![[Cryptoserver® PKCS#11] Benefits](http://data.docslib.org/img/e74326c82e8966f707a8e4437edcdce3-1.webp)
[CryptoServer ® PKCS#11] Benefits
State-of-the-Art Cryptography
, Augments Host-security with strongest and accurately implemented cryptographic mechanisms.
Highest Protection
, Guaranteed integrity and confidentiality for your cryptographic keys.
Flexible Integration
, Available as PCI-board, or network-enabled with TCP/IP interface.
Broad Functionality
, Wide range of algorithms for encryption and decryption, The “Standard” API for Hardware Security signature generation and verification, key generation, Hardware Security Modules (HSMs) are designed to store sensitive cryptographic private various hash algorithms, true and pseudo random number keys and perform cryptographic operations in conjunction with host application. The HSM generation. and its host system are two physically separate entities that communicate via a cable (e.g. TCP/IP) or system bus (e.g. PCI) on the hardware level. On the application level the Simple Key Management host system invokes the security services of the HSM through an Application Programming Interface (API). , Integrated key management for your cryptographic keys Unlike other cryptographic APIs, PKCS#11 has been designed from the ground as an API (back-up and restore). intended to support external hardware security tokens, whereas other cryptographic APIs were initially developed to support software-based cryptographic processes.
Based on these architectural differences, Utimaco’s hardware security module CryptoServer PKCS#11 is consistently designed to provide a secure and accurate implementation of the PKCS#11 industry standard:
CryptoServer PKCS#11 provides hardware key storage and transactional acceleration when installed in a PKCS#11 environment. This tamper-resistant, physically-hardened HSM, with its key-management functionality, is ideally suited for all security relevant applications.
CryptoServer PKCS#11 offers both – highest possible security and transactional accelera- tion combined with an industry standard cryptographic interface for your application.
About Utimaco Safeware Utimaco developed it’s first IT security software in 1983. Today, Utimaco is a global leader in enterprise information security. Using the most advanced techniques, Utimaco software provides unmatched information security. Highly reliable, easy to use and easy to adminis- ter, Utimaco products ensure low total cost of ownership. For more information visit www.utimaco.com PKCS#11 API Certification/Standards , PKCS#11 Version 2.20 compliant , FIPS 140-2 level 3 (if operated , Multiple CryptoServer support for each application in FIPS mode), with level 4 in the , Up to 256 parallel sessions/applications per CryptoServer area “Physical Security” , Secure channel between application and CryptoServer , ZKA (Zentraler Kreditausschuss, , Thread-save for use in multi threading applications the German banking committee) Storage , CE TM: A Certification Mark of NIST, which does not imply product endorsement by , Up to 100 slots/tokens per CryptoServer , FCC (class B) NIST, the U.S. or Canadian Governments. , About 5000 objects per CryptoServer System requirements Product variants , Microsoft Windows (2000, XP, 2003) For Integration in TCP/IP Network , Linux (kernel 2.4 or 2.6) , CryptoServer PKCS#11 LAN, for , SUN Solaris (CryptoServer PKCS#11 LAN) connection with Ethernet interface , Several clients/applications in your network Cryptography/Security/Services can use one CryptoServer PKCS#11 LAN Asymmetric Cryptography For Usage in Local PC , RSA (key length between 512 and 8192 bits) , CryptoServer PKCS#11 PCI-board , RSA signature generation , RSA signature verification Possible areas of use , RSA for key wrapping/unwrapping , Identity management systems Symmetric Cryptography , Security processor in networks of payments service providers , AES encryption/decryption (key length 128, 192 or 256 bits) , Protection of transactions in road-toll systems , DES and Triple-DES encryption/decryption , Time-stamp services (key length 56, 112 or 168 bits) in CBC, ECB or CFB mode , Signature server , AES, DES, Triple-DES for key wrapping/unwrapping , Archiving systems Hash Algorithms , Database protection , SHA-1 (160 bits) , E-mail protection according to S/MIME standard or PGP , SHA-256 (256 bits) , SSL encryption , RIPEMD-160 (160 bits) , and further more ... Random Number Generation , Physical random number generation according to AIS 31 Contact (maximum functionality class P2) Utimaco Safeware AG , Deterministic random number generation according to Germanusstrasse 4 ANSI X9.31 or AIS 20 (maximum functionality class K4) 52080 Aachen Key Generation Germany , High quality key generation with physical random Phone +49 (2 41) 16 96 - 200 number generator Fax +49 (2 41) 16 96 - 199 , Symmetric key generation (AES, DES, Triple-DES) [email protected] www.utimaco.com Performance , 80 RSA signatures (1024 bits) per second Please visit our website for more information , Triple-DES encryption 2 MBytes per second on CryptoServer PKCS#11: , AES encryption 9 MBytes per second www.utimaco.com/cryptoserver
Copyright Information © 2005 – Utimaco Safeware AG CryptoServer ® PKCS#11 All SafeGuard and CryptoServer products are registered trademarks of Utimaco Safeware AG. All other named trademarks are trademarks of the particular copyright holder. 10/2005