BlackVault HSM.TAC
BlackVault HSM.TAC
BlackVault HSM.TAC
Tactically Deployable FIPS 140-2 Level 3 Hardware Security Module
- Networked and off-line operation with ethernet and USB ports
- Remote Management
- Extended Temperature Range
- Smart Card Retention Lock
- Security, compliance, and ease of use paramount
- Tamper reactive silicon die shield
- Embeddable form factor
- Fully redundant capabilities
DIMENSIONS
4"(L) x 6"(W) x 1"(H)
Overview
Integrated Smart Card Reader
BlackVault HSM's Smart Card reader connects to industry standard smart cards via PKCS#11.
Two factor authentication (2FA) solutions secure Crypto Officer and Operator access.
Military Grade Tamper Reactive
The Tamper Reactive Die Shield has dynamic fault detection with real time environmental and active tamper detection circuitry. This greatly enhances the security compared to Tamper "Resistant" HSMs by actually performing a Zeroization of the all cryptographic data to assure total protection rather than displaying a tamper event.
Remote Management
Intuitive iconic graphical user interface facilitates straight forward configuration via remote management. The user interface presents Crypto Officers with a sequence of dialog boxes that lead through a series of well-defined steps to initiate the HSM and provision cards and keys.
Portable / Embeddable Form Factor
The compact "hard drive" form-factor and battery backed solid state key storage makes it possible to secure cryptographic keys in an HSM appliance that easily fits in a safe. The small form factor with Ethernet connection also supports mounting the BlackVault HSM within application servers and other compact environments.
APPLICATIONS
The BlackVault HSM is used by commercial and private Certificate Authorities (CAs) and registration authorities (RAs) to generate, store, and manage key pairs.
The BlackVault HSM ensures that the Private key associated with a Certificate's public key is kept private. All cryptographic operations are executed within a 7 year battery backed semiconductor with a tamper reactive die shield.
The BlackVault HSM provides: • Logical and physical protection |
NEW Add-On Software Features
FEATURE: REST API
Engage Black introduces full support for Representational State Transfer (REST) Application Programming Interface (API). The REST API allows a BlackVault HSM operator to request a resource or service through a URL path, these paths contain endpoints that perform an action. Requests and responses are application/json content type and follow the common HTTP response status codes for success and failure.
Integration Made Easy
BlackVault HSM support of the REST API makes integration with external systems and components seamless. Slots are independent User partitions that reside within the BlackVault HSM. Each Slot has its own Data, Access Controls, Security Policies, and are independent from other HSM Slots.
FEATURE: MULTIPLE SEPARATE SLOTS
Slot Access Control
Only those authorized can access cryptographic material they require; each Slot has unique login credentials that can be configured with two factor authentication and M of N. Slot based TLS Client, Server Authentication, and IP Address Whitelisting ensures that the network connection is authorized and secure. This creates flexibility for applications requiring different controls and separate administration access on their cryptographic material.
RS OPTION - FEATURE: MULTIPLE SEPARATE SLOTS TLS Client |
Features
BV Tool
Is a Powerful, easy to use, PKCS#11 CLI tool able to perform many different cryptographic operations that comes with every BlackVault HSM and works on Windows/Linux/MacOS both physical and virtualized. Some of the functions are:.
Key Management • Create Keys • Delete Keys • Key Import/Export | Create Certificates • CSRs • Certificates • Self-Signed Certificates |
As Well as... • Sign/Verify Files • Encrypt/Decrypt Files |
Able to utilize AES, RSA EC, and DSA key types. Sign using various hashes including but not limited to SHA256, SHA384, and SHA512.
Easy to Integrate
The BlackVault easily integrates into a variety of applications, supporting numerous crypto APIs including PKCS#11, Java (JCE) and Microsoft CAPI / CNG, across a variety of operating systems.
A SDK comes with a purchase of an HSM designed to help you integrate your application with the BlackVault through its PKCS#11 interface.
