PRODUCTS

Products > CloudHSM
Cloud HSM

Product introduction >>

Sansec’s SJJ1601 Cloud HSM is Beijing Sansec tech development company Ltd’s hardware product made specifically to fulfill the requirements of cloud computing. Primarily implemented as a hardware device, the cloud HSM can achieve virtualization of VSMs, each which can provide services such as encryption/decryption of data, perform signatures and verification, key management, maximize hardware efficiency, provide a secure connection service for computer network systems under the cloud environment, hence preventing acts of fraud.

Product Functions >>

HSM virtualization

Each physical HSM can operate multiple VSM, each of which can provide applications with cryptographic services while ensuring that all VSMs are completely independent and isolated from each other. This virtualization improves resource efficiency, more granular clustering of services, and can provide high speed, stable, and reliable cryptographic operation services.

Secure remote key management

Uses a automated cryptographic key for authentication and login, and allows the user to perform remote key management operations through an encrypted connection

Secure business usage

Business functions can call the encrypted connection from between the VSM and the application mainframes to protect user application data through the secure middle network environment

Centralized device management

Monitors and manages device through a centralized management center, isolates user key management rights and authorities, and ensures secure storage and usage of user keys. Centralized device management supports device real time monitoring and alarms to warn of device malfunctions. Administrators have full control of the device’s working status. Through some simple configurations, the administrator can easily complete the management work automatically.

High quality key generation

All key types are generated using OSCCA approved cryptographic hardware, hence ensuring their quality

Extensive application support

Application systems are developed identically to tradition cryptographic applications and support JCE, PKCS11, SDS types of standard application interfaces, satisfying traditional application requirements for transfer into virtualized or cloud environments

Multi-parallelism support

After the exclusive authority for application service deployment, through a 2 way SSL connection, it can call up multiple VSMs while supporting multiple application services sharing for the VSMs

Backup and recovery support

Supports VSM automatic backup and recovery function while assisting users in building applications programs that need a high usability of strong key protection

Product Features >>

Tight cloud environment deployment requirements

The cloud HSM’s method of cloud encryption are flexible and can be configured, shared by multiple users, and customized for users to deploy on private cloud, hence resolving the issue of isolating the key management rights. It is equipped with comprehensive technology and security mechanisms to ensure user key security

Reduces the cost of equipment procurement and management

The cloud HSM supports leasing of cryptographic services to provide services to its users. The users no longer need to purchase expensive equipment and can instead enjoy the various services provided by the cloud HSM at minimal costs. Multiple users can independently and securely share a single device. Through virtualization, have plans to implement 1 physical cloud HSM to act as 10 VSMs. At the same time that we’re reducing costs, we’re also saving physical space.

Cryptographic algorithm compliance

Cloud HSM supports the international algorithms RSA, TDES, and AES and can support different user requirements. It also supports the SM2, SM3, and SM4 domestic Chinese algorithms, satisfying the OSCCA standards and having a high security strength level.

Application Scenarios >>

Hardware index

Physical characteristics
Specifications 2U
LCD screen Included
Dimensions(width x depth x height) 520x440x 89mm
Mass 14Kg
Physical characteristics
Working power supply 220V,50Hz,350W Redundant power supply
Power consumption 250W
Network socket RJ-45 10/100/1000Mb x2
Working protocol TCP/IP
MTBF Greater than 50000 hours
Environment parameters
Work temperature 10℃-50℃
Non-condensing humidity 5%-85%
Storage temperatur 0℃-60℃
Non-condensing humidity 5%-95%

5.2 Performance indicators

SM2 algorithm performance
256 bit SM2 key pair generation 5100 pairs/second
256 bit SM2 signature speed 4250 times/second
256 bit SM2 verification speed 2550 times/second
256 bit SM2 encryption speed 2380 times/second
256 bit SM2 decryption speed 3400 times/second
RSA algorithm performance
1024 bit RSA key pair generation speed 68 pairs/second
1024 bit RSA signature speed 8500 times/second
1024 bit RSA verification speed 51000 times/second
2048 bit RSA key pair generation 8 pairs/second
2048 bit RSA signature speed 1700 times/second
2048 bit RSA verification speed 17000 times/second
Symmetric algorithm performance
SM4 algorithm encryption/decryption speed 200 Mbps
AES algorithm encryption/decryption speed 340 Mbps
3DES algorithm encryption/decryption speed 340 Mbps
Hash algorithms
SM3 hash algorithms 340 Mbps
D-U-N-S Number 548071312
Beijing Sansec Technology Development Co., Ltd
Add: 16F Huacai Building, No.16 Guangshun North Street, Chaoyang District, Beijing China.[100102]
Tel: +86-010-59785977
E-mail: info@sansec.com.cn
Copyright © 2017-2018, SANSEC All Rights Reserved.