 25, 220 or 600 signing/second
    (RSA1024)

    SafeNet Confidential and Proprietary

    11

    Protect Server About Inside


    Cost effective, FIPS validated, flexible general purpose
    HSM
    Support for custom applications
    Hardware emulation
    Functionality Module support
    GUI tools for basic key management
    Rich Application Support (PKI, Card Issuing, ...)
    Flexible Security Model provided by set of toolkits
    (This will not always appeal to some customers who want
    the more rigid security of the Luna)

    SafeNet Confidential and Proprietary

    12

    Protect Server About Inside


    Smartcard backup for cryptographic objects
    (Convenient, not as secure as the Luna Backup device)
    Relatively low-cost
    Integrated with most applications that utilize the
    PKCS#11, Java or Microsoft CSP APIs.

    SafeNet Confidential and Proprietary

    13

    Protect Server Features


    4MB Secure Memory for crypto objects. Separate Flash
    memory (2MB limit) reserved for Functionality Module
    (FM) Code
    WLD Work Load Distribution (multiple HSMs working
    together no automatic replication)
    Serial connections for:
    SmartCard Readers for Backup/Restore (orderable)
    PIN Pads for direct input of Key Components
    (orderable)
    Other devices (e.g. Printers for direct printing of PIN
    mailers)
    SafeNet Confidential and Proprietary

    14

    Protect Server Features


    The HSM includes high-speed DES and RSA hardware
    acceleration as well as generic security processing.
    Secure key storage is included in form of persistent,
    tamper resistant CMOS storage.
    True random number generation

    SafeNet Confidential and Proprietary

    15

    Protect Server API support


    Support for Windows, Linux, Solaris, IBM/HP UNIX
    API / Standard Crypto Interfaces

    ToolKit Name

    PKCS#11 (Cryptoki)

    ProtectToolkit C (PTKC)

    Microsoft CAPI/CNG

    ProtectToolkit M (PTKM)

    Java JCA/JCE

    ProtectToolkit J

    (PTKJ)

    Java Cryptographic Architecture /


    Cryptographic Extension

    Functionality Modules (FM):


    Build and Load Custom App on HSM

    ProtectProcessing Toolkit

    FM capabilities on Protect Server are used by customers with strong development


    skills (possibly using Professional Services)
    More on Protect Processing Toolkit:
    Software Development Kit (SDK) for Functional Module development
    Host Development Kit (HDK) for Host Messaging interface to the FM
    OpenSSL engine and ProtectToolkit EFT
    SafeNet Confidential and Proprietary

    16

    ProtectServer HSM Application Categories


    Electronic Funds Transfer
    Retail/Consumer-initiated transactions
    ATM
    EFT/PoS
    Internet banking
    Phone banking
    Mobile (phone) banking
    Interbank / Wholesale Banking
    Clearing & Settlement Systems (national)
    SWIFT (International)

    SafeNet Confidential and Proprietary

    17

    ProtectServer HSM Application Categories


    General purpose Cryptographic Operations
    Card Management Systems
    Data Prep / Card Personalization
    Branch Networks
    B2C and B2B eCommerce
    PKI / Certification Authorities
    Web Servers SSL acceleration
    Web Servers Internet Shopping
    Payment Gateways
    Customer Database Protection Credit Card Numbers

    SafeNet Confidential and Proprietary

    18

    ProtectServer HSM Application Categories


    General purpose Cryptographic Operations
    Miscellaneous
    Time Stamping / Notary Services
    Electronic Toll Systems
    Lottery / Gambling / Gaming Systems
    PayTV / DRM / Digital Content Distribution
    API-based

    SafeNet Confidential and Proprietary

    19

    Thank You!

    SafeNet Confidential and Proprietary

    Вам также может понравиться