AEP Keyper Hardware Security Module ( HSM)[Dec. 1, 2010 4:27:27]
Cryptographic services are used to protect an information system, trust and intergrity are derived from the security of the underlying signing and encryption keys. This makes protection oh these keys critical to the overalltrust and integrity of a system.
Cryptographic key material can be stored and protected in a variety of ways and on a variety of media including software, smart cards and USB Tokens. However, where protection is critical, the level of security offered by these solutions may not always be enough. Storing and protecting key material on a physically separate Hardware Security Module ( HSM) is the only viable option.
A critical element in the architecture and deployment of a cryptographic system is the design and flexibility that a HSM can afford the system. A range of options need to be considered:
* What connectivity does the HSM offer?
* What key storage capability does the HSM offer?
* What tamper detection does it provide?
* How many hosts can be connected to a single HSM?
* Can multiple hosts share the same HSM?
* Can the HSM be upgraded at a future point without requiring a return to the manufacturer?
AEP Series K: The Ultimate Protection of Key Material
At the heart of AEP Keyper is AEP Networks’ revolutionary ACCE technology. ACCE is the next generation flexible crypto platform that
provides the highest level of assurance – FIPS 140-2, Level 4. Based on this core technology, AEP Networks has built a comprehensive product range to cater to the PKI, VPN
and Web markets. The AEP Series K is ideally suited to businesses deploying a cryptographic system where the protection
of cryptographic keys is a priority, for example, in organizations requiring certificate signing, code or document signing, bulk generation or ciphering of
keys or data.
Keyper Features and Benefits
• Connectivity – Ethernet connectivity offering greater scalability and flexibility
• Manageability – Small footprint allows desktop use or rack mounting
• Design – Fully integrated module with smart card reader, PIN entry and cryptographic processing within a single device
• Performance – Increases the number of crypto operations achievable
• Fault Tolerance - Extended reliablity through automated switch-over to live module
• Load Sharing – Software available to load balance multiple modules with one or multiple hosts
• Architecture – Built on ACCE giving tamper reaction to FIPS 140-2, Level 4
• Scalability – Up to 16 modules can be connected to single hosts
• Choice of Interfaces – On host PKCS# 11 and Microsoft CSP interfaces
• Field Upgradable – Ability to upgrade firmware and algorithms in the field
• Support for the latest algorithms
• Authenticated use of keys that are optionally PIN activated
• Drivers for Windows, Linux and Solaris