Sansec Key Management System

Sansec Key Management System

 
 

■ Product Introduction and Features

SecKMS (Sansec Key Management System) is a highly available and scalable enterprise cryptographic product that uses HSM to protect cryptographic keys, supports management of multiple encryption objects including symmetric keys, asymmetric keys, digital certificates, and authentication tokens. Through the centralized management of encrypted objects, it can simplify the key management operation by making encryption easier to configure and manage, thus reducing the key management system maintenance cost and it could be applied to multi-application and multi-business scenarios.

SecKMS can provide:

  • Key life cycle management
  • Key access policies, key encryption/decryption and signature/verification functions
  • Various interface types and Key Management Interoperability Protocol (KMIP)
  • Through the interoperability of KMIP, users only need to deploy a set of SecKMS to manage all encryption systems in the enterprise

■ Product Functions

Key Life Cycle Management

Provide key life cycle management based on KMIP protocol, including key generation, storage, usage, import/export, update, backup/restore, archiving and destruction, etc.


Abundant Interfaces

Support Chinese cryptographic standard interface, PKCS#11, JCE.CSP and other standard interfaces, as well as RESTFUL interface.


Encrypted Objects Management

Support life cycle management including symmetric and asymmetric key, digital certificate, certificate request, confidential data, opaque object, and other encrypted objects.


Authentication

The management end supports USB Key or username/password to authenticate the users' identity, the business end uses the username/password and digital certificate to authenticate the identity of the business system to the client and the key owner.


Integrated Management

Provide LDAP authentication, CA management, network configuration, SNMP, NTP, SYSLOG and other functions.Support management through the Web management console, REST management interface, and CLI interface. All management channels are secured by the SSL links.


High-Availability

SecKMS can be deployed independently in one data center or several data centers. Multiple SecKMS can synchronize key data through security protocols to realize collaboration among multi-nodes.

■ Product Features

Compliance

SecHSM meets the FIPS 140-2 level 3 standard.

Data Security

Support platform key management in cloud, application/VM/database/file and disk/storage system/could storage/tape library encryption.

Support KMIP

Support the standard KMIP protocol, for the system has already implemented KMIP, it's accessible after the registration without additional integration, which greatly reduces the operation cost.

Fine-grained Key Policy

Each key has a unique owner. Encryption, decryption and key acquisition policies can be set for the key, and fine-grained control of access time can be set for key operations.

■ Application Diagram

■ 产品规格

SYT 1306 SecKMS

产品型号

SecKMS 310

SecKMS 520

SecKMS 720

硬件

≤4U设备;具备液晶显示屏;RJ-45 10/100/1000Mb×2;
设备支持光纤网口10Gb*2(可选)支持1+1冗余电源

硬件密码模块

设备中采用符合国家密码局要求的密码卡(二级、三级密码模块)

性能

密钥容量

10万个

50万个

100万个

连接复用  功能

密码算法

AES128、 AES256、HMAC-SHA1、HMAC-SHA256、HMAC-SHA512、RSA、SHAI、
SHA224、 SHA256、SHA384、SHA512、SM1、SM2、HMAC_SM3、SM4、
ECC-224、ECC-256、ECC-384、ECC-512

支持标准接口

KMIP 1.4、REST、PKCS#11、JCE、MS-CAPI和.NET

 

Previous Page

Next Page

Previous Page

Next Page

Protect the Digital World with Cryptography

All
  • All
  • Product Management
  • News
  • Introduction
  • Enterprise outlets
  • FAQ
  • Enterprise Video
  • Enterprise Atlas