ARX PrivateServer™ is the market-leading highly secure (FIPS 140-2 Level 3, PCI-HSM v2.0), high-capacity, network-attached Hardware Security Module (HSM). It delivers a validated-secure environment for cryptographic operations, data encryption, key management, PIN Mailer printing andsecure application execution. PrivateServer has a high capacity for secure key storage and management within its internal database. Features are easily accessible via standard APIs including: Microsoft CAPI/CNG, PKCS#11 and JCA/JCE. PrivateServer also enables customers and system integrators to develop their own software modules using .NET programming languages (C#) that are executed inside this secure HSM. PrivateServer also offers an EKM plug-in that enables customers to easily secure data within Microsoft SQL Server 2008/2012 and provides cryptographic capabilities such as selective encryption, decryption, and enterprise key management functions under standard MS SQL. The PrivateServer EKM provider is also suitable for any organization that is bound to the PCI-DSS (Payment Card Industry – Data Security Standard) regulations that require encryption of sensitive information such as credit card numbers.
FIPS 140-2 level 3 certification granted.
PCI-HSM v2.0 certification granted.
FIPS 201 approved by the U.S. Government’s General Services Administration (GSA).
PrivateServer HSM Features
- Security: PrivateServer is FIPS 140-2 level 3 and PCI-HSM v2.0 validated, high-security, tamper-evident, tamper resistant, and tamper-reactive. It incorporates strict security measures to protect highly sensitive keys and key operations. All sensitive operations are performed within PrivateServer’s trusted environment.
- Key Storage and Management: PrivateServer has the unique capability of storing and managing a large capacity of encryption and signing keys in its internal secure database. PrivateServer’s centralized approach gives your organization a convenient, sophisticated and innovative capability for enterprise or network-wide key management. It has the ability to eliminate the need for an external key database, offering very refined controls and better scalability for your applications.
- High Performance: PrivateServer offers superior performance of both symmetric and asymmetric cryptographic operations. Such capabilities allow organizations to reduce costs by reducing the total number of HSM’s required.
- Ease of Management: PrivateServer’s network attached capability is designed to provide your organization with an easy-to-deploy and easy-to-manage security device. Multiple independent applications can access a single PrivateServer HSM concurrently. This eliminates the need to install a separate HSM for each application server. PrivateServer provides remote-management, load balancing, and high-availability capabilities.
- User Friendly: PrivateServer‘s has a friendly GUI management utility; organization administrators can easily and efficiently maintain the HSM.
- High Availability: PrivateServer’s load balancing / high-availability module supports both active-active configuration in which the load is distributed evenly among all production HSMs, and active-passive configuration in which backup HSMs become active in the event of a production HSM’s failure.
- Authorization and Control: PrivateServer ensures strict user/administrator/security officer’s access control over all keys and operations. Only authorized users with special permission have access to PrivateServer and to specific keys on a very granular level.
- Compatibility: A high-level API ensures easy and convenient integration of security services with any application using standard APIs such as PKCS#11, Microsoft CAPI/CNG and JCA/JCE. PrivateServer already supports numerous financial packages for 3D Secure, EMV personalization and issuing, and EMV authorization.
- Flexible and Customizable: Standard PrivateServer software modules are available for upgrading without the need to change physical hardware. Customizable PrivateServer modules can be developed according to your unique requirements. Customers have the optional ability to develop individual software modules to be securely loaded on PrivateServer.
- Auditing and Monitoring: PrivateServer’s audit log records information such as errors, cryptographic operations performed and maintenance events. The audit log can be collected by an external Syslog server. The PrivateServer can also be monitored using the standard SNMP protocol.
Who relies on the ARX PrivateServer HSM?
Financial institutions, card issuers, payment processors, enterprises, and government organizations requiring information security under distributed networks and applications.