본문 바로가기

nCipher HSM (Thales-HSM )

Thales Datacryptor Ethernet Layer 2 / PayShield 9000

Thales Datacryptor Ethernet Layer 2


네트워크의 Latency와 Bandwidth Loss를 최소화한 강력한 네트워크 구간 암호화 장비

Datacryptor Ethernet Layer 2는 중요한 데이터의 Point-to-point bulk, Tunnel 그리고 Clear header 암호화 전송을 제공하는

고속의 독립 보안 플랫폼입니다. Multipoint 옵션을 사용하여 충돌 영역에서도 안전한 메시 네트워트 환경을 지원합니다.

Clear header 암호화 모드를 사용한 Multipoint 옵션은 브로드 캐스트 및 멀티 캐스트 연결을 보호하여 중요하고 민감한 데이터,

음성 및 비디오의 안전한 전송을 보장합니다. 소프트웨어 라이센스로 제공되는 Multipoint 기능과 같이, Ethernet Layer2 와

MPLS WAN 환경에서 높은 속도의 Fully-meshed 데이터 보안을 위한 시장의 요구사항에 맞춰서 100Mbps, 1Gbps 그리고

10Gbps 모델에 대한 업그레이드를 소프트웨어 라이센스를 통하여 할 수 있습니다.


Maximum data transfer rate

  • 100 Mbps full duplex with 37-40 µsec latency
  • 1 Gbps full duplex with 7 µsec latency
  • 10 Gbps full duplex with 5 µsec latency


Cryptographic algorithms

  • AES FIPS 197 with 256-bit key length
  • Frame authenthication in multipoint mode using Galois Counter Mode(GCM)


Key management

  • Centralized key generation/distribution
  • Signed Diffie-Hellman key agreement protocol
  • ECDSA and SHA-384 (FIPS 180-2)
  • X.509 v1 and v3 certificates
  • Hardware random number generation
  • Automatic-time triggered key chaege without interruption of connections


Device management

  • Thales’ Element Manager (EM) secured with AES
  • Front Panel Viewer (FPV) Graphical User Interface
  • X.509 v1 and v3 digital certificate support
  • PPP protocol (serial V.24) or IP (10/100BaseT RJ-45 Ethernet)
  • Secure download of software updates
  • SNMP v1, v2c and v3 network monitoring
  • Thales’ Certificate Manager (CM)


Connection interfaces


100 Mbps platform

  • Fixed RJ-45 copper 10 or 100BaseT host and network ports
  • Serial V.24 and Ethernet management ports


1 Gbps platform

  • Removable RJ-45 copper (SFP) host/network ports
  • Removable mulit-rage and DWDM optical 9SFP) duplex LC host/network ports
  • Serial V.24 and Ethernet management ports


10 Gbps platform

  • Removable mulit-range and DWDM optical (XFP) host/network ports
  • Serial V.24 and Ethernet management ports


Flexibility

  • Bulk, Tunnel and Clear Header point-to-point encryption
  • Clear Header multipoint encryption
  • Transparent to line protocols
  • MPLS-awareness mode
  • AC and DC redundant power options
  • Redundant power (1 Gbps and 10 Gbps models only)
  • Secure auditing


Synchronization

  • Automatic, continuous


Physical security

  • Tamper-resistant metal casing
  • Tamper-response circuit


Safety and security certifications

  • FIPS 140-2 Level 3 and Common Criteria EAL3*
  • FCC Part 15 Class B, UL, CE
  • Unified Capabilities Approved Products List*


Power


100 Mbps platform

  • Single AC (universal) or DC (-48v), 25 Watts, 86 BTU

1 Gbps platform

  • Dual-redundant AC (universal) or DC (-48v), 120 Watt, 410 BTU

10 Gbps platform

  • Dual-redundant AC (universal) or DC (-48v), 140 Watt, 480 BTU


Temperature

  • Operating 5°C to 40°C (40°F to 100°F)
  • Storage -10°C to 60°C (15°F to 140°F)


Relative humidity

  • 10% to 90% at 25°C(77°F) non-condensing, falling to 50% maximum at 40°C (100°F)


Barometric pressure

  • 780 to 1100 mBar


Physical specifications

100 Mbps platform

  • 19", 1RU housing
  • Height: 4.20cm (1.70")
  • Width: 43.00cm (16.93")
  • Depth: 22.30cm (8.80")
  • Weight: 3.70kg (8.00lb)

1 Gbps platform

  • 19", 1RU housing
  • Height: 4.40cm (1.70")
  • Width: 43.00cm (16.93")
  • Depth: 37.00cm (14.60")
  • Weight: 8.50kg (18.75lb)

10 Gbps platform

  • 19", 2RU housing
  • Height: 8.80cm (3.50")
  • Width: 43.00cm (16.93")
  • Depth: 38.50cm (15.20")
  • Weight: 9.75kg (21.50lb)






Thales PayShield 9000

지불결제 시장 점유율 1위 하드웨어 보안 모듈

탈레스 payShield 9000은 자동인출기(ATM)와 POS(Point of Sale)의 신용카드 및 직불카드의 발급 및 거래에 필요한 암호화 기능을 

제공하는 지불결제 전용 하드웨어 보안 모듈입니다. 

