Hardware Security Modules (HSMs)

Hardware Security Modules (HSMs)

What is a Hardware Security Module? (HSM)

A Hardware Security Module (HSM) is a physical security device that can securely store and protect the digital keys to a business’s or organization’s critical information using internal cryptographic processes.

HSMs do many cryptographic computations within the physical device itself such as key generation and key management; all while encrypting these processes. Specialized, tested, and approved hardware designed specifically for cryptography and immune to unwanted viruses and malware creates a secure network within the HSM. Because an HSM can carry out these processes within the device itself, they do not need to outsource their operations from another computer or server. Maintaining these processes within the hardware of the device further mitigates security risks.

The concealed nature of HSMs is taken a step further with their tamper resistance, which makes the devices’ digital secrets virtually inaccessible through physical attacks. By securing the digital keys within an HSM, access to important information such as transactions and identities can be safely distributed and secured within a certain organization.

 

Why you need an HSM

Our world becomes more and more digitally connected. As enterprise data becomes digitized, the prominance of cyberattacks increases. These attacks are avoidable with digital security measures. HSMs offer an incredibly secure solution for enterprises who wish to keep their identities, documents, paymetnts, and other information private. If your company transfers sensitive data, it may be in your best interest to invest in digital security measures.

EngageBlack Products

Certificate Authority
Ethernet Encryption
Circuit Encryption

EngageBlack Products

Certificate Authority
Ethernet Encryption
Circuit Encryption

What is a Hardware Security Module? (HSM)

A Hardware Security Module (HSM) is a physical security device that can securely store and protect the digital keys to a business’s or organization’s critical information using internal cryptographic processes.

HSMs do many cryptographic computations within the physical device itself such as key generation and key management; all while encrypting these processes. Specialized, tested, and approved hardware designed specifically for cryptography and immune to unwanted viruses and malware creates a secure network within the HSM. Because an HSM can carry out these processes within the device itself, they do not need to outsource their operations from another computer or server. Maintaining these processes within the hardware of the device further mitigates security risks.

The concealed nature of HSMs is taken a step further with their tamper resistance, which makes the devices’ digital secrets virtually inaccessible through physical attacks. By securing the digital keys within an HSM, access to important information such as transactions and identities can be safely distributed and secured within a certain organization.

 

Why you need an HSM

Our world becomes more and more digitally connected. As enterprise data becomes digitized, the prominance of cyberattacks increases. These attacks are avoidable with digital security measures. HSMs offer an incredibly secure solution for enterprises who wish to keep their identities, documents, paymetnts, and other information private. If your company transfers sensitive data, it may be in your best interest to invest in digital security measures.

BlackVault Hardware Security Platform

 

  • Maintain FIPS 140-2 Level 3 security and have a full range of applications and capabilities

  • Perform Key Management, Cryptography, and Certificate Creation

  • Utilize AES, RSA EC, and DSA key types.

  • Sign using various hashes including but not limited to SHA256, SHA384, and SHA512.

  • Easily integrates into a variety of applications, supporting numerous crypto APIs including PKCS#11, Java (JCE) and Microsoft CAPI / CNG, across a variety of operating systems. 
BlackVault HSM (Hardware Security Module) Touchscreen FIPS 140-2 Level 3
BlackVault HSM (TouchScreen)

General Purpose FIPS 140-2 Level 3 Hardware Security Module

  • Networked and off-line operation with ethernet and USB ports
  • Integrated touchscreen display
  • Security, compliance, and ease of use paramount
  • Tamper reactive silicon die shield
  • Embeddable form factor
  • Fully redundant cababilities

DIMENSIONS

4"(L) x 6"(W) x 1"(H)

BlackVault HSM.TAC (Hardware Security Module) FIPS 140-2 Level 3
BlackVault HSM.TAC

Tactically deployable model allows a fully secure, turnkey solution while avoiding the size, wieght and power consumption of traditional HSMs

