A High Performance Hardware Based Transaction Security Solution For Cloud Data Centers, Enterprise, Government Organizations & Ecommerce Applications.

Overview

JISA in association with Cavium HSM introduces HSM family provides a FIPS 140-2 level 3 certified solution that provides elastic and centralized key management and key operation functionality. With 32 partitioned HSMs in a single physical HSM, 100,000 key store independent of key size, 35,000 2048b RSA ops/sec and chaining of up to 20 Appliances, CN35XX family provides a solution that addresses requirements from few hundred RSA ops/sec or few key stores to 700K RSA ops/sec or 1M key store and everything in-between. This product family, available as a network HSM appliance, offers a no compromise cost efficient solution that addresses the stringent security requirements of SaaS applications, ecommerce payment systems and Enterprise, Banking and Government security applications especially as they migrate to the Public or Private cloud. Major applications for this product family include Key Management as-a-Service, Database as-a-Service, Crypto as-a-service, Secure DNS, SaaS Applications and Virtual Private Clouds in the Public Cloud.

NETHSM–OEM

Hardware Security Module CNN35XX OEM makes available to every Third party software vendor and  system integrators an open and secure hardware platform to customize your own cryptographic appliances

Porting in the secure boundaries of the CNN35XX OEM a security application on a Linux operating system has never been so innovative and so easy.

Models & Performance

Device Performance Partition
Max RSA TPS Network Connectivity
CNN3560-OEM 35000 (2048bits) 1 GbE or 10 GbE 32
CNN3530-OEM 20000 (2048bits) 1 GbE or 10 GbE 24
CNN3510-OEM 10000 (2048bits) 1 GbE or 10 GbE 24
CNN3505-OEM 5000 (2048bits) 1 GbE or 10 GbE 8

Capabilities

  • 35K 2048b RSA ops/sec
  • 10G Bulk crypto / sec
  • 11K ECC ops/sec
  • 100K any size key store in crypto memory
  • Up to 32 Partitions per appliance
  • Two Factor Authentication
  • Extensive key managem

Network Interface

  • Dual network Interface
  • option of 1GbE or 10 GbE

Supported OS

  • Windows and Linux

Out of the Box solution

  • Cryptographic APIs such as PKCS11, Java JCA, OpenSSL
  • Health checks, Audit logs

Division of Roles

  • Appliance admin: Create, enable/disable partitions but no access to keys in FIPS boundary
  • Partition admin: Create users per partition
  • Partition Users: Create, import keys and use them

Power Supply

  • 2 x 1U 740W Redundant Power Supply
  • Power Efficiency : 94%
  • Output and Input :740W with Input 100 – 240Vac
  • AC Input Freq. : 50-60Hz
  • Power Distributor:O/P: 12V/75A
    • +5V Max: 30A
    • +3.3V Max: 24A
    • -12V Max: 0.6A

Physical specifications network appliance

  • Height 5″ (89 mm)
  • Width 2″ (437 mm)
  • Depth 5″ (647 mm)
  • Gross Weight 52 lbs (23.59 kg)
  • Packaging (W x H x L) 7″ (678 mm) x 11.4″ (290 mm) x 34.5″ (876 mm)
  • Operating temperature: +10°C to +50°C (+50°F to +122°F)
  • Storage temperature: -10°C to +55°C (+14°F to +131°F)
  • Relative humidity: 10% to 95% non-condensing

RSA

  • KeyGen: 2048 and 3072-bit
  • PKCS #1 1.5 SigGen: 2048 and 3072-bit (SHA-224, 256, 384, 512)
  • PKCS #1 1.5 SigVer: 1024, 2048 and 3072-bit (SHA-1, 224, 256, 384,512)

DSA

  • PQG Gen: 2048 and 3072-bit (SHA-256)
  • PQG Ver: 1024-bit (SHA-1); 2048 and 3072-bit (SHA-256)
  • Sig Gen: 2048-bit (SHA-224, -256, -384, -512)
  • SigVer: 1024, 2048 and 3072-bit (SHA-1, 224, -256, -384, 512)

ECDSA

  • PKG: P-224, P-256, P-384, P-521, K-233, K-283, K-409, K571,
  • B-233, B-283, B-409, and B-571
  • PKV: All P, K and B curves
  • Sig Gen: P-224, P-256, P-384, P-521, K-233, K-283, K-409,
  • K-571, B-233, B-283, B-409, and B-571 (SHA-224, -256, –
  • 384, -512)
  • SigVer: All P, K and B curves (SHA-1, 224, -256, -384, -512)

ECC

  • ECC CDH: P-224 and P-256 with SHA-256,P-384 and P-521 with SHA-512

Hash

  • SHA: 1, 224, 256, 384, and 512 , MD5

AES

  • ECB mode: Encrypt/Decrypt; 128, 192 and 256-bit
  • CBC mode: Encrypt/Decrypt; 128, 192 and 256-bit
  • GCM mode: Encrypt/Decrypt; 128, 192 and 256-bit

Triple-DES

  • TECB mode; 3-key
  • TCBC mode; 3-key

RNG

  • Hardware Random Number Generator