암호화 기능과 관리 기능은 American Express, Discover, JCB, MasterCard, UnionPay 그리고 Visa를 포함하는 주요 국제 카드 표준의 

보안 감사 요구사항을 만족합니다.  이 장비는 전자 지불 산업의 카드 발급, 모바일 프로비저닝과 지불결재 프로세싱 응용 

소프트웨어가 동작하는 메인프레임과 서버에 외부 주변 장치로 사용됩니다. 




Key management standards supported 

  • Thales Key Block support (compliant with ANSI X9.24; superset of X9 TR-31) 
  • X9 TR-31 Key Block support 
  • RSA Remote Key Transport
  • DUKPT
  • Master/Session Key Scheme 
  • Racal Transaction Key Scheme 
  • AS2805 support 


Cryptographic algorithms supported 

  • DES and Triple-DES key lengths 112 bit, 168 bit 
  • AES key lengths 128 bit, 192 bit, 256 bit 
  • RSA (up to 2048 bits) 
  • FIPS 198-1, MD5, SHA-1, SHA-2 


Performance options 

  • Range of performance option up to 1500 Triple-DES PIN Block translates / second using key blocks
  • Multi-threading to optimize performance 


Host connectivity 

  • Asynchronous (v.24, RS-232) 
  • TCP/IP & UDP (10/100/1000 Base-T) – dual ports for resilience 
  • FICON 


Certifications / validations 

  • Cryptographic module certified to FIPS : 140-2 Level 3, 46, 81, 180-3, 186-3, 198 
  • PCI HSM*
  • APCA 
  • MEPS 
  • NIST SP800-20, SP800-90(A) 


Financial services standards supported 

  • ISO: 9564, 10118, 11568, 13491, 16609 
  • ANSI : X3.92, X9.8, X9.9, X9.17, X9.19, X9.24, X9.31, X9.52, X9.97 
  • X9 TR-31, X9 TG-3/TR-39, APACS 40 & 70, AS2805 Pt 14 


Card payments support 

  • American Express/MasterCard/VISa PIN and Card Verification functions 
  • EMV 3.X and 4.X transactions and messaging (inc. PIN Change) 
  • Remote Key Loading to NCR, Diebold and Wincor-Nixdorf ATMs 
  • MasterCard On-behalf Key Management (OBKM) 
  • Integration with all major payment authorization and switching applications 


Management facilities 

  • Graphical User Interface(GUI) option for standard PC hardware over Ethernet - local and remote modes supported 
  • Key Management Device(KMD) option to form keys from components 
  • Console interface for “dumb” terminals 
  • Clustering using Thales Security Resource Manager (SRM) application 
  • SNMP 
  • Utilization statistics, health check diagnostics and error logs


Security features 

  • Multiple master keys option enabling cryptographic isolation
  • Two-Factor Authentication of security officers using smart cards 
  • Dual physical locks and/or smartcards control authorization levels
  • Tamper-resistance exceeding requirements of PC|HMS and FIPS 140-2 Level 3 
  • Detection of cover removal in addition to alarm triggers for motion, voltage and temperature 
  • Device 'hardening' - ability the host application to disable function not required by the host application
  • Audit trails 


Physical characteristics 

  • Form Factor: 2U 19” rack mount 
  • Height: 85mm (3.35”) 
  • Width: 478mm (18.82”) 
  • Depth: 417mm (16.42”) 
  • Weight: 7.3kg (16lb) with single PSU, 7.5kg (16.5lb) with dual PSU 
  • Electrical Supply : 100 to 240V AC Universal input, 47 to 63Hz
  • Dual power supply option on all models for resilience 
  • Power Consumption: 100W (maximum) 
  • Operating Temperature: 0 deg C to 40 deg 
  • Humidity: 10% to 90% (non-condensing)

상세한 제품 사양 정보는 www.thales-esecurity.com 또는 QR코드를 스마트폰으로 스캔하여 참조하세요.