Cloud HSM
■ Product Introduction and Features
Cloud HSM is designed and developed by Sansec for the special scenario of cloud computing environment. One HSM can virtualizes multiple virtual cryptographic HSMs (VSMs). Each VSM can provide the capabilities of host application layer data encryption / decryption, message source verification and key management.Cloud HSM will totally display the function of one physical HSM to offer encryption service.
Cloud HSM provides unified comprehensive operation and maintenance management , by which, the distinct security abilities can be flexibly constructed and extended.
■ Functions
Algorithms
Chinese Cryptographic Algorithms: SM1, SM2, SM3, SM4
International Cryptographic Algorithms:RSA, DES, 3DES, AES, SHA-1, SHA-256, SHA-348, SHA-512
Key Management
Secure cryptographic key generation (level 2 and 3 modules specified by State Cryptography Administration), storage, backup, recovery and other key management mechanisms.
Security
Provide multiple authentication mechanisms based on PIN, smart key and digital certificate.
VSM and VSM cryptographic key insulation mechanisms
Application Scenario
Support multiple industry business scenarios such as data encryption, digital signature, authentication in financial, energy industry, medical care and government affairs.
Support complex business scenarios which requires diverse cryptographic services.
Interface Support
Various cryptographic application interface standards such as JCE, PKCS#11, CSP, and SDF;
Support the migration of traditional applications and meet the requirements of cryptographic services after applications migration to the cloud environment;
Supports OpenSSL, RESTFul API, CSP, .NET, SOAP, KMIP, EKM interfaces.
Virtualization Function
A single HSM can be virtualized into multiple VSMs, provide elastic allocation, VSM migration, computing resource allocation and other cloud functions to improve usage efficiency of cryptographic device resources.
■ Advantages
Multi Cryptography Services Integration
Up to 8 types of cryptography services in VSM to quickly build the cryptography application.
Key Management
Key insulation between VSMs, massive key management, and strong authentication mechanism based on smart key and digital certificate.
Flexible Cryptography Services Expansion
Support the automatic,rapid and dynamic adjustment of virtual resources to realize the resilient usage.
High Availability
Support dual-active, multi-cluster, load balancing and dynamic drift.
Reliability: MTBF ≥ 30000h
Centralized Maintenance
Unified monitoring and risk alarming of equipment.
Interface standards for quick integration.
Compliance
HSM satisfies the level 2 and 3 standards set by State Cryptography Administration.
■ Application
Cloud HSMs include different types of virtual HSMs such as general purpose, financial, signature and verification HSMs. These HSMs serve as the fundamental cryptographic infrastructure for private, public and mixed cloud to offer the following functions:
Data encryption, authentication, data tamper proof, data integrity verification, signature generation & verification, digital certificate, ticket issuing & verification, transaction data non-repudiation, etc.
■ 产品规格
|
产品型号 |
SecHSM-Cloud(SJJ1601) |
|
外观规格 |
2U |
|
vsm数量 |
8-96 |
|
支持算法 |
SM 1/2/3/4、RSA,DES,3DES,AES,SHA-1,SHA256,SHA384,SHA512 |
|
SM 2 签名&验证 |
230000次/s & 180000 次/s |
|
SM 4 |
9000 Mbps |
