Ultra Electronics Keyper
The ultimate protection of key material
Where cryptographic services are used to protect an information system, trust and integrity are derived from the security of the underlying signing and encryption keys. This makes protection of these keys critical to the overall trust and integrity of a system.
Cryptographic key material can be stored and protected in a variety of ways and on a variety of media including software, smart cards and USB tokens. However, where protection is critical, the level of security offered by these solutions may not always be enough.
Storing and protecting key material on a physically separate Hardware Security Module (HSM) is the only viable option. A critical element in the architecture and deployment of a cryptographic system is the design and flexibility that an HSM can afford the system
Key business benefits
- Assurance - the only FIPS 140-2 Level 4 HSM
- Capability - broad range of algorithms including AES, ECDSA
- Compatibility - supports numerous third-party security applications, operating systems
- Scalability - load-sharing across multiple devices
- Reliability - resilience and disaster recovery configurations
- Pedigree - long history of use in blue chip companies
- Enterprise PKI, Authentication & DNSSECRegistration, certification & validation authorities
- Digital Signature - Email, Doc, Code (Software), Firmware
- Internet domain name organisations
- Online content providers
- Electronic gaming companies
In choosing a HSM, a range of options need to be considered:
- What connectivity does the HSM offer? What key storage capability does the HSM offer?
- What tamper detection does it provide?
- How many hosts can be connected to a single HSM?
- Can the HSM be upgraded at a future point without requiring a return to the manufacturer?
AEP Networks Keyper: The ultimate protection of key material
Ultra Electronics AEP Networks has designed the Keyper range of HSMs which offer the ultimate level of protection for the most sensitive data and information systems. At the heart of Keyper is AEP Networks revolutionary ACCE technology.
ACCE is the next generation flexible crypto platform that provides the highest level of assurance – FIPS 140-2, Level 4. Based on this core technology, AEP Networks has built a product range to cater to the PKI, VPN and Web markets. The Keyper HSM is ideally suited to businesses deploying a cryptographic system where the protection of cryptographic keys is a priority, for example, in organizations requiring certificate signing, code or document signing, bulk generation or ciphering of keys or data.
The Keyper HSM is available in three models offering various levels of scale:
- Keyper Professional
- Keyper Enterprise
- Keyper Plus
- Architecture - Built using ACCE giving tamper protection to FIPS 140-2 Level 4
- Design - Integrated smart card reader, PIN entry and cryptographic processing
- Fault Tolerance - Supports resilient configurations
- Scalability - Load balancing of multiple HSMs across multiple hosts
- Choice of Interfaces - PKCS#11, Microsoft CAPI, Java JCE/JCA
- Connectivity - Ethernet connectivity offering greater scalability and flexibility
- Manageability - Small footprint allows desktop use or rack mounting
- Field Upgradable – Upgrade firmware and algorithms in the field
- Authenticated Use of Keys - Optionally PIN activated
- Operating Systems - Linux, Free BSD, Solaris and Windows
Unlike other HSMs, the Keyper does not require another device to be connected in order to carry out key management tasks. All management activity is carried out using the built-in LCD, keypad and smart card reader. All key management requires two security officers to be present each with their own smart card and PIN number.
AEP's load balancing functionality allows keys to be automatically and securely distributed between Keyper's regardless of whether they are local to each other or are distributed across multiple sites, this distribution of keys is transparent to the application using the keys.
|Keyper Professional||Low Price||
|Keyper Enterprise||Enhanced throughput||
|Keyper Plus||Elliptic curve algorithm supported||FIPS 140-2 Level 4 (expected 2014)|
|Keyper DNSSEC||Instant DNS signing server||FIPS 140-2 Level 4 (expected 2014)|
AEP Networks Keyper's are used by many different organisations including government, finance, telecommunications companies, PKI applications, content providers, electronic gaming machine companies, payment card industry compliance, supply chain, and healthcare electronic patient record security. The table below shows some examples of how:
|Online content provider||Digital signing of online music, software and media||Scalable, secure digital signing of assets to ensure integrity of products being purchased|
|Electronic gaming companies||Digital signing of slot machine firmware||Ensures that companies comply with regulatory requirements to verify gaming machine software integrity|
|Registration, certification and validation authorities||Issuing, maintaining, validating PKI identities and certificates||Secure, scalable and reliable infrastructure|
|Internet domain name organisations||Signing of DNS records (DNSSEC)||Prevents DNS cache poisoning|
|Enterprise||Digital signing also used for email, documents and software/code||Non-repudiation and authenticity for any transaction|
|Ultra Electronics Keyper Specifications|
|Product Dimensions||223 x 51 x 244 mm||223 x 51 x 244 mm|
|Power Requirements||100 – 240VAC, 47-63 Hz (42VA)||100 – 240VAC, 47-63 Hz (65VA)|
|Cryptographic Functions and Services||
|Performance (key signing, using up to 8 connections)||
|Random number generation||Hardware random number generator with full entropy (FIPS 186-2 compliant)|
- Pricing and product availability subject to change without notice.