SafeNet Hardware Security Modules True Hardware-Based Key Management for Next-Generation PKI Applications
Transcription
SafeNet Hardware Security Modules True Hardware-Based Key Management for Next-Generation PKI Applications
SafeNet Hardware Security Modules True Hardware-Based Key Management for Next-Generation PKI Applications SafeNet Hardware Security Modules As businesses transform and use sensitive data within their enterprise and in the cloud, it is imperative to ensure trust ownership. SafeNet Hardware Security Modules (HSMs) provide reliable protection for transactions, identities, and applications by securing cryptographic keys and provisioning encryption, decryption, authentication, and digital signing services. SafeNet HSMs are ranked #1 in the market worldwide. They provide the highest-performing, most secure, and easiest-to-integrate application and transaction security solution for enterprise and government organizations. Robust FIPS and Common Criteria validation makes SafeNet HSMs tamper-resistant. With a broad range of HSM offerings and a full range of API support, SafeNet HSMs enable application developers to easily integrate security into custom applications. In partnership with leading application solution providers, SafeNet has produced HSMs that offer end-to-end protection for organizations, helping them achieve regulatory compliance, streamline business processes, reduce legal liabilities, and improve profitability. Healthcare Financial Services Utility Manufacturing Government Encrypted Information PKI and Key Management HSM as the Root of Trust Industries Unique Design Features of SafeNet Hardware Security Modules Secure Hardware Key Management For maximum security, SafeNet HSMs offer dedicated hardware key management to protect sensitive cryptographic keys from attack. The high security design ensures the integrity and protection of encryption keys throughout their lifecycle. SafeNet HSMs offer a variety of models and configurations with a wide range of security, performance, and operational capabilities for accelerated encryption, and secure key generation, storage, and backup. With this keys-in-hardware approach, applications communicate with keys stored in the HSM via a client – but keys never leave the HSM. Key Data Application System RAM Flash RAM PKCS #11 Library Firmware Device Driver Boot Block SafeNet HSM Host Server Trust Anchor Security for Public Key Infrastructure Storing cryptographic keys and certificates in hardware on a dedicated, centralized HSM that is wrapped in multiple levels of security eliminates the risk of loss or theft, and is the only definitive method of ensuring and enforcing trusted, granular security policies in a PKI environment. SafeNet HSMs offer a reliable key management solution that both protects private keys and certificates against ever-evolving data threats and meets mounting compliance mandates. Flexibility for the Next-generation of PKI With an unparalleled combination of features—including central key and policy management, robust encryption support, flexible integration, and more – SafeNet hardware security modules enable organizations to guard against evolving threats and capitalize on the emerging opportunities presented in technological advances. In addition, SafeNet HSMs meet the demands for high availability and high performance required to unlock the next generation of PKI. Secure Remote Management and Activation for Maximum Security in Third-party Environments SafeNet’s Remote PIN Entry Device (PED) and Secure Transport Mode allow security administrators to remotely manage administration functions and activate HSMs deployed in a third-party environment, such as a data center, using a two-factor authenticated device. Securing Identities and Transactions in the Cloud Combining the security benefits of hardware security modules with the cloud delivery model, security implementations can be far less expensive than traditional in-house deployments, putting state-of-the-art security capabilities within reach of even small and medium-sized businesses for the first time. SafeNet HSMs support the leading virtualized platforms, including VMware vSphere, Microsoft Hyper-V, and Citrix XenServer. SafeNet HSMs are also highly scalable, with support for up to 100 clients and 20 partitions, enabling organizations to maximize the return on their investment. HSM Design Best Practices SafeNet HSMs incorporate features developed through extensive operational experience, implementing best practices in hardware, software, and operations that make the deployment of secure HSMs as easy as possible. SafeNet HSMs adhere to rigorous design requirements and must pass through stringent product verification testing, followed by real-world application testing to verify the security and integrity of every appliance. With SafeNet Hardware Security Modules, You Can: • Offload and accelerate cryptographic operations to a dedicated cryptographic processor that eliminates bottlenecks and maximizes application performance • Centralize lifecycle management of cryptographic keys—from generation, distribution, rotation, storage, termination, and archival—in a purpose-built, highly secure appliance • Improve profitability and achieve compliance with solutions for paper-to-digital initiatives, PCI DSS, digital signatures, DNSSEC, hardware key storage, transactional acceleration, certificate signing, code or document signing, bulk key generation, data encryption, and more “SafeNet not only helped us meet our most challenging data protection and compliance needs, but they also provided us with a security foundation for future expansion. This allows us to maximize