  • Rugged
  • Small Form Factor 
  • Extended Temperature Range
  • Wide array of tactical infrastructure use cases

DIMENSIONS

4"(L) x 6"(W) x 1"(H)

BlackVault HSM.RAS (Hardware Security Module) FIPS 140-2 Level 3
BlackVault HSM.RAS

Affordable commercial grade model with an integrated Smart Card reader that utilizes an extruded aluminum case for secure mounting

  • Compact form factor
  • Smart card reader
  • Tamper reactive silicon die shield 
  • Long battery life

DIMENSIONS

4"(L) x 6"(W) x 1"(H)

BlackVault HSM Overview

 

The BlackVault Hardware Security Module (HSM) is a network attached general purpose FIPS 140-2 Level 3 HSM with unique functionality making authentication, security, compliance, and ease of use paramount.

Public Key Cryptography for generating and protecting public and private keys.

 

Powerful Features
Its powerful features include a compact form factor, smart card reader, integrated touch screen color display, tamper reactive silicon die shield, long battery life, networked and off-line operation with Ethernet and USB ports, and much more.

 

BV Tool
Is a Powerful, easy to use, PKCS#11 CLI tool able to perform many different cryptographic operations that comes with every BlackVault HSM and works on Windows/Linux/MacOS both physical and virtualized. Some of the functions are:

Key Management

• Create Keys

• Delete Keys

• Key Import/Export 
Wrap/Unwrap

 

Create Certificates

• CSRs

• Certificates

• Self-Signed Certificates

 

 As Well as...

• Sign/Verify Files

• Encrypt/Decrypt Files

 

Able to utilize AES, RSA EC, and DSA key types. Sign using various hashes including but not limited to SHA256, SHA384, and SHA512.

 

Easy to Integrate

BlackVault easily integrates into a variety of applications, supporting numerous crypto APIs including PKCS#11, Java (JCE) and Microsoft CAPI / CNG, across a variety of operating systems.

SDK comes with a purchase of an HSM designed to help you integrate your application with the BlackVault through its PKCS#11 interface.

- Includes example code of Python and C++


Simple easy to use integration guides with step by step walkthroughs to get you up and running with a variety of applications including: 

• Authenticode

• Eclipse

• Android Dev Studio

• Java

• Microsoft Active Directory Certificate Services 

 

Portable / Embeddable Form Factor
Its compact “hard drive” form-factor and redundant, battery-backed, solid state key storage allow BlackVault to be moved to a secure room or safe without loss or compromise of root keys or other cryptographic material. Its small form factor with USB connection and power also supports mounting BlackVault within application servers and other compact environments.

 

Trusted Path Authentication
The intuitive touch screen display with randomized keypad provides a certified trust path for configuration, PIN entry, and backup operations. This eliminates the risk of compromise from intermediary software or devices.

In addition, the integrated smart card reader facilitates two-factor authentication, and advanced “M of N” Quorum approval.  This ensures that no single individual can authorize administrative or operational actions.

 

Real Time Audits

Constantly updated configuration and operation information provide Security Administrators with the data to discover anomalous activity or failure of critical functions. Audit information can be sent to a trusted entity and is protected to prevent unauthorized access, modification, or deletion.

 

Military Grade Tamper Reactive
BlackVault cryptographic boundary is within the silicon of its secure CPU. This silicon die shield has dynamic fault detection with real-time environmental and tamper detection circuitry. It also avoids inadvertent tamper, making the BlackVault safe to transport. When a tamper event is detected, the Cryptographic keys are zeroized (deleted).

 

Ideal for Many Applications

The BlackVault is an independently certified standards based network attached hsm (hardware security module) that performs key management and cryptographic operations for enterprises, certificate authorities, government, and a growing list of organizations requiring strong security for PKI, digital certificates, code signing, document signing, cryptographic key storage, data encryption, key generation and regulatory compliance in cloud companion, networked and off-line (air-gap) operations.

