Data Encryption


  Quick Links  
    Contact Us
    Product Brochure
    Features
     

PrivateServer HSM (Hardware Security Module)

PrivateServer™ is ARX’s highly secure (FIPS 140-2 Level 3 ), network attached, Hardware Security Module (HSM) that provides a secure environment for data encryption, Pin Mailer printing and secure application execution. PrivateServer conducts sensitive cryptographic operations, secure key storage, and management of a large number of keys. Due to Flexible and highly secure infrastructure, PrivateServer enables customers and partners to develop their own custom modules using .NET programming languages that are executed inside the HSM.

 

PrivateServer More Info Contact Us
fips.gif

Key Features

pinlogo_resized.jpg
sdk_logo_resized.jpg
emv2_resized.jpg
Module
Development Kit

EMV
  What Does the PrivateServer HSM Do?
How Does the PrivateServer HSM Work?
PrivateServer HSM Benefits
Who is the Solution Aimed At?
Certification
Selected Customers
Technical Specifications

What Does the PrivateServer HSM Do?

PrivateServer provides a wide range of cryptographic operations, such as data encryption and secure key storage, for application servers using TCP/IP.

EMV Applications:

» EMV card issuance. PrivateServer HSM is used within physical card issuing processes for performing the decryption of sensitive material coming from the issuer and re-encrpyting it before writing to the card.
This usage of PrivateServer can be typically found in service bureaus.

» EMV authorizations. PrivateServer-HSM can be used as part of the issuer application to verify transactions that were made using EMV cards. The ability of PrivateServer-HSM to handle large amount of EMV transaction is outstanding (5000 triple DES based transactions such as verify ARQC - per second).

» EMV data preparation. PrivateServer HSM serves many roles in the Data Preparation processes within EMV card issuing centers, including: key generations, encryption of sensitive information, storage of issuer key and certificate, and more.

» EMV-CAP authorization. PrivateServer-HSM can be used as part of the issuer application to verify transactions that were made using EMV cards. The ability of PrivateServer-HSM to handle large amount of EMV transaction is outstanding (5000 triple DES based transactions such as verify ARQC - per second).

» PIN verification. These operations are used for both generating the personalized information that is put inside the magnetic strip such as CVV creation or PIN generation. Also, PrivateServer-HSM is capable of performing verification operations such as PIN verification, CVV verification etc.

PKI Applications:

» CA Signing Engine. PrivateServer can be used as a hardware-based signing engine for CA systems that use PKCS#11 or CAPI interface. For example, PrivateServer can be easily integrated with Microsoft CA running on Windows 2003 or Windows 2008 servers.  

» SSL Acceleration. In order to relieve the burden of cryptographic operations in Web servers, it is common practice to offload such operations to an externally-attached HSM such as PrivateServer.
See: http://en.wikipedia.org/wiki/SSL_acceleration

» EKM Provider forMicrosoft SQL Server 2008. PrivateServer has an Extensible Key Management (EKM) plug-in for Microsoft SQL Server 2008. This feature enables vendors to integrate with the database, encrypt sensitive data and store private keys in an external hardware device.
The PrivateServer EKM provider is suitable for any organization that is bound to the PCI-DSS (Payment Card Industry - Data Security Standard) regulations that require encryption of sensitive information such as credit card numbers.

The benefits gained with PrivateServer's integration with Microsoft SQL Server include:

   * Alleviation of SQL's cryptographic operations by utilizing an external hardware device
   * Execution of all cryptographic operations and storage of virtually an unlimited number of keys, all within the secured PrivateServer HSM enclosure
   * High performance of bulk cryptographic operations provides the best cost effective solution for database security
   * Support for multiple user sessions (each potentially having multiple keys) with secured authentication and login

» Microsoft Certificate LifeCycle Management.ARX's PrivateServer hardware security module (HSM) can be easily integrated with Microsoft Identity Lifecycle Manager (ILM) application. With PrivateServer, an organization can enhance the overall security of the ILM solution by:

  * Securely storing the master admin key within the secured HSM enclosure
  * Diversifying the master admin key and creating a different admin key for each smart card in the organization
  * Securely authenticating to the smart card with its admin key to perform management operations such as PIN unblock

PrivateServer can be integrated with solutions based on smart cards from any vendor that has a minidriver that implements Microsoft Base CSP API.

» General Purpose Cryptographic Appliance. PrivateServer offers a wide range of cryptographic algorithms through standard interfaces such as PKCS#11 and CAPI.