our security investments as data threats and compliance landscapes evolve.” General Purpose HSMs Luna SA The SafeNet Luna SA is a flexible, high assurance, and high performance network-attached HSM, providing up to 6,000 signings per second and hardware-protected key management, where security and performance are a top priority. Sample Applications •PKI key generation & key storage (online CA keys & offline CA keys) •Certificate validation & signing Luna SP The Luna SP allows developers to securely deploy Web applications, Web services, and other Java applications in a protected hardened security appliance. With a secured application execution environment and powerful access control policies, the Luna SP ensures the integrity of applications, and delivers high-performance cryptographic processing and key management. •Document signing •Transaction processing •Database encryption •Smartcard issuance •Digital Signatures •eDocuments Luna XML •ePassport The SafeNet Luna XML is designed for securing identities and documents used in Web services applications. It has a zero footprint on the host application server, providing for rapid, independent, flexible, cost-effective, and highly scalable deployments. •Database Encryption •Certificate Validation •Root Key Protection •Transaction Processing •Smart Card Issuance Luna CA •DNSSEC The SafeNet Luna CA offers the strictest hardware security for Certificate Authorities (CAs) issuing digital identities in PKIs. It protects the PKI root key and performs all key management, key storage, and key operations (such as digital signing) exclusively within hardware. •Code Signing •Web Services •Trusted Manufacturing •Smart Metering •EFT Payment Luna PCI The SafeNet Luna PCI is the fastest, most secure, cryptographic PCI accelerator card in the industry, and is widely used by major governments, financial institutions, and large enterprises around the world. The PCI-X and PCI express bus on the Luna PCI easily plugs into the host computer and provides reliable protection for data, applications, and digital identities to reduce risk and ensure regulatory compliance. Luna SX The SafeNet Luna SX is a central management console for rapid HSM setup and easy remote administration of the SafeNet Luna SA and Luna SP. Luna SX provides a central, Web-based management console for setup of access control rights, and policy management options, as well as partition and client configuration, thereby dramatically reducing the cost of managing multiple HSMs. •PIN Management “We need a reliable partner to generate added value for our business and for our customers. SafeNet, with its security expertise and leading technology, is the best choice to ensure the authenticity of our invoices and bring peace of mind to us and all our customers.” ~ Jan Goosens Manager Software Development, Antwerp Port Authority Payment HSMs Luna EFT The Luna EFT (PH-EFT) is a network-attached hardware security module (HSM) designed for retail payment system processing environments for credit, debit, e-purse, and chip cards, as well as Internet payment applications. It offers secure PIN and card processing, message authentication, comprehensive key management, and general-purpose cryptographic processing. ProtectServer External The SafeNet ProtectServer External is a highly flexible and cost-effective network-attached HSM that performs as a central cryptographic subsystem for delivery of comprehensive symmetric and asymmetric cryptographic services. Protect Server Gold A PCI Adapter-based HSM, the SafeNet ProtectServer Gold is a highly flexible, application-friendly and cost-effective HSM that provides a wide range of cryptographic services, including high-speed encryption, user and data authentication, and message integrity, as well as secure key storage and key management for e-Commerce. The ProtectServer Gold provides high performance and secure cryptographic processing in server systems, and supports applications requiring high-performance symmetric and asymmetric cryptographic operations. Core Benefits •Validated security with FIPS 140-2 Level 3 and Common Criteria certification •Only HSM provider to offer true in hardware key generation and storage •Extensive backup features for disaster recovery •Multi-factor authentication for remote administration and management •Supports Virtualization and Cloud Environments ViewPIN+ For banks, credit card issuers, telecom operators, and retailers with membership/PIN cards, SafeNet’s award-winning ViewPIN+ is the only secure Web-based PIN issuance and management solution that delivers unprecedented customer satisfaction and proven cost savings by eliminating expensive, insecure, and time-consuming paper-based PIN delivery to customers. ViewPIN+ also prevents unauthorized access to sensitive HSM administration functions. HSM Payment Toolkit SafeNet’s HSM Payment Toolkit is a host support, API, and communications software package that enables convenient and direct access to SafeNet’s line of payment-specific and payment-enabled HSMs, allowing for quick and easy application integration and run-time execution. “SafeNet not only helped us meet our most challenging data protection and compliance needs, but they also provided us with a security foundation for future expansion. This allows us to maximize our security investments as data threats and compliance landscapes evolve.” ~Shaun Hodgkiss Technical Director Tutuka Software Contact Us: For all office locations and contact information, please visit www.safenet-inc.com Follow Us: www.safenet-inc.com/connected ©2011 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names are trademarks of their respective owners. FB (EN)_A4