SafeNet Hardware Security Modules True Hardware-Based Key Management for Next-Generation PKI Applications

Transcription

SafeNet Hardware Security Modules True Hardware-Based Key Management for Next-Generation PKI Applications
SafeNet Hardware
Security Modules
True Hardware-Based Key Management
for Next-Generation PKI Applications
SafeNet Hardware Security Modules
As businesses transform and use sensitive data within their enterprise and in the cloud, it is
imperative to ensure trust ownership. SafeNet Hardware Security Modules (HSMs) provide
reliable protection for transactions, identities, and applications by securing cryptographic keys
and provisioning encryption, decryption, authentication, and digital signing services. SafeNet
HSMs are ranked #1 in the market worldwide. They provide the highest-performing, most
secure, and easiest-to-integrate application and transaction security solution for enterprise and
government organizations. Robust FIPS and Common Criteria validation makes SafeNet HSMs
tamper-resistant.
With a broad range of HSM offerings and a full range of API support, SafeNet HSMs enable
application developers to easily integrate security into custom applications. In partnership
with leading application solution providers, SafeNet has produced HSMs that offer end-to-end
protection for organizations, helping them achieve regulatory compliance, streamline business
processes, reduce legal liabilities, and improve profitability.
Healthcare
Financial Services
Utility
Manufacturing
Government
Encrypted
Information
PKI and Key
Management
HSM as the Root of Trust
Industries
Unique Design Features of SafeNet Hardware Security Modules
Secure Hardware Key Management
For maximum security, SafeNet HSMs offer dedicated hardware key management to protect sensitive cryptographic keys from
attack. The high security design ensures the integrity and protection of encryption keys throughout their lifecycle. SafeNet HSMs
offer a variety of models and configurations with a wide range of security, performance, and operational capabilities for accelerated
encryption, and secure key generation, storage, and backup. With this keys-in-hardware approach, applications communicate with
keys stored in the HSM via a client – but keys never leave the HSM.
Key Data
Application
System
RAM
Flash
RAM
PKCS #11 Library
Firmware
Device Driver
Boot Block
SafeNet HSM
Host Server
Trust Anchor Security for Public Key Infrastructure
Storing cryptographic keys and certificates in hardware on a dedicated, centralized HSM that is wrapped in multiple levels of security
eliminates the risk of loss or theft, and is the only definitive method of ensuring and enforcing trusted, granular security policies in
a PKI environment. SafeNet HSMs offer a reliable key management solution that both protects private keys and certificates against
ever-evolving data threats and meets mounting compliance mandates.
Flexibility for the Next-generation of PKI
With an unparalleled combination of features—including central key and policy management, robust encryption support, flexible
integration, and more – SafeNet hardware security modules enable organizations to guard against evolving threats and capitalize on
the emerging opportunities presented in technological advances. In addition, SafeNet HSMs meet the demands for high availability
and high performance required to unlock the next generation of PKI.
Secure Remote Management and Activation for Maximum Security in Third-party Environments
SafeNet’s Remote PIN Entry Device (PED) and Secure Transport Mode allow security administrators to remotely manage
administration functions and activate HSMs deployed in a third-party environment, such as a data center, using a two-factor
authenticated device.
Securing Identities and Transactions in the Cloud
Combining the security benefits of hardware security modules with the cloud delivery model, security implementations can be far
less expensive than traditional in-house deployments, putting state-of-the-art security capabilities within reach of even small and
medium-sized businesses for the first time. SafeNet HSMs support the leading virtualized platforms, including VMware vSphere,
Microsoft Hyper-V, and Citrix XenServer. SafeNet HSMs are also highly scalable, with support for up to 100 clients and 20 partitions,
enabling organizations to maximize the return on their investment.
HSM Design Best Practices
SafeNet HSMs incorporate features developed through extensive operational experience, implementing best practices in hardware,
software, and operations that make the deployment of secure HSMs as easy as possible. SafeNet HSMs adhere to rigorous design
requirements and must pass through stringent product verification testing, followed by real-world application testing to verify the
security and integrity of every appliance.
With SafeNet Hardware Security Modules, You Can:
• Offload and accelerate cryptographic operations to a dedicated cryptographic processor that eliminates bottlenecks and
maximizes application performance
• Centralize lifecycle management of cryptographic keys—from generation, distribution, rotation, storage, termination, and
archival—in a purpose-built, highly secure appliance
• Improve profitability and achieve compliance with solutions for paper-to-digital initiatives, PCI DSS, digital signatures, DNSSEC,
hardware key storage, transactional acceleration, certificate signing, code or document signing, bulk key generation, data
encryption, and more
“SafeNet not only helped us
meet our most challenging data
protection and compliance
needs, but they also provided us
with a security foundation for
future expansion. This allows
us to maximize our security
investments as data threats and
compliance landscapes evolve.”