  * Symmetric cryptographic functions
  * Public-key cryptographic functions
  * Hash functions
  * Digital signatures.

The combination of a dedicated cryptographic server and cryptographic enhancements delivers toplevel performance together with heightened security. For example, PrivateServer is capable of performing:

  * 500 RSA 1024-bit signatures per second
  * 100 RSA 2048-bit signatures per second
  * 5000 EMV PIN transactions per second.

Advanced Features:

» Module Development Kit. The PrivateServer MDK enables customers and partners to develop their own custom modules that will be executed within the secure environmet of the PrivateServer HSM. PrivateServer MDK takes full advantage of the .NET environment and development tools to develop code that access the functionality of the PrivateServer API and performs cryptographic operations, generates keys and runs numerous other applications. The code is based on programming languages and tools supported by .NET Framework 2.0. These include: C#, VB .NET, Microsoft Visual Studio 2005 and many others.  

» PINMailer Printing. PrivateServer enables customers to securely output a PIN Mailer to a printer that is attached to the PrivateServer HSM. It can be used to print advanced PIN Mailer designs that contain both text and graphics. PrivateServer supports a large variety of printer brands of both PostScript and PCL printer types, depending on organizational needs. The printer can be directly attached to the PrivateServer through a parallel interface, serial interface, or by using a dedicated Ethernet based network interface.

Back to Top

How Does the HSM Work?

Any application that requires a cryptographic-based process will access PrivateServer through the network using the PrivateServer client. All data transferred across the network is encrypted. The process then takes place in the server, which accesses relevant keys provided the connecting user has the necessary permissions to do so. The entire operation is performed by PrivateServer, which then replies back to the client application to enable the transaction.

Back to Top

PrivateServer HSM Benefits

» Stores and securely manages a large number of keys
» Strong user authentication
» Internal audit mechanism
» Secure upgrade
» Secure backup and restore
» Customizable interface
» Secure, tamper-evident device
» Easy-to-deploy and manage
» Uses standard API's: PKCS#11, Microsoft® CAPI and JCA Strict user access control
» Cost effective, and more

Back to Top

Who is the Solution Aimed At?

PrivateServer is aimed at financial institutions, card issuers, and governmental organizations requiring security-related deployments such as the CA Signing Engine, EMV data preparation and card personalization, PIN verification, data encryption, and data signing.

 

btnTopBack to Top

Certification

FIPS 140-2 level 3 certification granted.

 

Back to Top

Selected Customers

Back to Top

Technical Specifications

Asymmetric Encryption Algorithm
» RSA (320-4096 bits)
  Physical Dimensions
» W 48.3cm; D 44.7cm; H 17.8cm
» 6U Rack mountable
» Weight 15KG
 
PKI Vendor Compatibility
» Microsoft CA (Win 2000, 2003 Server, 2008 Server)
» Microsoft Certificate Lifecycle Management (CLM)
» Entrust PKI
» Baltimore UniCERT
  Authentication Modes:
» Smart Card (Windows only)
» USB Token (Windows only)
» Software Key (Windows, Linux, HP, AIX and Solaris)
 
Symmetric encryption algorithms:
» DES
» Triple-DES
» AES
  Performance
» 500 RSA Signatures per second (1024 bit)
» 5000 Symmetric Transactions per second
 
Security Standards Certification
» FIPS 140-2 Level 3
» FCC Subpart B Class B
» EN 55022 Class B for AC mains and Ethernet lines
  Hash functions
» SHA-1, SHA-256, SHA-512
» ISO-Hashing
» ARDFP
» MD5
 
Secure key Storage
» Yes
  Remote Management
» Yes
 
Connectivity
» TCP/IP Ethernet

Cryptography API support
» PKCS#11
» Microsoft-Cryptographic API (CAPI)
» Java (JCA or extended)
  OS Support (Client)
» MS Windows 2000, XP, 2003 Server, Vista
» Sun/ Solaris (32 and 64 bit)
» HP-UX
» AIX (32 and 64 bit)
» OS/2
» Linux
» STRATUS/VOS
» Tandem
» MVSOS390
» OpenVMS

Back to Top

 

Ready to learn more about the benefits of using PrivateServer HSM (Host Security Module) for data encryption, key storage, and management? Get more information today or Contact us here and we’ll be happy to explain why this system is a must-have for secure key storage.

Learn about CoSign’s digital signature solution or try the free CoSign demo online.