ENCRYPTION PORTFOLIO PRODUCTS
HSM NETWORK: kNET
Kryptus kNET is a FIPS and ICP-Brasil certified hardware security module (HSM) that protects critical applications protecting sensitive keys and software with top-level performance.
The native KMIP API allows direct TLS connection (no drivers required), and is the perfect fit for IoT, Cloud, and Blockchain applications.
PERFORMANCE
Up to 30,000 RSA 2048 TPS
SECURE CODE EXECUTION
The kNET enables customers to run their code in a tamper-proof environment
KMIP PROTOCOL
Full native KMIP support (v1.2, v1.3 and 1.4 – no drivers required)
VIRTUAL HSMs
Real insulation in multi-tenant scenarios
HIGH AVAILABILITY
Hot-Swap Dual power supply and Dual Gigabit Ethernet, load Balancing
CERTIFICATION
FIPS 140-2 Level 3+ (EFP/EFT) | ICP-Brasil NSH3/NSC3
| PCI Compliance|
kNET FOR PIX.
NEW INSTANT PAYMENT SYSTEM.
The Central Bank of Brazil (BCB) announced the PIX instant payment system, which allows financial transactions, such as payments and transfers, to be carried out in up to ten seconds and for 24 hours, unlike TED’s and Doc’s that take from hours to days to be carried out.
Kryptus kNET equipment is the best cost-effective choice for your Instant Payment System project, as it is the only Brazilian hardware security module, with international certification FIPS level 3, ICP Brazil and 100% compliance with the standards of the Brazilian Central Bank.
The national cybersecurity strategy itself in Decree No. 10.222, of February 5, 2020 in Article 2.3.1, recommends the adoption of international standards in the development of new products and the adoption of national encryption solutions.
EASY TO MANTAIN.
ALWAYS AVAILABLE.
Kryptus kNET comes equiped with dual Hot-Swap redundant power supply and dual redundant Gigabit Ethernet ports.
Coolers are easy to replace with frontal access, and no need to open the casing.
TECHNICAL SPECIFICATION
Capabilities
Prepared for payment system
Prepared for XML signatures
Multi-tenant – Up to 50 Virtual HSMs
TLS 1.2 Encrypted Channel
Load balancing and High Availability support
Remote management via GUI
– Windows
– Linux
– OS X
Smartcard, USB token + PIN, User + Password and OTP (TOTP and HOTP)
Double authentication factor
authentication modes available
Software simulator for development and evaluation
Secure execution of customer code
SNMPv3 Monitoring (with traps)
Physical Specification
19” 1U form factor
1 x USB ports (Smart-Card, Token ,and external PIN pad)
Dual hot-swap power supply (100~240V)
Front-panel Dual Gigabit Ethernet Interfaces
Front-panel LCD Display
Front-panel Serial Console Port
Tamper-evident seals on external enclosure
Tamper-detection of external enclosure opening
Cryptography
Asymmetric
RSA (up to 8192 bits)
DSA
ECDSA (NIST and Brainpool)
EdDSA (Curve25519, Ed448-Goldilocks e E-521)
Symmetric
AES (ECB, CBC, CFB, OFB, CTR, GCM, CCM, XTS), HMAC
HMAC
DES e 3DES
Hash
SHA-1
SHA-2 (SHA-224, SHA-256, SHA-384 SHA-512, SHA-512/224, SHA-512/256
MD5
RIPEMD-160
Available APIs
Native KMIP Support – Versions 1.2, 1.3 and 1.4 – No drivers
needed
PKCS#11
Java (JCA/JCE)
Microsoft CNG / CAPI
Libs available in Java, C++(integrated and compatible with Microsoft Visual C version 6, JavaScript and Python
Performance
Up to 30,000 RSA 2048 Transactions per Second
Up to 7.5GB of storage available for Objects
Certification and Compliance
FIPS 140-2 level 3+ (EFP/EFT)
ICP-Brasil NSH3/NSC3
PCI Compliant
UL/FCC Compliant
RoHS Compliant
Common Criteria EAL 4+ augmented AVA_VAN.5 eiDAS (EN-419-221-5)*
*On-going
OTHER PRODUCTS
HSM USB: COMPACT HSM
HSM in compact form and USB connection, ideal for use internally in servers to accelerate and protect encrypted operations.
HSM PCIe: CHX3
Accelerator of encrypted operations in hardware with physical protection for installation via PCIexpress. Possibility to load proprietary algorithm into hardware.
SUPERTOKEN KEYGUARDIAN
High performance USB token with secure data storage and identity management features.
MT4: SECURE PASSWORD
Privileged Identity Management solution that stores, manages and monitors high privilege passwords for your IT assets.