BlackVault CYNR
BlackVault CYNR
Overview
The BlackVault CYNR is a “plug-n-play” code and document signing appliance that brings a new level of security, simplicity, and structure to code and document signing. Signing and timestamping have never been as easy or secure as with this purpose built platform that includes a smart card reader, USB host port, touch screen display and cryptographically advanced FIPS 140-2 Level 3+ Hardware Security Module (HSM).
Ensure your code and documents are highly secure, and meet internal and external processes and compliance objectives with the easy to use and intuitive BlackVault CYNR.
"Plug-n-Play" Digital Signatures
The BlackVault CYNR boots as a signing appliance; once initialized, simply load the code or document to be signed, use the integrated touch screen display to select (or create) the signing key, then execute. The signed code or document is ready for publishing, avoiding the complexity with secure installation and configuration of general purpose operating systems and HSMs.
Digital Certificates / CSRs
The BlackVault CYNR supports self-signed and certificate-signed operations. Obtaining digital certificates (trust path to a certificate authority) is facilitated by the Certificate Signing Request (CSR) feature. Ready to submit CSRs are generated and sent to the USB port or a network attached folder. Once the certificate is received from your Certificate Authority (CA) simply import it into the BlackVault CYNR.
Trusted Path Authentication / Sign-Off
Ensuring proper authorization prior to code or document signing is a key capability of the BlackVault CYNR. The intuitive touch screen display with randomized keypad provides a certified trust path for configuration, PIN entry, and backup operations.
In addition, the integrated smart card reader facilitates two-factor authentication, and advanced “M of N” Quorum approval. This ensures that no single individual can represent the enterprise and release reputation damaging code or documents.
Real Time Audits
Constantly updated configuration and operation information provide Security Administrators with the data to discover anomalous activity or failure of critical functions. Audit information can be sent to a trusted entity and is protected to prevent unauthorized access, modification, or deletion.
Integrated Hardware Security Module
Behind the scenes of the BlackVault CYNR is an integrated military grade HSM that creates, stores, and logs private key and digital signature information in its highly secure Level 3+ tamper reactive crypto boundary.
Additionally, if the CA certificate changes, the EST client will notice the change and automatically obtain the new certificate. This process of auto re-enrollment and CA redistribution is faster and less work intensive than previous certificate management protocols.
Applications
Code Signing
Adobe PDF Signing
Java Archive Signing
ZIP Signing
APKSigning
Authenticode
Code Signing
Adobe PDF Signing
Java Archive Signing
ZIP Signing
APKSigning
Authenticode
Features
Fully HSM Integrated Digital Signing Application
Supports Code and Document Signing
Digital Certificate Ready (or Self Signing)
Generate and Store Public / Private Keys and Signatures
Intrusion Tamper Reactive Hardware (Level 3+)
Single Trust Path Touch Screen User Interface
Integrated Smart Card Reader
USB Interface
Solid State Construction (“Transport Safe”)
Highly Secure Silicon Die Shield Crypto Boundary
Multiple Administrative Roles
M of N Multi-factor Authentication
Key Backup / Cloning
Full Suite B Cryptography
Software Upgradable
Benefits
“Plug-n-Play” Code and Document Signing
Ensures Compliance with Release Process
No Software Installation, Extra Server Configuration, etc.
Easy to Set Up, Intuitive Operation
Secure Keys in Tamper Reactive Hardware
Generate, Store, Backup and Decommission Keys
Expedite Regulatory Compliance Audits
Single Platform has Network and USB Ports
Compact, Fits in Safe, Server Slot, Secure Room
Integrated Multi-factor Authentication (Trust Path)
Multi-level Access Control
Secure Audit Logging
Application Examples
Code Signing
Maintaining the security of the private code signing key is of critical importance to the developer and the end user. If a developer leaves their keystore and passwords in an unsecured location such that a third-party could find and use them, a developer's authoring identity and the trust of their customers is vulnerable to compromise.
Injecting malicious code into legitimate applications is a powerful tool available to cyber attackers. The third-party could sign and distribute apps that maliciously replace your authentic apps with ones that corrupt, steal user data, and attack other apps or the system itself.
It is increasingly important to ensure private keys associated with these digital signatures are secure for an extended period of time. An Android Developer's private key is required for signing all future versions of their app. Updates to their existing app requires the original code signing key.
BlackVault CYNR, with a 10 year battery backed key store, makes App signing a highly secure and easy to implement solution for JAVA and Android apps.
Document Signing
Digital signatures play an ever increasing role in authenticating and verifying the integrity of documents and files used in legal, financial, real estate and in other cases where it is important to detect forgery or tampering. A valid digital signature gives a recipient reason to believe that the document was created by a known sender.
With the growing sophistication of cyber attackers, the ease of forging electronic signatures and the concern of internal fraud, organizations must put appropriate security measures in place. TheBlackVault CYNR provides a very high level of security with a digital signature process that is both easy to implement and use for PDF and Zip files.
Quorum
BlackVault CYNR's Smart Card interface with 2-Factor "M of N" authentication makes the establishment of a Quorum for code or document signing inherently straight forward.
In order to conduct a signing, the required minimum number of members of the organization must have physically logged in.
This ensures that no single individual is able to represent the organization. The fate of a company is not dependent upon the disposition of one person.
Specifications
Digital Signatures
- Signs Software Code
- Signs Documents Adobe PDF, Java Archive (JAR), ZIP, and APK | (Authenticode)
- NTP Based Signature Time Stamp
Certificate Support
- Self-Signed or Subordinated
- Exports Certificate Signing Request (CSR) for CA
- Imports Certificate for Subordinated Signatures
Cryptography
- Full Suite B support with Elliptic Curve Cryptography (ECC)
- Asymmetric: RSA (1024, 2048, 4096, 8192), Diffie-Hellman, DSA, Elliptic Curve Cryptography (ECDSA, ECDH)
- Symmetric: AES 256
- Hash / Message Digest: SHA-1, SHA-2 (224, 256, 384, 512)
- Hardware Random Number Generator: NIST SP 800-90
Connectivity
- USB 2.0
- Integrated Smart Card Reader
Management
- Touch Screen Graphical User Interface
- Command Line Interface (CLI)
- Syslog Logging
- SNMPv3 Monitoring and Traps
- Multi-level Access Control ("M of N")
Mounting
- Desktop (Portable)
- 19” rack mount (1U height)
- Server Hard Drive Slot Embeddable
Physical
- Dimensions: 4” x 6” x 1” (102 mm x 153 mm x 26 mm)
- Weight: 1 lb. (0.454 kg)
Power
- Power Consumption: 4W
- Input Range: 5 to 30 VDC
- Lockable DB9 Connector
- AC adaptor included (order per country)
Redundancy
- Optional Dual Power, Hot Standby
Environmental
- Operating Temperature: -10° to 50° C (0° to 132° F)
- Operating Humidity: Up to 90% (Non-Condensing)
- Optional Extended Temperature Range Available
Certification
- FIPS 140-2 Level 3+ (Pending)
Regulatory
- CE
- Safety: IEC 60950
- EMC: CFR 47 Part 15 Sub Part B: 2002, EN55022: 1994+A1&A2, EN55024, ICES-003 1997, CISPR22 Level A
