BlackVault HSM

BlackVault HSM

BlackVault HSM TouchScreen
BlackVault HSM

General Purpose FIPS 140-2 Level 3 Hardware Security Module

  • Networked and off-line operation with ethernet and USB ports
  • Security, compliance, and ease of use paramount
  • Tamper reactive silicon die shield
  • Embeddable form factor
  • Fully redundant cababilities

DIMENSIONS

4"(L) x 6"(W) x 1"(H)

Overview

Integrated Smart Card Reader

BlackVault HSM's Smart Card reader connects to industry standard smart cards via PKCS#11.
Two factor authentication (2FA) solutions secure Crypto Officer and Operator access.

Image
Image

Military Grade Tamper Reactive

The Tamper Reactive Die Shield has dynamic fault detection with real time environmental and active tamper detection circuitry. This greatly enhances the security compared to Tamper "Resistant" HSMs by actually performing a Zeroization of the all cryptographic data to assure total protection rather than displaying a tamper event.

Image

Integrated Trust Path Authentication

An Integrated Touch Screen display with an intuitive menu provides administrators with a certified Trust Path for configuration and PIN entry.

Image
Image

Portable / Embeddable Form Factor

The compact "hard drive" form-factor and battery backed solid state key storage makes it possible to secure cryptographic keys in an HSM appliance that easily fits in a safe. The small form factor with Ethernet connection also supports mounting the BlackVault HSM within application servers and other compact environments.

APPLICATIONS

PKI - Digital Certificates

The BlackVault HSM is used by commercial and private Certificate Authorities (CAs) and registration authorities (RAs) to generate, store, and manage key pairs.

The BlackVault HSM ensures that the Private key associated with a Certificate's public key is kept private. All cryptographic operations are executed within a 7 year battery backed semiconductor with a tamper reactive die shield.

CA connected to HSM      

 The BlackVault HSM provides:

    • Logical and physical protection
    • Multi-factor user authorization
    • Full audit and log traces
    • Secure key backup

BlackVault HSM CA integrations
Database Encryption
Code and Document Signing
IOT Device Credentials
BlackVault QKF Diagram

NEW Add-On Software Features

FEATURE: REST API

Engage Black introduces full support for Representational State Transfer (REST) Application Programming Interface (API). The REST API allows a BlackVault HSM operator to request a resource or service through a URL path, these paths contain endpoints that perform an action. Requests and responses are application/json content type and follow the common HTTP response status codes for success and failure.

REST API

Integration Made Easy
BlackVault HSM support of the REST API makes integration with external systems and components seamless. Slots are independent User partitions that reside within the BlackVault HSM. Each Slot has its own Data, Access Controls, Security Policies, and are independent from other HSM Slots.

FEATURE: MULTIPLE SEPARATE SLOTS

Slot Access Control
Only those authorized can access cryptographic material they require; each Slot has unique login credentials that can be configured with two factor authentication and M of N. Slot based TLS Client, Server Authentication, and IP Address Whitelisting ensures that the network connection is authorized and secure. This creates flexibility for applications requiring different controls and separate administration access on their cryptographic material.

Slots Infographic [900px].jpg RS OPTION - FEATURE: MULTIPLE SEPARATE SLOTS
TLS Client 

Features

BV Tool

BV Tool

Is a Powerful, easy to use, PKCS#11 CLI tool able to perform many different cryptographic operations that comes with every BlackVault HSM and works on Windows/Linux/MacOS both physical and virtualized. Some of the functions are:.

Key Management

• Create Keys

• Delete Keys

• Key Import/Export 
Wrap/Unwrap

 

Create Certificates

• CSRs

• Certificates

• Self-Signed Certificates

 As Well as...

• Sign/Verify Files

 Encrypt/Decrypt Files

Able to utilize AES, RSA EC, and DSA key types. Sign using various hashes including but not limited to SHA256, SHA384, and SHA512.

Easy to Integrate

BlackVault easily integrates into a variety of applications, supporting numerous crypto APIs including PKCS#11, Java (JCE) and Microsoft CAPI / CNG, across a variety of operating systems.

 

SDK comes with a purchase of an HSM designed to help you integrate your application with the BlackVault through its PKCS#11 interface.

