Call a Specialist Today! 800-886-5369

Ultra Electronics Keyper
The ultimate protection of key material

Ultra Electronics Ultra Safe

Ultra Electronics
Ultra Electronics Keyper
Keyper Professional
#KEY-PRO
Contact Us for Pricing!
Keyper Enterprise
#KEY-ENT
Contact Us for Pricing!
Keyper Plus
#KEY-PLS
Contact Us for Pricing!

Click here to jump to more pricing!

Overview:

Where cryptographic services are used to protect an information system, trust and integrity are derived from the security of the underlying signing and encryption keys. This makes protection of these keys critical to the overall trust and integrity of a system.

Cryptographic key material can be stored and protected in a variety of ways and on a variety of media including software, smart cards and USB tokens. However, where protection is critical, the level of security offered by these solutions may not always be enough.

Storing and protecting key material on a physically separate Hardware Security Module (HSM) is the only viable option. A critical element in the architecture and deployment of a cryptographic system is the design and flexibility that an HSM can afford the system

Key business benefits

  • Assurance - the only FIPS 140-2 Level 4 HSM
  • Capability - broad range of algorithms including AES, ECDSA
  • Compatibility - supports numerous third-party security applications, operating systems
  • Scalability - load-sharing across multiple devices
  • Reliability - resilience and disaster recovery configurations
  • Pedigree - long history of use in blue chip companies

Applicable markets

  • Enterprise PKI, Authentication & DNSSECRegistration, certification & validation authorities
  • Digital Signature - Email, Doc, Code (Software), Firmware
  • Internet domain name organisations
  • Online content providers
  • Electronic gaming companies

In choosing a HSM, a range of options need to be considered:

  • What connectivity does the HSM offer? What key storage capability does the HSM offer?
  • What tamper detection does it provide?
  • How many hosts can be connected to a single HSM?
  • Can the HSM be upgraded at a future point without requiring a return to the manufacturer?

AEP Networks Keyper: The ultimate protection of key material

Ultra Electronics AEP Networks has designed the Keyper range of HSMs which offer the ultimate level of protection for the most sensitive data and information systems. At the heart of Keyper is AEP Networks revolutionary ACCE technology.

ACCE is the next generation flexible crypto platform that provides the highest level of assurance – FIPS 140-2, Level 4. Based on this core technology, AEP Networks has built a product range to cater to the PKI, VPN and Web markets. The Keyper HSM is ideally suited to businesses deploying a cryptographic system where the protection of cryptographic keys is a priority, for example, in organizations requiring certificate signing, code or document signing, bulk generation or ciphering of keys or data.

The Keyper HSM is available in three models offering various levels of scale:

  • Keyper Professional
  • Keyper Enterprise
  • Keyper Plus

Features:

  • Architecture - Built using ACCE giving tamper protection to FIPS 140-2 Level 4
  • Design - Integrated smart card reader, PIN entry and cryptographic processing
  • Fault Tolerance - Supports resilient configurations
  • Scalability - Load balancing of multiple HSMs across multiple hosts
  • Choice of Interfaces - PKCS#11, Microsoft CAPI, Java JCE/JCA
  • Connectivity - Ethernet connectivity offering greater scalability and flexibility
  • Manageability - Small footprint allows desktop use or rack mounting
  • Field Upgradable – Upgrade firmware and algorithms in the field
  • Authenticated Use of Keys - Optionally PIN activated
  • Operating Systems - Linux, Free BSD, Solaris and Windows

Deployment:

Key management

Unlike other HSMs, the Keyper does not require another device to be connected in order to carry out key management tasks. All management activity is carried out using the built-in LCD, keypad and smart card reader. All key management requires two security officers to be present each with their own smart card and PIN number.

AEP's load balancing functionality allows keys to be automatically and securely distributed between Keyper's regardless of whether they are local to each other or are distributed across multiple sites, this distribution of keys is transparent to the application using the keys.

