Sansec Key Management System
■ Product Introduction and Features
SecKMS (Sansec Key Management System) is a highly available and scalable enterprise cryptographic product that uses HSM to protect cryptographic keys, supports management of multiple encryption objects including symmetric keys, asymmetric keys, digital certificates, and authentication tokens. Through the centralized management of encrypted objects, it can simplify the key management operation by making encryption easier to configure and manage, thus reducing the key management system maintenance cost and it could be applied to multi-application and multi-business scenarios.
SecKMS can provide:
- Key life cycle management
- Key access policies, key encryption/decryption and signature/verification functions
- Various interface types and Key Management Interoperability Protocol (KMIP)
- Through the interoperability of KMIP, users only need to deploy a set of SecKMS to manage all encryption systems in the enterprise
■ Product Functions
Key Life Cycle Management
Provide key life cycle management based on KMIP protocol, including key generation, storage, usage, import/export, update, backup/restore, archiving and destruction, etc.
Abundant Interfaces
Support Chinese cryptographic standard interface, PKCS#11, JCE.CSP and other standard interfaces, as well as RESTFUL interface.
Encrypted Objects Management
Support life cycle management including symmetric and asymmetric key, digital certificate, certificate request, confidential data, opaque object, and other encrypted objects.
Authentication
The management end supports USB Key or username/password to authenticate the users' identity, the business end uses the username/password and digital certificate to authenticate the identity of the business system to the client and the key owner.
Integrated Management
Provide LDAP authentication, CA management, network configuration, SNMP, NTP, SYSLOG and other functions.Support management through the Web management console, REST management interface, and CLI interface. All management channels are secured by the SSL links.
High-Availability
SecKMS can be deployed independently in one data center or several data centers. Multiple SecKMS can synchronize key data through security protocols to realize collaboration among multi-nodes.
■ Product Features
Compliance
SecHSM meets the FIPS 140-2 level 3 standard.
Data Security
Support platform key management in cloud, application/VM/database/file and disk/storage system/could storage/tape library encryption.
Support KMIP
Support the standard KMIP protocol, for the system has already implemented KMIP, it's accessible after the registration without additional integration, which greatly reduces the operation cost.
Fine-grained Key Policy
Each key has a unique owner. Encryption, decryption and key acquisition policies can be set for the key, and fine-grained control of access time can be set for key operations.
■ Application Diagram
■ 产品规格
|
SYT 1306 SecKMS |
|||
|
产品型号 |
SecKMS 310 |
SecKMS 520 |
SecKMS 720 |
|
硬件 |
≤4U设备;具备液晶显示屏;RJ-45 10/100/1000Mb×2; |
||
|
硬件密码模块 |
设备中采用符合国家密码局要求的密码卡(二级、三级密码模块) |
||
|
性能 |
|||
|
密钥容量 |
10万个 |
50万个 |
100万个 |
|
连接复用 功能 |
|||
|
密码算法 |
AES128、 AES256、HMAC-SHA1、HMAC-SHA256、HMAC-SHA512、RSA、SHAI、 |
||
|
支持标准接口 |
KMIP 1.4、REST、PKCS#11、JCE、MS-CAPI和.NET |
||
