A High Performance Hardware Based Transaction Security Solution For Cloud Data Centers, Enterprise, Government Organizations & Ecommerce Applications.

Overview

JISA launches Network Appliance HSM powered by LiquidSecurity (Cavium) ,HSM family provides a FIPS 140-2 level 3 certified solution that provides elastic and centralized key management and key operation functionality. With 32 partitioned HSMs in a single physical HSM, 100,000 key store independent of key size, 35,000 2048b RSA ops/sec and chaining of up to 20 Appliances, CN35XX family provides a solution that addresses requirements from few hundred RSA ops/sec or few key stores to 700K RSA ops/sec or 1M key store and everything in-between. This product family, available as a network HSM appliance, offers a no compromise cost efficient solution that addresses the stringent security requirements of SaaS applications, ecommerce payment systems and Enterprise, Banking and Government security applications especially as they migrate to the Public or Private cloud. Major applications for this product family include Key Management as-a-Service, Database as-a-Service, Crypto as-a-service, Secure DNS, SaaS Applications and Virtual Private Clouds in the Public Cloud.

Models & Performance

Main Model No. Sub Model Performance Partition Key Storage
Max RSA TPS Network Connectivity
CNN3560-NFBE-2.0-G J-35000 35000 (RSA 2048bits) 10 Gbe 32 100000 keys
CNN3530-NFBE-2.0-G J-20000 20000 (RSA 2048bits) 10 Gbe 24 50000 keys
CNN3510LP-NFBE-2.0-G J-10000 10000 (RSA 2048bits) 1 Gbe 24 50000 keys
CNN3505LP-NFBE-2.0-G J-5000 5000 (RSA 2048bits) 1 Gbe 16 10000 keys
CNN3505LP-NFBE-2.0-G J-2000 2000 (RSA 2048bits) 1 Gbe 8 10000 keys
CNN3505LP-NFBE-2.0-G J-1000 1000 (RSA 2048bits) 1 Gbe 8 10000 keys
CNN3505LP-NFBE-2.0-G J-500 500 (RSA 2048bits) 1 Gbe 8 10000 keys

Capabilities

  • 35K 2048b RSA ops/sec
  • 10G Bulk crypto / sec
  • 11K ECC ops/sec
  • 100K any size key store in crypto memory
  • Up to 32 Partitions per appliance
  • Two Factor Authentication
  • Extensive key management

Network Interface

  • Dual network Interface
  • option of 1GbE or 10 GbE

Supported OS

  • Windows and Linux

Out of the Box solution

  • Cryptographic APIs such as PKCS11, Java JCA, OpenSSL
  • Health checks, Audit logs

Division of Roles

  • Appliance admin: Create, enable/disable partitions but no access to keys in FIPS boundary
  • Partition admin: Create users per partition
  • Partition Users: Create, import keys and use them

Power Supply

  • 2 x 1U 740W Redundant Power Supply
  • Power Efficiency : 94%
  • Output and Input :740W with Input 100 – 240Vac
  • AC Input Freq. : 50-60Hz
  • Power Distributor:O/P: 12V/75A
    • +5V Max: 30A
    • +3.3V Max: 24A
    • -12V Max: 0.6A

Physical specifications network appliance

  • Height 5″ (89 mm)
  • Width 2″ (437 mm)
  • Depth 5″ (647 mm)
  • Gross Weight 52 lbs (23.59 kg)
  • Packaging (W x H x L) 7″ (678 mm) x 11.4″ (290 mm) x 34.5″ (876 mm)
  • Operating temperature: +10°C to +50°C (+50°F to +122°F)
  • Storage temperature: -10°C to +55°C (+14°F to +131°F)
  • Relative humidity: 10% to 95% non-condensing

RSA

  • KeyGen: 2048 and 3072-bit
  • PKCS #1 1.5 SigGen: 2048 and 3072-bit (SHA-224, 256, 384, 512)
  • PKCS #1 1.5 SigVer: 1024, 2048 and 3072-bit (SHA-1, 224, 256, 384,512)

DSA

  • PQG Gen: 2048 and 3072-bit (SHA-256)
  • PQG Ver: 1024-bit (SHA-1); 2048 and 3072-bit (SHA-256)
  • Sig Gen: 2048-bit (SHA-224, -256, -384, -512)
  • SigVer: 1024, 2048 and 3072-bit (SHA-1, 224, -256, -384, 512)

ECDSA

  • PKG: P-224, P-256, P-384, P-521, K-233, K-283, K-409, K571,
  • B-233, B-283, B-409, and B-571
  • PKV: All P, K and B curves
  • Sig Gen: P-224, P-256, P-384, P-521, K-233, K-283, K-409,
  • K-571, B-233, B-283, B-409, and B-571 (SHA-224, -256, –
  • 384, -512)
  • SigVer: All P, K and B curves (SHA-1, 224, -256, -384, -512)

ECC

  • ECC CDH: P-224 and P-256 with SHA-256,P-384 and P-521 with SHA-512

Hash

  • SHA: 1, 224, 256, 384, and 512 , MD5

AES

  • ECB mode: Encrypt/Decrypt; 128, 192 and 256-bit
  • CBC mode: Encrypt/Decrypt; 128, 192 and 256-bit
  • GCM mode: Encrypt/Decrypt; 128, 192 and 256-bit

Triple-DES

  • TECB mode; 3-key
  • TCBC mode; 3-key

RNG

  • Hardware Random Number Generator

Download Broucher