Ultra Safe - Keyper PKI example

Model Distinguishing Features Certification
Keyper Professional Low Price
  • FIPS 140-2 Level 4
  • Common Criteria EAL4+
Keyper Enterprise Enhanced throughput
  • FIPS 140-2 Level 4
  • Common Criteria EAL4+
Keyper Plus Elliptic curve algorithm supported FIPS 140-2 Level 4 (expected 2014)
Keyper DNSSEC Instant DNS signing server FIPS 140-2 Level 4 (expected 2014)

Typical uses

AEP Networks Keyper's are used by many different organisations including government, finance, telecommunications companies, PKI applications, content providers, electronic gaming machine companies, payment card industry compliance, supply chain, and healthcare electronic patient record security. The table below shows some examples of how:

Customer Type Applications Benefits
Online content provider Digital signing of online music, software and media Scalable, secure digital signing of assets to ensure integrity of products being purchased
Electronic gaming companies Digital signing of slot machine firmware Ensures that companies comply with regulatory requirements to verify gaming machine software integrity
Registration, certification and validation authorities Issuing, maintaining, validating PKI identities and certificates Secure, scalable and reliable infrastructure
Internet domain name organisations Signing of DNS records (DNSSEC) Prevents DNS cache poisoning
Enterprise Digital signing also used for email, documents and software/code Non-repudiation and authenticity for any transaction

Specifications:

Ultra Electronics Keyper Specifications
  Keyper Professional
Keyper Enterprise
Keyper Plus
Product Dimensions 223 x 51 x 244 mm 223 x 51 x 244 mm
Power Requirements 100 – 240VAC, 47-63 Hz (42VA) 100 – 240VAC, 47-63 Hz (65VA)
Cryptographic Functions and Services
  • RSA: 1024-4096 bit key length
  • DSA: 1024 bit key modulus
  • AES: 128-256 bit key length
  • DES/3DES: 112/168 bit key length
  • Hash: SHA-1, SHA-2, MD5
  • ECDSA: P192-P521 curves
  • ECDH: P192-P521 curves
  • RSA: 1024-4096 bit key length
  • DSA: 1024 bit key modulus
  • AES: 128-256 bit key length
  • 3DES: 168 bit key length
  • Hash: SHA-2
Performance (key signing, using up to 8 connections)
  • Keyper Professional: 300 tps (RSA 1024)
  • Keyper Enterprise: 1,200 tps (RSA 1024)
  • >3,500 tps (RSA 1024)
  • >2,000 tps (RSA 2048)
  • >950 tps (ECDSA 256)
Random number generation Hardware random number generator with full entropy (FIPS 186-2 compliant)
Administrator Roles
  • Security Officer
  • Operator
  • Security Officer
  • Crypto Officer
  • Operator
Key management
  • Storage Master Key (SMK) import/export via smart cards in M of N componens
  • Application Key import/export via smart cards protected with an internal Master Key (also via USB on Keyper Plus)
Key storage
  • Red Key Store: keys actively erased when a tamper is detected
  • Black Key Store: large key store encrypted under the SMK
Connectivity
  • Red Key Store: keys actively erased when a tamper is detected
  • Black Key Store: large key store encrypted under the SMK
  • TCP/IPv4 and IPv6 over Ethernet at 10/100/1000 Mbps full/half duplex with auto-negotiation
  • Up to 256 concurrent connections
Certification
  • FIPS 140-2 Level 4 (cert. #1340)
  • Common Criteria EAL4+
  • FIPS 140-2 Level 4 (expected 2013)
  • FIPS 140-3 Level 4 (expected 2014)
Operating Environment
  • Operating temp: 5 to 40 °C (25 to 90% humidity, non-condensing)
  • Storage temp: -15 to 65 °C
Host Software
  • Keyper Management Centre
    • PKCS#11 Provider
    • MS-CAPI Provider
      • CNG Provider
  • Load Balancer (optional)
  • Keyper Management Centre
    • PKCS#11 Provider
    • MS-CAPI Provider
      • CNG Provider
  • Load Balancer (optional)

Documentation:

Download the Keyper Plus HSM Datasheet (PDF).

Download the Keyper Load Balancer Datasheet (PDF).

Download the Net & Keyper Redundant Power Module Datasheet (PDF).

Download the Keyper & Net Rack Mounts Datasheet (PDF).

Pricing Notes:

Ultra Electronics
Ultra Electronics Keyper
Keyper Professional
#KEY-PRO
Contact Us for Pricing!
Keyper Enterprise
#KEY-ENT
Contact Us for Pricing!
Keyper Plus
#KEY-PLS
Contact Us for Pricing!