
Ultra Electronics Keyper
The ultimate protection of key material
Click here to jump to more pricing!
Overview:
Where cryptographic services are used to protect an information system, trust and integrity are derived from the security of the underlying signing and encryption keys. This makes protection of these keys critical to the overall trust and integrity of a system.
Cryptographic key material can be stored and protected in a variety of ways and on a variety of media including software, smart cards and USB tokens. However, where protection is critical, the level of security offered by these solutions may not always be enough.
Storing and protecting key material on a physically separate Hardware Security Module (HSM) is the only viable option. A critical element in the architecture and deployment of a cryptographic system is the design and flexibility that an HSM can afford the system
Key business benefits
- Assurance - the only FIPS 140-2 Level 4 HSM
- Capability - broad range of algorithms including AES, ECDSA
- Compatibility - supports numerous third-party security applications, operating systems
- Scalability - load-sharing across multiple devices
- Reliability - resilience and disaster recovery configurations
- Pedigree - long history of use in blue chip companies
Applicable markets
- Enterprise PKI, Authentication & DNSSECRegistration, certification & validation authorities
- Digital Signature - Email, Doc, Code (Software), Firmware
- Internet domain name organisations
- Online content providers
- Electronic gaming companies
In choosing a HSM, a range of options need to be considered:
- What connectivity does the HSM offer? What key storage capability does the HSM offer?
- What tamper detection does it provide?
- How many hosts can be connected to a single HSM?
- Can the HSM be upgraded at a future point without requiring a return to the manufacturer?
AEP Networks Keyper: The ultimate protection of key material
Ultra Electronics AEP Networks has designed the Keyper range of HSMs which offer the ultimate level of protection for the most sensitive data and information systems. At the heart of Keyper is AEP Networks revolutionary ACCE technology.
ACCE is the next generation flexible crypto platform that provides the highest level of assurance – FIPS 140-2, Level 4. Based on this core technology, AEP Networks has built a product range to cater to the PKI, VPN and Web markets. The Keyper HSM is ideally suited to businesses deploying a cryptographic system where the protection of cryptographic keys is a priority, for example, in organizations requiring certificate signing, code or document signing, bulk generation or ciphering of keys or data.
The Keyper HSM is available in three models offering various levels of scale:
- Keyper Professional
- Keyper Enterprise
- Keyper Plus
Features:
- Architecture - Built using ACCE giving tamper protection to FIPS 140-2 Level 4
- Design - Integrated smart card reader, PIN entry and cryptographic processing
- Fault Tolerance - Supports resilient configurations
- Scalability - Load balancing of multiple HSMs across multiple hosts
- Choice of Interfaces - PKCS#11, Microsoft CAPI, Java JCE/JCA
- Connectivity - Ethernet connectivity offering greater scalability and flexibility
- Manageability - Small footprint allows desktop use or rack mounting
- Field Upgradable – Upgrade firmware and algorithms in the field
- Authenticated Use of Keys - Optionally PIN activated
- Operating Systems - Linux, Free BSD, Solaris and Windows
Deployment:
Key management
Unlike other HSMs, the Keyper does not require another device to be connected in order to carry out key management tasks. All management activity is carried out using the built-in LCD, keypad and smart card reader. All key management requires two security officers to be present each with their own smart card and PIN number.
AEP's load balancing functionality allows keys to be automatically and securely distributed between Keyper's regardless of whether they are local to each other or are distributed across multiple sites, this distribution of keys is transparent to the application using the keys.
Model | Distinguishing Features | Certification |
---|---|---|
Keyper Professional | Low Price |
|
Keyper Enterprise | Enhanced throughput |
|
Keyper Plus | Elliptic curve algorithm supported | FIPS 140-2 Level 4 (expected 2014) |
Keyper DNSSEC | Instant DNS signing server | FIPS 140-2 Level 4 (expected 2014) |
Typical uses
AEP Networks Keyper's are used by many different organisations including government, finance, telecommunications companies, PKI applications, content providers, electronic gaming machine companies, payment card industry compliance, supply chain, and healthcare electronic patient record security. The table below shows some examples of how:
Customer Type | Applications | Benefits |
---|---|---|
Online content provider | Digital signing of online music, software and media | Scalable, secure digital signing of assets to ensure integrity of products being purchased |
Electronic gaming companies | Digital signing of slot machine firmware | Ensures that companies comply with regulatory requirements to verify gaming machine software integrity |
Registration, certification and validation authorities | Issuing, maintaining, validating PKI identities and certificates | Secure, scalable and reliable infrastructure |
Internet domain name organisations | Signing of DNS records (DNSSEC) | Prevents DNS cache poisoning |
Enterprise | Digital signing also used for email, documents and software/code | Non-repudiation and authenticity for any transaction |
Specifications:
Ultra Electronics Keyper Specifications | ||
---|---|---|
Keyper Professional Keyper Enterprise |
Keyper Plus | |
Product Dimensions | 223 x 51 x 244 mm | 223 x 51 x 244 mm |
Power Requirements | 100 – 240VAC, 47-63 Hz (42VA) | 100 – 240VAC, 47-63 Hz (65VA) |
Cryptographic Functions and Services |
|
|
Performance (key signing, using up to 8 connections) |
|
|
Random number generation | Hardware random number generator with full entropy (FIPS 186-2 compliant) | |
Administrator Roles |
|
|
Key management |
|
|
Key storage |
|
|
Connectivity |
|
|
Certification |
|
|
Operating Environment |
|
|
Host Software |
|
|
Documentation:
Download the Keyper Plus HSM Datasheet (PDF).
Download the Keyper Load Balancer Datasheet (PDF).
Download the Net & Keyper Redundant Power Module Datasheet (PDF).
Download the Keyper & Net Rack Mounts Datasheet (PDF).
- Pricing and product availability subject to change without notice.