Cloud HSM
Cloud HSM
■ Product Introduction and Features
Cloud HSM is designed and developed by Sansec for the special scenario of cloud computing environment. One HSM can virtualizes multiple virtual cryptographic HSMs (VSMs). Each VSM can provide the capabilities of host application layer data encryption / decryption, message source verification and key management. VSM can display the function of physical HSM to offer encryption service.
Cloud HSM provides unified comprehensive operation and maintenance management capabilities, improve the deployment and delivery capabilities of cryptographic applications, and achieve rapid construction and flexible expansion of security capabilities.
■ Functions
Key Management
Adopt a three-level key security model, the security of the key is provided by the hardware protection of the PCI-E HSM, and jointly provide key management for various application systems in the Cloud HSM through the built-in key management service.
Unified Management Service
Unified management of hyper converged HSMs and virtualized cryptographic service applications, including device registration, network configuration, and management of virtualized cryptographic service applications.
Virtualization
Provide VSMs based on containers. A single cloud HSM can virtualize up to 128 units and allocate cryptographic resources as needed to improve resource utilization.
Safety Isolation
Cryptographic services run in their respective VSMs, which use dedicated designated, SR-IOV based virtual PCI-E HSMs to complete calculations.
Interface Support
Support JCE, PKCS#11 and multiple standard cryptographic APIs.
Support smooth migration of traditional applications and meet the requirements of cryptographic services after applications migration to the cloud environment;
Supports OpenSSL, RESTFul APIs.
Multiple Cryptographic Services
Support the integration of six types of cryptographic service products to quickly build typical cryptographic application scenarios.
■ Advantages
Dynamic Monitoring
The operation and maintenance management system can monitor the physical hosts and virtual servers in the cryptographic resource pool, dynamically display the system's health status, and flexibly schedule resources, greatly reducing the complexity of operation and maintenance
Key Security Management
Key insulation between VSMs,
Virtual key synchronization
Back up VSM keys on image file servers
Strong authentication mechanism based on UKEY and digital certificate.
Algorithm Support
Support international algorithms such as RSA, AES, 3DES, ECDSA
High Availability
Support dual-active, multi-cluster, load balancing and dynamic drift.
Reliability: MTBF ≥ 30000h
Lateral Elastic Expansion
Support automatic and rapid expansion of virtual resources, dynamic adjustment, and achieve flexible use of resources.
Cloud Platform Integration
The Cloud HSM has been integrated with multiple public and proprietary cloud platforms such as AWS, HUAWEI Cloud, Alibaba Cloud, Tencent Cloud, enabling rapid deployment on the cloud.
■ Application
Cloud HSMs include different types of virtual HSMs such as General Purpose, Payment, Sign and Verify HSMs. These HSMs serve as the fundamental cryptographic infrastructure for private, public and mixed cloud to offer the following functions:
Data encryption, authentication, data tamper proof, data integrity verification, signature generation & verification, digital certificate, ticket issuing & verification, transaction data non-repudiation, etc.
Previous Page
Next Page
Previous Page
Next Page
SECURITY SOLUTIONS
R&D
7x24 SUPPORT
CERTIFICATE AND HONOR
-
◆ CONTACT US:
Tel: +86-13261285218/ +852-51081843 -
◆ EMAIL:
Xuying@sansec.com.cn
◆ ADDRESS:12F , Unit F , Ronsin Technology Center , Building 1 , No.34 Chuangyuan Road , Chaoyang , 100012 Beijing , China
- TOP