Hardware Security Modules (HSMs)
Hardware Security Modules (HSMs)
What is a Hardware Security Module? (HSM)
A Hardware Security Module (HSM) is a physical security device that can securely store and protect the digital keys to a business’s or organization’s critical information using internal cryptographic processes.
HSMs do many cryptographic computations within the physical device itself such as key generation and key management; all while encrypting these processes. Specialized, tested, and approved hardware designed specifically for cryptography and immune to unwanted viruses and malware creates a secure network within the HSM. Because an HSM can carry out these processes within the device itself, they do not need to outsource their operations from another computer or server. Maintaining these processes within the hardware of the device further mitigates security risks.
The concealed nature of HSMs is taken a step further with their tamper resistance, which makes the devices’ digital secrets virtually inaccessible through physical attacks. By securing the digital keys within an HSM, access to important information such as transactions and identities can be safely distributed and secured within a certain organization.
Why you need an HSM
Our world becomes more and more digitally connected. As enterprise data becomes digitized, the prominance of cyberattacks increases. These attacks are avoidable with digital security measures. HSMs offer an incredibly secure solution for enterprises who wish to keep their identities, documents, paymetnts, and other information private. If your company transfers sensitive data, it may be in your best interest to invest in digital security measures.
EngageBlack Products
EngageBlack Products
What is a Hardware Security Module? (HSM)
A Hardware Security Module (HSM) is a physical security device that can securely store and protect the digital keys to a business’s or organization’s critical information using internal cryptographic processes.
HSMs do many cryptographic computations within the physical device itself such as key generation and key management; all while encrypting these processes. Specialized, tested, and approved hardware designed specifically for cryptography and immune to unwanted viruses and malware creates a secure network within the HSM. Because an HSM can carry out these processes within the device itself, they do not need to outsource their operations from another computer or server. Maintaining these processes within the hardware of the device further mitigates security risks.
The concealed nature of HSMs is taken a step further with their tamper resistance, which makes the devices’ digital secrets virtually inaccessible through physical attacks. By securing the digital keys within an HSM, access to important information such as transactions and identities can be safely distributed and secured within a certain organization.
Why you need an HSM
Our world becomes more and more digitally connected. As enterprise data becomes digitized, the prominence of cyberattacks increases. These attacks are avoidable with digital security measures. HSMs offer an incredibly secure solution for enterprises who wish to keep their identities, documents, payments, and other information private. If your company transfers sensitive data, it may be in your best interest to invest in digital security measures.
BlackVault Hardware Security Platform
- Maintain FIPS 140-2 Level 3 security and have a full range of applications and capabilities
- Perform Key Management, Cryptography, and Certificate Creation
- Utilize AES, RSA EC, and DSA key types.
- Sign using various hashes including but not limited to SHA256, SHA384, and SHA512.
- Easily integrates into a variety of applications, supporting numerous crypto APIs including PKCS#11, Java (JCE) and Microsoft CAPI / CNG, across a variety of operating systems.
BlackVault HSM (TouchScreen)
General Purpose FIPS 140-2 Level 3 Hardware Security Module
- Networked and off-line operation with ethernet and USB ports
- Integrated touchscreen display
- Security, compliance, and ease of use paramount
- Tamper reactive silicon die shield
- Embeddable form factor
- Fully redundant cababilities
DIMENSIONS
4"(L) x 6"(W) x 1"(H)
BlackVault HSM.TAC
Tactically deployable model allows a fully secure, turnkey solution while avoiding the size, wieght and power consumption of traditional HSMs
- Rugged
- Small Form Factor
- Extended Temperature Range
- Wide array of tactical infrastructure use cases
DIMENSIONS
4"(L) x 6"(W) x 1"(H)
BlackVault HSM.RAS
Affordable commercial grade model with an integrated Smart Card reader that utilizes an extruded aluminum case for secure mounting
- Compact form factor
- Smart card reader
- Tamper reactive silicon die shield
- Long battery life
DIMENSIONS
4"(L) x 6"(W) x 1"(H)
BlackVault Accessories
BlackVault Accessories
Security Lock Cable
Rack Mounted Locking Drawer
Integration Guides
Integration Guides
Red Hat Certificate System Integration Guide
Microsoft Certificate Authority Integration Guide
ISC's CertAgent Certificate Authority Integration Guide
Red Hat Certificate System Integration Guide
Microsoft Certificate Authority Integration Guide
ISC's CertAgent Certificate Authority Integration Guide
EJBCA Integration Guide
Java Jar Integration Guide
Watchguard Integration Guide
EJBCA Integration Guide
Java Jar Integration Guide
Watchguard Integration Guide
Authenticode Integration Guide
Android Dev Studio Integration Guide
Eclipse Integration Guide
Authenticode Integration Guide
Android Dev Studio Integration Guide
Eclipse Integration Guide
BlackVault HSM Overview
The BlackVault Hardware Security Module (HSM) is a network attached general purpose FIPS 140-2 Level 3 HSM with unique functionality making authentication, security, compliance, and ease of use paramount. Public Key Cryptography for generating and protecting public and private keys. |
Powerful Features
Its powerful features include a compact form factor, smart card reader, integrated touch screen color display, tamper reactive silicon die shield, long battery life, networked and off-line operation with Ethernet and USB ports, and much more.
