Embed Size (px)
Citation preview
True Hardware-Based Key Management for Next-Generation PKI Applications
SafeNet Hardware Security Modules
SafeNet Hardware Security ModulesAs businesses transform and use sensitive data within their enterprise and in the cloud, it is imperative to ensure trust ownership. SafeNet Hardware Security Modules (HSMs) provide reliable protection for transactions, identities, and applications by securing cryptographic keys and provisioning encryption, decryption, authentication, and digital signing services. SafeNet HSMs are ranked #1 in the market worldwide. They provide the highest-performing, most secure, and easiest-to-integrate application and transaction security solution for enterprise and government organizations. Robust FIPS and Common Criteria validation makes SafeNet HSMs tamper-resistant.
With a broad range of HSM offerings and a full range of API support, SafeNet HSMs enable application developers to easily integrate security into custom applications. In partnership with leading application solution providers, SafeNet has produced HSMs that offer end-to-end protection for organizations, helping them achieve regulatory compliance, streamline business processes, reduce legal liabilities, and improve profitability.
Industries
PKI and Key Management
EncryptedInformation
HSM as the Root of Trust
Healthcare Financial Services Utility Manufacturing Government
Unique Design Features of SafeNet Hardware Security Modules
Secure Hardware Key Management
For maximum security, SafeNet HSMs offer dedicated hardware key management to protect sensitive cryptographic keys from attack. The high security design ensures the integrity and protection of encryption keys throughout their lifecycle. SafeNet HSMs offer a variety of models and configurations with a wide range of security, performance, and operational capabilities for accelerated encryption, and secure key generation, storage, and backup. With this keys-in-hardware approach, applications communicate with keys stored in the HSM via a client – but keys never leave the HSM.
Trust Anchor Security for Public Key Infrastructure
Storing cryptographic keys and certificates in hardware on a dedicated, centralized HSM that is wrapped in multiple levels of security eliminates the risk of loss or theft, and is the only definitive method of ensuring and enforcing trusted, granular security policies in a PKI environment. SafeNet HSMs offer a reliable key management solution that both protects private keys and certificates against ever-evolving data threats and meets mounting compliance mandates.
Flexibility for the Next-generation of PKI
With an unparalleled combination of features—including central key and policy management, robust encryption support, flexible integration, and more – SafeNet hardware security modules enable organizations to guard against evolving threats and capitalize on the emerging opportunities presented in technological advances. In addition, SafeNet HSMs meet the demands for high availability and high performance required to unlock the next generation of PKI.
Secure Remote Management and Activation for Maximum Security in Third-party Environments
SafeNet’s Remote PIN Entry Device (PED) and Secure Transport Mode allow security administrators to remotely manage administration functions and activate HSMs deployed in a third-party environment, such as a data center, using a two-factor authenticated device.
Securing Identities and Transactions in the Cloud
Combining the security benefits of hardware security modules with the cloud delivery model, security implementations can be far less expensive than traditional in-house deployments, putting state-of-the-art security capabilities within reach of even small and medium-sized businesses for the first time. SafeNet HSMs support the leading virtualized platforms, including VMware vSphere, Microsoft Hyper-V, and Citrix XenServer. SafeNet HSMs are also highly scalable, with support for up to 100 clients and 20 partitions, enabling organizations to maximize the return on their investment.
Key Data
SafeNet HSMHost Server
SystemRAM
FlashRAM
Firmware
Boot Block
Application
PKCS #11 Library
Device Driver
“SafeNet not only helped us meet our most challenging data protection and compliance needs, but they also provided us with a security foundation for future expansion. This allows us to maximize our security investments as data threats and compliance landscapes evolve.”
HSM Design Best Practices SafeNet HSMs incorporate features developed through extensive operational experience, implementing best practices in hardware, software, and operations that make the deployment of secure HSMs as easy as possible. SafeNet HSMs adhere to rigorous design requirements and must pass through stringent product verification testing, followed by real-world application testing to verify the security and integrity of every appliance.
With SafeNet Hardware Security Modules, You Can:
Offload and accelerate cryptographic operations• to a dedicated cryptographic processor that eliminates bottlenecks and maximizes application performance
Centralize lifecycle management of cryptographic keys—• from generation, distribution, rotation, storage, termination, and archival—in a purpose-built, highly secure appliance
Improve profitability and achieve compliance • with solutions for paper-to-digital initiatives, PCI DSS, digital signatures, DNSSEC, hardware key storage, transactional acceleration, certificate signing, code or document signing, bulk key generation, data encryption, and more
Payment HSMsLuna EFT
The Luna EFT (PH-EFT) is a network-attached hardware security module (HSM) designed for retail payment system processing environments for credit, debit, e-purse, and chip cards, as well as Internet payment applications. It offers secure PIN and card processing, message authentication, comprehensive key management, and general-purpose cryptographic processing.
