Product introduction >>
Sansec’s SJJ1601 Cloud HSM is Beijing Sansec tech development company Ltd’s hardware product made specifically to fulfill the requirements of cloud computing. Primarily implemented as a hardware device, the cloud HSM can achieve virtualization of VSMs, each which can provide services such as encryption/decryption of data, perform signatures and verification, key management, maximize hardware efficiency, provide a secure connection service for computer network systems under the cloud environment, hence preventing acts of fraud.
Product Functions >>
Each physical HSM can operate multiple VSM, each of which can provide applications with cryptographic services while ensuring that all VSMs are completely independent and isolated from each other. This virtualization improves resource efficiency, more granular clustering of services, and can provide high speed, stable, and reliable cryptographic operation services.
Secure remote key management
Uses a automated cryptographic key for authentication and login, and allows the user to perform remote key management operations through an encrypted connection
Secure business usage
Business functions can call the encrypted connection from between the VSM and the application mainframes to protect user application data through the secure middle network environment
Centralized device management
Monitors and manages device through a centralized management center, isolates user key management rights and authorities, and ensures secure storage and usage of user keys. Centralized device management supports device real time monitoring and alarms to warn of device malfunctions. Administrators have full control of the device’s working status. Through some simple configurations, the administrator can easily complete the management work automatically.
High quality key generation
All key types are generated using OSCCA approved cryptographic hardware, hence ensuring their quality
Extensive application support
Application systems are developed identically to tradition cryptographic applications and support JCE, PKCS11, SDS types of standard application interfaces, satisfying traditional application requirements for transfer into virtualized or cloud environments
After the exclusive authority for application service deployment, through a 2 way SSL connection, it can call up multiple VSMs while supporting multiple application services sharing for the VSMs
Backup and recovery support
Supports VSM automatic backup and recovery function while assisting users in building applications programs that need a high usability of strong key protection
Product Features >>
Tight cloud environment deployment requirements
The cloud HSM’s method of cloud encryption are flexible and can be configured, shared by multiple users, and customized for users to deploy on private cloud, hence resolving the issue of isolating the key management rights. It is equipped with comprehensive technology and security mechanisms to ensure user key security
Reduces the cost of equipment procurement and management
The cloud HSM supports leasing of cryptographic services to provide services to its users. The users no longer need to purchase expensive equipment and can instead enjoy the various services provided by the cloud HSM at minimal costs. Multiple users can independently and securely share a single device. Through virtualization, have plans to implement 1 physical cloud HSM to act as 10 VSMs. At the same time that we’re reducing costs, we’re also saving physical space.
Cryptographic algorithm compliance
Cloud HSM supports the international algorithms RSA, TDES, and AES and can support different user requirements. It also supports the SM2, SM3, and SM4 domestic Chinese algorithms, satisfying the OSCCA standards and having a high security strength level.
5.2 Performance indicators