BV Tool
Is a Powerful, easy to use, PKCS#11 CLI tool able to perform many different cryptographic operations that comes with every BlackVault HSM and works on Windows/Linux/MacOS both physical and virtualized. Some of the functions are:
Key Management • Create Keys • Delete Keys • Key Import/Export | Create Certificates • CSRs • Certificates • Self-Signed Certificates |
As Well as... • Sign/Verify Files • Encrypt/Decrypt Files |
Able to utilize AES, RSA EC, and DSA key types. Sign using various hashes including but not limited to SHA256, SHA384, and SHA512.
Easy to Integrate
BlackVault easily integrates into a variety of applications, supporting numerous crypto APIs including PKCS#11, Java (JCE) and Microsoft CAPI / CNG, across a variety of operating systems.
A SDK comes with a purchase of an HSM designed to help you integrate your application with the BlackVault through its PKCS#11 interface.
- Includes example code of Python and C++
Simple easy to use integration guides with step by step walkthroughs to get you up and running with a variety of applications including:
• Authenticode • Eclipse • Android Dev Studio • Java • Microsoft Active Directory Certificate Services |
Portable / Embeddable Form Factor
Its compact “hard drive” form-factor and redundant, battery-backed, solid state key storage allow BlackVault to be moved to a secure room or safe without loss or compromise of root keys or other cryptographic material. Its small form factor with USB connection and power also supports mounting BlackVault within application servers and other compact environments.
Trusted Path Authentication In addition, the integrated smart card reader facilitates two-factor authentication, and advanced “M of N” Quorum approval. This ensures that no single individual can authorize administrative or operational actions.
Real Time Audits Constantly updated configuration and operation information provide Security Administrators with the data to discover anomalous activity or failure of critical functions. Audit information can be sent to a trusted entity and is protected to prevent unauthorized access, modification, or deletion.
Military Grade Tamper Reactive
Ideal for Many Applications The BlackVault is an independently certified standards based network attached hsm (hardware security module) that performs key management and cryptographic operations for enterprises, certificate authorities, government, and a growing list of organizations requiring strong security for PKI, digital certificates, code signing, document signing, cryptographic key storage, data encryption, key generation and regulatory compliance in cloud companion, networked and off-line (air-gap) operations. |
BlackVault HSM Overview
The BlackVault Hardware Security Module (HSM) is a network attached general purpose FIPS 140-2 Level 3 HSM with unique functionality making authentication, security, compliance, and ease of use paramount. Public Key Cryptography for generating and protecting public and private keys. |
Powerful Features
Its powerful features include a compact form factor, smart card reader, integrated touch screen color display, tamper reactive silicon die shield, long battery life, networked and off-line operation with Ethernet and USB ports, and much more.
BV Tool
Is a Powerful, easy to use, PKCS#11 CLI tool able to perform many different cryptographic operations that comes with every BlackVault HSM and works on Windows/Linux/MacOS both physical and virtualized. Some of the functions are:
Key Management • Create Keys • Delete Keys • Key Import/Export | Create Certificates • CSRs • Certificates • Self-Signed Certificates |
As Well as... • Sign/Verify Files • Encrypt/Decrypt Files |
Able to utilize AES, RSA EC, and DSA key types. Sign using various hashes including but not limited to SHA256, SHA384, and SHA512.
Easy to Integrate
BlackVault easily integrates into a variety of applications, supporting numerous crypto APIs including PKCS#11, Java (JCE) and Microsoft CAPI / CNG, across a variety of operating systems.
A SDK comes with a purchase of an HSM designed to help you integrate your application with the BlackVault through its PKCS#11 interface.
- Includes example code of Python and C++
Simple easy to use integration guides with step by step walkthroughs to get you up and running with a variety of applications including:
• Authenticode • Eclipse • Android Dev Studio • Java • Microsoft Active Directory Certificate Services |
Portable / Embeddable Form Factor
Its compact “hard drive” form-factor and redundant, battery-backed, solid state key storage allow BlackVault to be moved to a secure room or safe without loss or compromise of root keys or other cryptographic material. Its small form factor with USB connection and power also supports mounting BlackVault within application servers and other compact environments.
Trusted Path Authentication In addition, the integrated smart card reader facilitates two-factor authentication, and advanced “M of N” Quorum approval. This ensures that no single individual can authorize administrative or operational actions.
Real Time Audits Constantly updated configuration and operation information provide Security Administrators with the data to discover anomalous activity or failure of critical functions. Audit information can be sent to a trusted entity and is protected to prevent unauthorized access, modification, or deletion.
Military Grade Tamper Reactive
Ideal for Many Applications The BlackVault is an independently certified standards based network attached hsm (hardware security module) that performs key management and cryptographic operations for enterprises, certificate authorities, government, and a growing list of organizations requiring strong security for PKI, digital certificates, code signing, document signing, cryptographic key storage, data encryption, key generation and regulatory compliance in cloud companion, networked and off-line (air-gap) operations. |