PRODUCTS

Products > SecKMS
SecKMS

Product introduction >>

Sansec’s key management system (hereon referred to as SecKMS) is a hardware module using foundational product that ensures key safety and high availability and is scalable.

SecKMS supports symmetric keys, asymmetric keys, digital signatures, data certificates and verification tokenized forms of encryption management, simplified key management models, while providing a user based consistent key management protocol implementation, hence making it much easier to configure for encryption and management and reduces the cost of key management maintenance while also satisfying requirements of different applications and businesses.

SecKMS references KMIP for research and developmental purposes. This protocol is maintained by the OASIS organization and is a key management protocol for enterprises. It defines the service format for which keys are managed. Keys are created through the management service they can be protected through packaging.

Functional characteristics >>

·Key management

Provides complete management for key lifecycle and property. After authenticating to the encryption system, through the calling of standard interfaces you can complete operations of the key lifecycle including key generation, key storage, key backup, key update, key revocation, key archival, key recovery forms of secure management and property access, additions, modifications, and deletions.

·Hardware protection:

Can be seamlessly integrated with hardware cryptographic devices. The system’s algorithms and generation operation are all done through hardware. The keys will never appear outside the device, hence ensuring their security

·Strategic management:

Through the secure management of keys within the SecKMS, we have reached the goal of secure business systems management. Key access strategies can be set up through the KMS, in accordance with the key access rules the users set up

·Secure key transport:

Provides a mechanism for key issuing. Encryption systems and SecKMS will have a 2-way authentication. Once the authentication is complete, the SecKMS will issue a request and respond with the key after it has been packages via a data envelope.

·Template management:

Supports key template management operations. The user will define various types of symmetric and asymmetric key templates in accordance with their business requirements and define the information of template structure for organizations contact information. Through this template, we can achieve all kinds of key generation operations.

·KMIP support:

Communication protocol completely supports OASIS’s KMIP, and does not conflict with any existing KMIP client systems, can be directly connected and called upon registration, and vastly reduces operation costs.

·Multiple parallelism support:

When the user has a large amount of business to be dealt with, data is overly concentrated or amount of data that needs to be processed is very large, capabilities can be expanded via increasing the number of devices. The SecKMS supports load balancing and can seamlessly accept new devices to improve system capabilities.

·Backup and recovery support:

Supports backup and recovery mechanisms for user keys, templates, and certificates. Users can complete key backup operations through a web UI at their convenience and export encrypted files to be properly stored locally.

Product advantages >>

·Ensures data transmission security through secure channels

During the communication process, when sensitive data goes through network transmission, it will be protected through a secure channel, avoiding any disclosure of interface information from any middle attacks, replay attack, or other possibilities

·Supports KMIP interface

Fully supports the KMIP protocol introduced by the OASIS organization, which is a protocol for managing keys for enterprises. KMIP allows for communication between any encryption system and any KMS. Under these operations, enterprises can deploy a key management structure to manage all encryption systems within the enterprise.

·Authentication

Key management system supports commands and digital certificate verifications. User logins will log and record all important operations and use data signatures to ensure system security, enhancing audit strength.

·Supports distributed deployment

SecKMS can be deployed in a data center and can also simultaneously be deployed in a different a data center. Multiple KMS can implement multi node collaboration through secure protocols.

·Supports 3rd party CA

SecKMS can support 3rd party CA’s data certificates. In addition to ensuring security, it can provide more flexibility, reduce deployment process lengths, and avoid the maintenance costs of its security systems and reduces security risks.

·Log and audit

The system logs all of its operations, and will also digitally sign its operations. The log and audit capabilities perform inquiries on all logs within the system and verifies the efficiency.

Use cases>>

Qualification certificate >>

SM2 algorithm performance
256 bit SM2 key pair generation 5100 pairs/second
256 bit SM2 signature speed 4250 times/second
256 bit SM2 verification speed 2550 times/second
256 bit SM2 encryption speed 2380 times/second
256 bit SM2 decryption speed 3400 times/second
RSA algorithm performance
1024 bit RSA key pair generation speed 68 pairs/second
1024 bit RSA signature speed 8500 times/second
1024 bit RSA verification speed 51000 times/second
2048 bit RSA key pair generation 8 pairs/second
2048 bit RSA signature speed 1700 times/second
2048 bit RSA verification speed 17000 times/second
Symmetric algorithm performance
SM1 algorithm encryption/decryption speed 200Mbps
SM4 algorithm encryption/decryption speed 200 Mbps
AES algorithm encryption/decryption speed 340 Mbps
3DES algorithm encryption/decryption speed 340 Mbps
Hash algorithms
SM3 hash algorithms 340 Mbps

5.2 Performance indicators

SM2 algorithm performance
256 bit SM2 key pair generation 5100 pairs/second
256 bit SM2 signature speed 4250 times/second
256 bit SM2 verification speed 2550 times/second
256 bit SM2 encryption speed 2380 times/second
256 bit SM2 decryption speed 3400 times/second
RSA algorithm performance
1024 bit RSA key pair generation speed 68 pairs/second
1024 bit RSA signature speed 8500 times/second
1024 bit RSA verification speed 51000 times/second
2048 bit RSA key pair generation 8 pairs/second
2048 bit RSA signature speed 1700 times/second
2048 bit RSA verification speed 17000 times/second
Symmetric algorithm performance
SM1 algorithm encryption/decryption speed 200Mbps
SM4 algorithm encryption/decryption speed 200 Mbps
AES algorithm encryption/decryption speed 340 Mbps
3DES algorithm encryption/decryption speed 340 Mbps
Hash algorithms
SM3 hash algorithms 340 Mbps
D-U-N-S Number 548071312
Beijing Sansec Technology Development Co., Ltd
Add: 16F Huacai Building, No.16 Guangshun North Street, Chaoyang District, Beijing China.[100102]
Tel: +86-010-56297902
Fax: +86-010-58236196
版权所有信息 备案信息:京ICP备10218117号-2