General Purpose HSMs
Luna SA
The SafeNet Luna SA is a flexible, high assurance, and high
performance network-attached HSM, providing up to 6,000 signings per
second and hardware-protected key management, where security and
performance are a top priority.
Sample Applications
•PKI key generation & key
storage (online CA keys &
offline CA keys)
•Certificate validation &
signing
Luna SP
The Luna SP allows developers to securely deploy Web applications,
Web services, and other Java applications in a protected hardened
security appliance. With a secured application execution environment
and powerful access control policies, the Luna SP ensures the
integrity of applications, and delivers high-performance cryptographic
processing and key management.
•Document signing
•Transaction processing
•Database encryption
•Smartcard issuance
•Digital Signatures
•eDocuments
Luna XML
•ePassport
The SafeNet Luna XML is designed for securing identities and
documents used in Web services applications. It has a zero footprint on
the host application server, providing for rapid, independent, flexible,
cost-effective, and highly scalable deployments.
•Database Encryption
•Certificate Validation
•Root Key Protection
•Transaction Processing
•Smart Card Issuance
Luna CA
•DNSSEC
The SafeNet Luna CA offers the strictest hardware security for
Certificate Authorities (CAs) issuing digital identities in PKIs. It protects
the PKI root key and performs all key management, key storage, and key
operations (such as digital signing) exclusively within hardware.
•Code Signing
•Web Services
•Trusted Manufacturing
•Smart Metering
•EFT Payment
Luna PCI
The SafeNet Luna PCI is the fastest, most secure, cryptographic
PCI accelerator card in the industry, and is widely used by major
governments, financial institutions, and large enterprises around the
world. The PCI-X and PCI express bus on the Luna PCI easily plugs
into the host computer and provides reliable protection for data,
applications, and digital identities to reduce risk and ensure regulatory
compliance.
Luna SX
The SafeNet Luna SX is a central management console for rapid HSM
setup and easy remote administration of the SafeNet Luna SA and Luna
SP. Luna SX provides a central, Web-based management console for
setup of access control rights, and policy management options, as well
as partition and client configuration, thereby dramatically reducing the
cost of managing multiple HSMs.
•PIN Management
“We need a reliable partner
to generate added value for
our business and for our
customers. SafeNet, with its
security expertise and leading
technology, is the best choice to
ensure the authenticity of our
invoices and bring peace of mind
to us and all our customers.”
~ Jan Goosens
Manager Software
Development,
Antwerp Port Authority
Payment HSMs
Luna EFT
The Luna EFT (PH-EFT) is a network-attached hardware security module
(HSM) designed for retail payment system processing environments
for credit, debit, e-purse, and chip cards, as well as Internet payment
applications. It offers secure PIN and card processing, message
authentication, comprehensive key management, and general-purpose
cryptographic processing.
ProtectServer External
The SafeNet ProtectServer External is a highly flexible and cost-effective
network-attached HSM that performs as a central cryptographic subsystem
for delivery of comprehensive symmetric and asymmetric cryptographic
services.
Protect Server Gold
A PCI Adapter-based HSM, the SafeNet ProtectServer Gold is a highly
flexible, application-friendly and cost-effective HSM that provides a wide
range of cryptographic services, including high-speed encryption, user and
data authentication, and message integrity, as well as secure key storage
and key management for e-Commerce. The ProtectServer Gold provides
high performance and secure cryptographic processing in server systems,
and supports applications requiring high-performance symmetric and
asymmetric cryptographic operations.
Core Benefits
•Validated security with
FIPS 140-2 Level 3
and Common Criteria
certification
•Only HSM provider to
offer true in hardware
key generation and
storage
•Extensive backup
features for disaster
recovery
•Multi-factor
authentication for
remote administration
and management
•Supports Virtualization
and Cloud Environments
ViewPIN+
For banks, credit card issuers, telecom operators, and retailers with
membership/PIN cards, SafeNet’s award-winning ViewPIN+ is the only
secure Web-based PIN issuance and management solution that delivers
unprecedented customer satisfaction and proven cost savings by
eliminating expensive, insecure, and time-consuming paper-based PIN
delivery to customers. ViewPIN+ also prevents unauthorized access to
sensitive HSM administration functions.
HSM Payment Toolkit
SafeNet’s HSM Payment Toolkit is a host support, API, and communications
software package that enables convenient and direct access to SafeNet’s
line of payment-specific and payment-enabled HSMs, allowing for quick
and easy application integration and run-time execution.
“SafeNet not only helped us
meet our most challenging
data protection and
compliance needs, but
they also provided us with
a security foundation for
future expansion. This
allows us to maximize
our security investments
as data threats and
compliance landscapes
evolve.”
~Shaun Hodgkiss
Technical Director
Tutuka Software
Contact Us: For all office locations and contact information, please visit www.safenet-inc.com
Follow Us: www.safenet-inc.com/connected
©2011 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet.
All other product names are trademarks of their respective owners. FB (EN)_A4