Systems Management > HSM Key Protection
Gemalto is the world’s leading company in the hardware-based private key encryption and security acceleration field. Gemalto provides complete security, while using its encryption technologies to protect communities, spiritual property and digital identities, and offers a wide range of products that includes hardware, software and smart cards. Gemalto is in fact today’s standard in remote access and leads in the market in the USB-based authentication solution field, which eliminates the need for usernames and passwords. The SSL acceleration component allows fast and safe online financial transactions.
All the company’s products meet the most advanced and strictest security standards worldwide. The products allow total private key protection in a number of ways and a number of protection layers, as well as the fastest and most advanced accelerating abilities around the globe today.
Apart from the basis for establishing organizational PKI infrastructure, the HSM component serves to accelerate and protect Web servers that allow SSL communication. Information transfer via SSL between the server and end station is an important and quick process, but the communication creation stage is a heavy burden on a regular internet server. In order to relieve the internet servers, there are SSL accelerators whose mission is to perform this laborious task and free the server resources for the different applications which it runs.
Using SSL accelerators saves purchasing additional servers in order to withstand the load of holding this type of conversation. The acceleration ability is measured by a number of deciphering operations which the accelerator can perform per second relative to the size of the key where it is used.
Gemalto offers two families of HSM components:
Luna ® SA family – network security components, constitute an organizational cryptographic server located in a network and provides services to a number of different servers. By definition, it is a HSM server integrated with a FIPS 140-2 Level 3 validated SSL accelerator. As an HSM server, it has the ability to contain around 20 separate HSM that are protected and completely separated from each other. In addition, this solution has the ability to perform up to 1,200 deciphering operations per second for 1024bit size RSA families.
Luna® CA4 family – provides designated server security components. It is a FIPS 140-1 Level 3 validated hardware security module (HSM) and allows various access protections, such as password, user number deciphering within M of N code, etc. This method is authorized by Microsoft and Identrus.
All the security components provide advanced management abilities, which allow distributing tasks and decentralizing the risk.
For example, in order to allow access to the main signature key in an organization, a group of managers can be defined where everyone holds a part of the comprehensive secret which allows access. In practice, a defined number of managers from the same group will be required in order to approach the component.