 
BlackVault HSM Overview

 

The BlackVault Hardware Security Module (HSM) is a network attached general purpose FIPS 140-2 Level 3 HSM with unique functionality making authentication, security, compliance, and ease of use paramount.

Public Key Cryptography for generating and protecting public and private keys.

 

Powerful Features
Its powerful features include a compact form factor, smart card reader, integrated touch screen color display, tamper reactive silicon die shield, long battery life, networked and off-line operation with Ethernet and USB ports, and much more.

 

BV Tool
Is a Powerful, easy to use, PKCS#11 CLI tool able to perform many different cryptographic operations that comes with every BlackVault HSM and works on Windows/Linux/MacOS both physical and virtualized. Some of the functions are:

Key Management

• Create Keys

• Delete Keys

• Key Import/Export 
Wrap/Unwrap

 

Create Certificates

• CSRs

• Certificates

• Self-Signed Certificates

 

 As Well as...

• Sign/Verify Files

• Encrypt/Decrypt Files

 

Able to utilize AES, RSA EC, and DSA key types. Sign using various hashes including but not limited to SHA256, SHA384, and SHA512.

 

Easy to Integrate

BlackVault easily integrates into a variety of applications, supporting numerous crypto APIs including PKCS#11, Java (JCE) and Microsoft CAPI / CNG, across a variety of operating systems.

SDK comes with a purchase of an HSM designed to help you integrate your application with the BlackVault through its PKCS#11 interface.

- Includes example code of Python and C++


Simple easy to use integration guides with step by step walkthroughs to get you up and running with a variety of applications including: 

• Authenticode

• Eclipse

• Android Dev Studio

• Java

• Microsoft Active Directory Certificate Services 

 

Portable / Embeddable Form Factor
Its compact “hard drive” form-factor and redundant, battery-backed, solid state key storage allow BlackVault to be moved to a secure room or safe without loss or compromise of root keys or other cryptographic material. Its small form factor with USB connection and power also supports mounting BlackVault within application servers and other compact environments.

 

Trusted Path Authentication
The intuitive touch screen display with randomized keypad provides a certified trust path for configuration, PIN entry, and backup operations. This eliminates the risk of compromise from intermediary software or devices.

In addition, the integrated smart card reader facilitates two-factor authentication, and advanced “M of N” Quorum approval.  This ensures that no single individual can authorize administrative or operational actions.

 

Real Time Audits

Constantly updated configuration and operation information provide Security Administrators with the data to discover anomalous activity or failure of critical functions. Audit information can be sent to a trusted entity and is protected to prevent unauthorized access, modification, or deletion.

 

Military Grade Tamper Reactive
BlackVault cryptographic boundary is within the silicon of its secure CPU. This silicon die shield has dynamic fault detection with real-time environmental and tamper detection circuitry. It also avoids inadvertent tamper, making the BlackVault safe to transport. When a tamper event is detected, the Cryptographic keys are zeroized (deleted).

 

Ideal for Many Applications

The BlackVault is an independently certified standards based network attached hsm (hardware security module) that performs key management and cryptographic operations for enterprises, certificate authorities, government, and a growing list of organizations requiring strong security for PKI, digital certificates, code signing, document signing, cryptographic key storage, data encryption, key generation and regulatory compliance in cloud companion, networked and off-line (air-gap) operations.

 

Engage Black Product Inquiry

If you would like to know more about Engage Black Products, fill in this form. We will get back to you as soon as possible

Which product(s) are you interested in?
Would you like the User Manual?

Engage logo 990000 rev 2.000
9565 Soquel Drive Dr,
Aptos, CA 95003
 
Telephone: +1-831-688-1021
Toll Free : +1-877-ENGAGE4
Designed, Fabricated, and Assembled
in America icon
Supported Worldwide

© 1989-2019 Engage Communication, Inc. All Rights Reserved.