PrivateServer HSM

• CA Signing Engine. PrivateServer can be used as a hardware-based signing engine for CA systems that use PKCS#11 or CAPI interface. For example, PrivateServer can be easily integrated with Microsoft CA running on Windows 2003 or Windows 2008 servers.  
• SSL Acceleration. In order to relieve the burden of cryptographic operations in Web servers, it is common practice to offload such operations to an externally-attached HSM such as PrivateServer.
  See: http://en.wikipedia.org/wiki/SSL_acceleration
• EKM Provider forMicrosoft SQL Server 2008. PrivateServer has an Extensible Key Management (EKM) plug-in for Microsoft SQL Server 2008. This feature enables vendors to integrate with the database, encrypt sensitive data and store private keys in an external hardware device.
  The PrivateServer EKM provider is suitable for any organization that is bound to the PCI-DSS (Payment Card Industry - Data Security Standard) regulations that require encryption of sensitive information such as credit card numbers.
  The benefits gained with PrivateServer's integration with Microsoft SQL Server include:
• Alleviation of SQL's cryptographic operations by utilizing an external hardware device 
• Execution of all cryptographic operations and storage of virtually an unlimited number of keys, all within the secured PrivateServer HSM enclosure 
• High performance of bulk cryptographic operations provides the best cost effective solution for database security 
• Support for multiple user sessions (each potentially having multiple keys) with secured authentication and login. 
• Microsoft Certificate LifeCycle Management. ARX's PrivateServer hardware security module (HSM) can be easily integrated with Microsoft Identity Lifecycle Manager (ILM) application. With PrivateServer, an organization can enhance the overall security of the ILM solution by:
• Securely storing the master admin key within the secured HSM enclosure  
• Diversifying the master admin key and creating a different admin key for each smart card in the organization  
• Securely authenticating to the smart card with its admin key to perform management operations such as PIN unblock. 

PrivateServer can be integrated with solutions based on smart cards from any vendor that has a minidriver that implements Microsoft Base CSP API.

• General Purpose Cryptographic Appliance. PrivateServer offers a wide range of cryptographic algorithms through standard interfaces such as PKCS#11 and CAPI.
• Symmetric cryptographic functions  
•  Public-key cryptographic functions  
• Hash functions  
• Digital signatures

The combination of a dedicated cryptographic server and cryptographic enhancements delivers toplevel performance together with heightened security. For example, PrivateServer is capable of performing: 

• 1350 RSA 1024-bit signatures per second 
• 250 RSA 2048-bit signatures per second  
• 8000 EMV PIN transactions per second

• Module Development Kit. The PrivateServer MDK enables customers and partners to develop their own custom modules that will be executed within the secure environmet of the PrivateServer HSM. PrivateServer MDK takes full advantage of the .NET environment and development tools to develop code that access the functionality of the PrivateServer API and performs cryptographic operations, generates keys and runs numerous other applications. The code is based on programming languages and tools supported by .NET Framework 2.0. These include: C#, VB .NET, Microsoft Visual Studio 2005 and many others.  
• PINMailer Printing. PrivateServer enables customers to securely output a PIN Mailer to a printer that is attached to the PrivateServer HSM. It can be used to print advanced PIN Mailer designs that contain both text and graphics. PrivateServer supports a large variety of printer brands of both PostScript and PCL printer types, depending on organizational needs. The printer can be directly attached to the PrivateServer through a parallel interface, serial interface, or by using a dedicated Ethernet based network interface.