Hardware tools

Creating a robust cryptographic system is almost impossible without the use of hardware security modules or key carriers. Any cryptographic system involves the use of certain key information, but if the key is protected by a password only and stored on a file system, then there is always a threat to the successful implementation of the "dictionary" or some other brute-force attack on the password. Therefore, entirely software systems should not be considered sufficiently secure to protect a really sensitive information.

The semi-passive key carriers provide the minimum level of protection against these attacks. They verify passwords and limit the number of invalid authentication attempts by hardware. The active key carriers provide the next level of security. They independently implement the random generation of secret keys and any calculations with the secrete keys application directly in memory of the carrier, i.e. the secret keys never go beyond the carrier. The hardware security modules, in addition to the above mentioned functions, also provide some business specific processing of calculations requests directly in HSM's protected memory.

Our team has rich experience in the development and use of both active and passive hardware key carriers, as well as the development of specialized security modules. This section presents our developments in the area of cryptographic hardware:

Hardware Security Module «mcToken»

Hardware Security Module (HSM) is designed for secure generation, keeping and usage of the system secret keys in the smart cards' life-cycle supporting systems and other personalized cryptographic media supporting systems. The module is equipped with a true random number generator based on the physical noise process, and also provides flexibility of the custom business logic definition for the keys transmitting and processing.

A Hierarchical System of Security Access Modules «SAM Hierarchy»

The hardware-software system of the generation and hierarchical distribution of secret keys between security modules (SAM or HSM) of various functional applications. The system can be used to provide the secure support of the full life-cycle of smart cards (or tokens) in the large-scale projects with multiple geographically-distributed service points. System supports separation of the functional roles of operators working with HSM/SAM.

The Network Security Device «IP-Encryptor»

IP-encryptor is intended for protection of a corporate network infrastructure with geographically distributed offices. The encryptor has a hardware true random generator for session keys generation and a hardware accelerator of AES-256 encryption algorithm and SHA-256 hash function. It performs the whole IP-traffic encryption and authentication, protects private networks from external attacks by the firewall and IDS modules, supports scalability of the network services.

The Active Key Carrier «GOST Key Keeper»

Hardware-software solution for secure generation, reservation and usage of the long-term keys of the GOST 28147-89 symmetric encryption and authentication algorithm. It can be integrated as an active key carrier (AKC) to such systems as: storage encryption, secure communications, dynamic authentication and logical access control. The AKC also supports the DSTU 4145-2002 digital signature algorithm and the shared secret key derivation on it's base.

All our experience of creation the security hardware can be used in your project!