5.2 Performance indicators
Focus on information security solutions based on cryptography,
Sansec is willing to contribute to data security!
Product introduction >>
Sansec’s key management system (hereon referred to as SecKMS) is a hardware module using foundational product that ensures key safety and high availability and is scalable.
SecKMS supports symmetric keys, asymmetric keys, digital signatures, data certificates and verification tokenized forms of encryption management, simplified key management models, while providing a user based consistent key management protocol implementation, hence making it much easier to configure for encryption and management and reduces the cost of key management maintenance while also satisfying requirements of different applications and businesses.
SecKMS references KMIP for research and developmental purposes. This protocol is maintained by the OASIS organization and is a key management protocol for enterprises. It defines the service format for which keys are managed. Keys are created through the management service they can be protected through packaging.
Functional characteristics >>
Provides complete management for key lifecycle and property. After authenticating to the encryption system, through the calling of standard interfaces you can complete operations of the key lifecycle including key generation, key storage, key backup, key update, key revocation, key archival, key recovery forms of secure management and property access, additions, modifications, and deletions.
Can be seamlessly integrated with hardware cryptographic devices. The system’s algorithms and generation operation are all done through hardware. The keys will never appear outside the device, hence ensuring their security
Through the secure management of keys within the SecKMS, we have reached the goal of secure business systems management. Key access strategies can be set up through the KMS, in accordance with the key access rules the users set up
Secure key transport
Provides a mechanism for key issuing. Encryption systems and SecKMS will have a 2-way authentication. Once the authentication is complete, the SecKMS will issue a request and respond with the key after it has been packages via a data envelope.
Supports key template management operations. The user will define various types of symmetric and asymmetric key templates in accordance with their business requirements and define the information of template structure for organizations contact information. Through this template, we can achieve all kinds of key generation operations.
Communication protocol completely supports OASIS’s KMIP, and does not conflict with any existing KMIP client systems, can be directly connected and called upon registration, and vastly reduces operation costs.
Multiple parallelism support
When the user has a large amount of business to be dealt with, data is overly concentrated or amount of data that needs to be processed is very large, capabilities can be expanded via increasing the number of devices. The SecKMS supports load balancing and can seamlessly accept new devices to improve system capabilities.
Backup and recovery support
Supports backup and recovery mechanisms for user keys, templates, and certificates. Users can complete key backup operations through a web UI at their convenience and export encrypted files to be properly stored locally.
Product advantages >>
Ensures data transmission security through secure channels
During the communication process, when sensitive data goes through network transmission, it will be protected through a secure channel, avoiding any disclosure of interface information from any middle attacks, replay attack, or other possibilities
Supports KMIP interface
Fully supports the KMIP protocol introduced by the OASIS organization, which is a protocol for managing keys for enterprises. KMIP allows for communication between any encryption system and any KMS. Under these operations, enterprises can deploy a key management structure to manage all encryption systems within the enterprise.
Key management system supports commands and digital certificate verifications. User logins will log and record all important operations and use data signatures to ensure system security, enhancing audit strength.
Supports distributed deployment
SecKMS can be deployed in a data center and can also simultaneously be deployed in a different a data center. Multiple KMS can implement multi node collaboration through secure protocols.
Supports 3rd party CA
SecKMS can support 3rd party CA’s data certificates. In addition to ensuring security, it can provide more flexibility, reduce deployment process lengths, and avoid the maintenance costs of its security systems and reduces security risks.
Log and audit
The system logs all of its operations, and will also digitally sign its operations. The log and audit capabilities perform inquiries on all logs within the system and verifies the efficiency.
Use cases >>
Qualification certificate >>
7*24 hours support
Research and develop