ProtectServer External
The SafeNet ProtectServer External is a highly flexible and cost-effective network-attached HSM that performs as a central cryptographic subsystem for delivery of comprehensive symmetric and asymmetric cryptographic services.
Protect Server Gold
A PCI Adapter-based HSM, the SafeNet ProtectServer Gold is a highly flexible, application-friendly and cost-effective HSM that provides a wide range of cryptographic services, including high-speed encryption, user and data authentication, and message integrity, as well as secure key storage and key management for e-Commerce. The ProtectServer Gold provides high performance and secure cryptographic processing in server systems, and supports applications requiring high-performance symmetric and asymmetric cryptographic operations.
ViewPIN+
For banks, credit card issuers, telecom operators, and retailers with membership/PIN cards, SafeNet’s award-winning ViewPIN+ is the only secure Web-based PIN issuance and management solution that delivers unprecedented customer satisfaction and proven cost savings by eliminating expensive, insecure, and time-consuming paper-based PIN delivery to customers. ViewPIN+ also prevents unauthorized access to sensitive HSM administration functions.
HSM Payment Toolkit
SafeNet’s HSM Payment Toolkit is a host support, API, and communications software package that enables convenient and direct access to SafeNet’s line of payment-specific and payment-enabled HSMs, allowing for quick and easy application integration and run-time execution.
Core Benefits
Validated security with FIPS •140-2 Level 3 and Common Criteria certification
Only HSM provider to •offer true in hardware key generation and storage
Extensive backup features •for disaster recovery
Multi-factor authentication •for remote administration and management
Supports Virtualization and •Cloud Environments
Sample Applications
PKI key generation & key •storage (online CA keys & offline CA keys)
Certificate validation & •signing
Document signing•
Transaction processing•
Database encryption•
Smartcard issuance•
Digital Signatures•
eDocuments•
ePassport•
Database Encryption•
Certificate Validation•
Root Key Protection•
Transaction Processing•
Smart Card Issuance•
DNSSEC•
Code Signing•
Web Services•
Trusted Manufacturing•
Smart Metering•
EFT Payment•
PIN Management•
“We need a reliable partner to generate added value for
our business and for our customers. SafeNet, with its
security expertise and leading technology, is the best choice to
ensure the authenticity of our invoices and bring peace of mind
to us and all our customers.”
~ Jan Goosens Manager Software
Development, Antwerp Port Authority
“SafeNet not only helped us meet our most challenging data
protection and compliance needs, but they also provided us
with a security foundation for future expansion. This allows
us to maximize our security investments as data threats and compliance landscapes
evolve.”
~Shaun Hodgkiss Technical Director
Tutuka Software
General Purpose HSMsLuna SA
The SafeNet Luna SA is a flexible, high assurance, and high performance network-attached HSM, providing up to 6,000 signings per second and hardware-protected key management, where security and performance are a top priority.
Luna SP
The Luna SP allows developers to securely deploy Web applications, Web services, and other Java applications in a protected hardened security appliance. With a secured application execution environment and powerful access control policies, the Luna SP ensures the integrity of applications, and delivers high-performance cryptographic processing and key
Luna XML
The SafeNet Luna XML is designed for securing identities and documents used in Web services applications. It has a zero footprint on the host application server, providing for rapid, independent, flexible, cost-effective, and highly scalable deployments.
Luna CA
The SafeNet Luna CA offers the strictest hardware security for Certificate Authorities (CAs) issuing digital identities in PKIs. It protects the PKI root key and performs all key management, key storage, and key operations (such as digital signing) exclusively within hardware.
Luna PCI
The SafeNet Luna PCI is the fastest, most secure, cryptographic PCI accelerator card in the industry, and is widely used by major governments, financial institutions, and large enterprises around the world. The PCI-X and PCI express bus on the Luna PCI easily plugs into the host computer and provides reliable protection for data, applications, and digital identities to reduce risk and ensure regulatory compliance.
Luna SX
The SafeNet Luna SX is a central management console for rapid HSM setup and easy remote administration of the SafeNet Luna SA and Luna SP. Luna SX provides a central, Web-based management console for setup of access control rights, and policy management options, as well as partition and client configuration, thereby dramatically reducing the cost of managing multiple HSMs.
Contact Us: For all office locations and contact information, please visit www.safenet-inc.comFollow Us: www.safenet-inc.com/connected
©2011 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names are trademarks of their respective owners. FB (EN)-04.19.11