- Includes example code of Python and C++

Simple easy to use integration guides with step by step walkthroughs to get you up and running with a variety of applications including: 

 Authenticode

 Eclipse

 Android Dev Studio

 Java

 Microsoft Active Directory Certificate Services 

          

Image

Touch Screen Graphical User Interface

An Integrated Touch Screen display with an intuitive menu provides administrators with a certified Trust Path for configuration and PIN entry.

Two-factor authentication and administrator roles with M of N prevents unauthorized access to critical security parameters.

Military Grade Tamper Reactive

The Tamper Reactive Die Shield has dynamic fault detection with real time environmental and active tamper detection circuitry. This greatly enhances the security compared to Tamper "Resistant" HSMs by actually performing a Zeroization of the all cryptographic data to assure total protection rather than displaying a tamper event.

Image

Specifications

Certification

• FIPS 140-2 Level 3

LAN Network Interface

• 10/100 Ethernet with Transport Layer Security (TLS) and Optional SFP

Terminal Interfaces

• USB 2.0 Type A

Supported Operating Systems

• Physical: Windows, Linux, Ubuntu, CentOS, and RedHat
• VMWare: Windows and Linux

Application Program Interfaces (APIs)

• PCKS#11, Java (JCE), Microsoft CAPI / CNG
• REST* (RS OPTION)

Management

• KMIP Key Management Protocol option
• Intuitive Touch Screen Graphical User Interface to access and manage the device
• Command Line Interface (CLI)
• Syslog Logging
• SNMPv3 Monitoring and Traps
• Multi-level Access Control ("M of N")
• Multiple Separate Slots for Access Control* (RS OPTION)

Quantum Key Distribution

• ETSI GS QKD

Cryptography

• Supports Quantum Keys
• Post-Quantum TLS
• Asymmetric public key algorithms:
   - RSA (1024, 2048, 4096)
   - Diffie-Hellman ECDH, DSA, ECDSA
• Symmetric algorithm: AES 128, 192, 256
• Hash/message digest: SHA-2 (224, 256, 384, 512bit)
• Full Suite B implementation with Elliptic Curve Cryptography (ECC)
• NIST SP 800-90 compliant DRBG

Physical Characteristics

• Portable/Handheld (Server Hard Drive Mechanics)
• Laptop Security Lock Slot
• Smart Card Reader
• Dimensions 102 x 153 x 26 mm (4 x 6 x 1in)
• Weight: 454g (1lb)
• Temperature: operating 0 to 50°C, storage -20 to 60°C
• Humidity: operating 10 to 90% storage 0 to 95%

Environmental Compliance

• UL, CE, FCC
• RoHS

Power

• DB9 Connector: Dual Hot Standby 5 to 30 VDC
• Power consumption: 4 W

BlackVault Hardware Security Platform

 

  • Maintain FIPS 140-2 Level 3 security and have a full range of applications and capabilities

  • Perform Key Management, Cryptography, and Certificate Creation

  • Utilize AES, RSA EC, and DSA key types.

  • Sign using various hashes including but not limited to SHA256, SHA384, and SHA512.

  • Easily integrates into a variety of applications, supporting numerous crypto APIs including PKCS#11, Java (JCE) and Microsoft CAPI / CNG, across a variety of operating systems. 
BlackVault Accessories

BlackVault Accessories

Security Lock Cable

BlackVault HSM.TAC (Hardware Security Module) FIPS 140-2 Level 3

Rack Mounted Locking Drawer

BlackVault HSM.TAC (Hardware Security Module) FIPS 140-2 Level 3

Integration Guides

Integration Guides

Red Hat Certificate System Integration Guide

Microsoft Certificate Authority Integration Guide

ISC's CertAgent Certificate Authority Integration Guide

Red Hat Certificate System Integration Guide

Microsoft Certificate Authority Integration Guide

ISC's CertAgent Certificate Authority Integration Guide

EJBCA Integration Guide

Java Jar Integration Guide

Watchguard Integration Guide

EJBCA Integration Guide

Java Jar Integration Guide

Watchguard Integration Guide

Authenticode Integration Guide

Android Dev Studio Integration Guide

Eclipse Integration Guide

Authenticode Integration Guide

Android Dev Studio Integration Guide

Eclipse Integration Guide

So What’s Next?

WE’RE READY!

Engage logo 990000 rev 2.000
9565 Soquel Drive Dr,
Aptos, CA 95003
 
Telephone: +1-831-688-1021
Toll Free : +1-877-ENGAGE4
Designed, Fabricated, and Assembled
in America icon
Supported Worldwide