PRODUCTS

Products > PCI-e HSM
PCI-e HSM

Product introduction >>

The Sansec HSM Crypto card is a high performance cryptographic security device developed independently by Sansec. This module comes in 2 forms, the normal PCI-E card and the cloud environment card which supports virtualization. Sansec’s crypto cards provides high throughput and various cryptographic algorithms but most importantly, it supports SR-IOV technology (A type of hardware based virtualization solution). SR-IOV support enables the card to have better resource sharing capabilities under a virtualized environment. With the urgent need for security within a cloud environment, the card provides hardware support for cloud security. The cloud card has already been widely applied within cloud trust server solutions, cloud secure storage solutions, and cloud HSM solutions.

Product advantages

■ Supports Docker technology: Clients can access the cloud crypto card from within the Docker container. There is no limit to the number of containers that the HSM crypto card can support.

■ Supports virtualization for KVM and XEN. Users can now access the crypto card from within the VM. The card supports both Linux and Windows OS for the VM and also supports simultaneously running both OS. A maximum of 16 VMs can be supported per card.

■ H Advanced isolation technology: Supports SR-IOV technology. All VMs have authority management between them. All user and key data are divided and isolated via physical layers to ensure that when the applications call the crypto card, each VM can operate securely and independently

■ Supports storage encryption algorithms: Supports the XTS-SM algorithms for storage encryption with performance reaching up to 14Gbps.

■ High performance: SM2 signatures can reach 50000 signatures/s, can reach 1.2Gbps, SM4 can reach 14Gbps, RSA 2048 key generation can reach 6 pairs/s, RSA 1024 signature can reach 7000 signatures/s, and RSA 2048 signatures can reach 1500 signatures/s

■ Signatures and verifications: Depending on the requirements, the card can use the RSA/SM2 key pairs stored within the device or import RSA/SM2 key pairs from external sources to perform data signatures.

■ Digital envelope capability: Supports data envelopes for RSA/SM2 algorithms while also supporting the transferring of data protection from the outer keys to the internal keys.

■ Physical random number generator: Uses the WNG physical noise source chip to generate random numbers.

■ Supports official algorithm standards: Crypto card API conforms to the《Cryptographic device application interface specification》standards, has great adaptability, and simultaneously supports the PKCS11 and JCE standard interfaces.

■ Fully supports high speed PCI-E x8 interface.

Functional characteristics

■ Key generation and management: Can generate RSA key pairs with lengths of 1024/2048 and SM2 key pairs with lengths of 256 using random numbers created from dual WNG physical noise random number generator chips.

■ Data encryption and decryption: Supports ECB and CBC methods of data encryption and decryption for and SM4 algorithms.

■ MAC generation and verification: Supports generation and verification of MAC for and SM4 algorithms.

■ Generation and verification of data summaries: Supports SM3 types of hash algorithms.

■ Generation of data signatures and verifications: Depending on the requirements, the card can either use RSA/SM2 key pairs stored within the device or import RSA/SM2 key pairs from external sources to perform data signatures.

■ Digital envelope capability: Supports data envelopes for RSA/SM2 algorithms while also supporting the transferring of data protection from the outer keys to the internal keys.

■ Physical random number generator: Uses the WNG physical noise source chip to generate random numbers.

D-U-N-S Number 548071312
Beijing Sansec Technology Development Co., Ltd
Add: 16F Huacai Building, No.16 Guangshun North Street, Chaoyang District, Beijing China.[100102]
Tel: +86-010-59785977
E-mail: info@sansec.com.cn
Copyright © 2017-2018, SANSEC All Rights Reserved.