- Includes example code of Python and C++
Simple easy to use integration guides with step by step walkthroughs to get you up and running with a variety of applications including:
• Authenticode • Eclipse • Android Dev Studio • Java • Microsoft Active Directory Certificate Services |
Remote BlackVault Graphical User Interface (BVGUI)
An Integrated GUI application with an intuitive menu provides administrators with a certified Trust Path for configuration and PIN entry.
Two-factor authentication and administrator roles with M of N prevents unauthorized access to critical security parameters.
Military Grade Tamper Reactive
The Tamper Reactive Die Shield has dynamic fault detection with real time environmental and active tamper detection circuitry. This greatly enhances the security compared to Tamper "Resistant" HSMs by actually performing a Zeroization of the all cryptographic data to assure total protection rather than displaying a tamper event.
Specifications
Certification
• FIPS 140-2 Level 3
LAN Network Interface
• 10/100 Ethernet with Transport Layer Security (TLS) and Optional SFP
Terminal Interfaces
• USB 2.0 Type A
Supported Operating Systems
• Physical: Windows, Linux, Ubuntu, CentOS, and RedHat
• VMWare: Windows and Linux
Application Program Interfaces (APIs)
• PCKS#11, Java (JCE), Microsoft CAPI / CNG
• REST* (RS OPTION)
Management
• KMIP Key Management Protocol option
• Intuitive Application Graphical User (BVGUI) Interface to access and manage the device
• Command Line Interface (CLI)
• Syslog Logging
• SNMPv3 Monitoring and Traps
• Multi-level Access Control ("M of N")
• Multiple Separate Slots for Access Control* (RS OPTION)
Quantum Key Distribution
• ETSI GS QKD
Cryptography
• Supports Quantum Keys
• Post-Quantum TLS
• Asymmetric public key algorithms:
- RSA (1024, 2048, 4096)
- Diffie-Hellman ECDH, DSA, ECDSA
• Symmetric algorithm: AES 128, 192, 256
• Hash/message digest: SHA-2 (224, 256, 384, 512bit)
• Full Suite B implementation with Elliptic Curve Cryptography (ECC)
• NIST SP 800-90 compliant DRBG
Physical Characteristics
• Portable/Handheld (Server Hard Drive Mechanics)
• Front and Rear Mounting Holes
• Smart Card Reader
• Smart Card Retention Lock
• Dimensions 102 x 153 x 26 mm (4 x 6 x 1in)
• Weight: 454g (1lb)
• Temperature: operating -10 to 60°C, storage -20 to 70°C
• Humidity: operating 10 to 90% storage 0 to 95%
Environmental Compliance
• UL, CE, FCC
• RoHS
Power
• DB9 Connector: Dual Hot Standby 5 to 30 VDC
• Power consumption: 4 W
BlackVault Hardware Security Platform
- Maintain FIPS 140-2 Level 3 security and have a full range of applications and capabilities
- Perform Key Management, Cryptography, and Certificate Creation
- Utilize AES, RSA EC, and DSA key types.
- Sign using various hashes including but not limited to SHA256, SHA384, and SHA512.
- Easily integrates into a variety of applications, supporting numerous crypto APIs including PKCS#11, Java (JCE) and Microsoft CAPI / CNG, across a variety of operating systems.
BlackVault Accessories
BlackVault Accessories
Security Lock Cable
Rack Mounted Locking Drawer
Integration Guides
Integration Guides
Red Hat Certificate System Integration Guide
Microsoft Certificate Authority Integration Guide
ISC's CertAgent Certificate Authority Integration Guide
Red Hat Certificate System Integration Guide
Microsoft Certificate Authority Integration Guide
ISC's CertAgent Certificate Authority Integration Guide
EJBCA Integration Guide
Java Jar Integration Guide
Watchguard Integration Guide
EJBCA Integration Guide
Java Jar Integration Guide
Watchguard Integration Guide
Authenticode Integration Guide
Android Dev Studio Integration Guide
Eclipse Integration Guide
Authenticode Integration Guide
Android Dev Studio Integration Guide
Eclipse Integration Guide