Vectera Plus Hardware Security Module (HSM)

General-purpose HSMs provide a high level of security for IT infrastructure, protecting it from unauthorized access or tampering. Being general-purpose, they support a wide range of cryptographic functions like symmetric and asymmetric encryption, key management, and digital signing. This makes them versatile and able to be used in a variety of applications. The level of physical and logical security of general-purpose HSMs enables them to meet industry standards for security and compliance, such as FIPS 140-2 and PCI HSM.

A general-purpose HSM is a physically and logically secure device from which you can carry out cryptographic tasks. General-purpose HSMs are often used to encrypt data, sign digital certificates, and manage cryptographic keys. The descriptor “general-purpose” refers to the wide array of cryptographic use cases it is designed to handle. They can be integrated into a wide variety of different environments and customized for diverse use cases.

The Vectera Plus is a general purpose hardware security module (HSM) that excels in the most demanding cryptographic environments. It features high processing speeds, support for a wide range of encryption algorithms, and FIPS 140-2 Level 3 validation. Like all Futurex products, the Vectera Plus supports an array of vendor-neutral APIs for easy integration. From securing applications to encrypting sensitive customer data, the Vectera Plus fills varied roles across different industries.

Hardware features

• Dual, redundant, hot-swappable power supplies
• Dual gigabit Ethernet ports
• Failover link with additional Vectera Plus devices using the Guardian Series 3 for system-wide redundancy
• Secure Cryptographic Device (SCD) with tamper responsive barrier to protect sensitive data

Operating conditions

• Power: 100 – 240 VAC 50/60 Hz. 225 Watts
• Operating temp: -40° to 140°F (-40° to 60°C)
• Storage temp: -40° to 140°F (-40° to 60°C)
• Operating humidity: 20% to 80% non-condensing
• Storage humidity: 5% to 95% non-condensing

Dimensions and weight

• Weight: 36 lbs (16.33 kg)
• Width: 19 inches (48.26 cm)
• Height: 1U – 1.72 inches (4.37 cm)
• Depth: 19.4 inches (49.38 cm)

Compliance

Industry compliance standards

• FIPS 140-2 Level 3
• PCI-HSM
• ANSI X9.24 part 1 and part 2 – TR-39
• RoHS
• FCC Part 15- Class B

Key types and protocols

• 3DES, AES (128-256), DSA (512-4096)
• RSA (512-8192)
• ECC (NIST recommended and user-defined)
• HMAC (MD5, SHA- 1, SHA-256-512)
• SHA-1
• SHA-2 (256-512)

Futurex’s VirtuCrypt cloud cryptography platform offers the ability to deploy the Vectera Plus in the cloud. Cloud versions of the Vectera Plus run out of VirtuCrypt data centers located in every geographic region, providing high availability, low latency, and maximum compliance. Users can acquire licenses to enable different Vectera features through the cloud just as they would with an on-premises deployment. Overall, the cloud offers the same functionality as an on-premises general-purpose HSM, but with the immediacy and ease of the cloud.

The use cases fulfilled by HSMs tend to be oriented toward either general-purpose encryption or payment encryption. Both involve running cryptographic operations inside the HSM’s secure boundary, but there are some major differences. Payment HSMs are tailored toward the high-performance environments of the payment industry: payment processors, issuing and acquiring banks, and fintech companies. They carry out specialized use cases centered around encrypting and processing payment data. This type of data requires payment HSMs to meet specific compliance requirements, such as those of PCI. General-purpose HSMs, on the other hand, are geared more toward securing communications, managing or authenticating identities, and managing encryption keys. However, some general-purpose HSMs can manage payment keys, and can use many of the same algorithms of a payment HSM.

The types of client libraries and application programming interfaces (APIs) that an HSM supports depends on the manufacturer. Futurex HSMs are designed to support the widest range of APIs available, enabling easy integration between our HSMs and client applications. Futurex HSMs also feature the Excrypt API, a vendor-neutral interface that simplifies HSM-to-application communication. Futurex’s integration engineers have coded to the standards PKCS#11, Microsoft CNG, and others, creating our own versions of these libraries. That way, if a client is using PKCS#11 commands, their application can send those commands to our library, which translates them into commands for our HSMs. This simplifies things for the customer, who doesn’t have to do any additional coding to make this happen.

The Vectera Plus’ secure code environment is an isolated environment in which to develop and run applications. This provides an easy way to increase the value of HSM infrastructure by developing applications in common cryptographic libraries, such as Java or PKCS #11.

• General purpose data protection tasks, including encryption, decryption, validation, and certifications
• Secure corporate domains with DNSSEC
• Secure data for manufactured Internet of Things (IoT) devices
• Tokenize sensitive information for data types like medical, academic, insurance, military, or corporate IP, at rest or in transit

• Full graphical user interface (GUI) makes configuration simple and easy
• No command line interface required for installation and initial setup
• Scalable architecture, with the ability to increase processing throughput rates without downtime

• Hardened steel 1U tamper-resistant chassis
• Dual, redundant, hot-swappable power supplies
• Dual gigabit ethernet ports
• Battery backup for keys in SCD memory
• Secure Cryptographic Device (SCD) with tamper-responsive barrier to protect sensitive data

• Automatically transmit data logs to a remote server for audits
• Digitally sign log files, ensuring that data integrity is maintained and that logs cannot be altered
• Remotely access and audit internal logs via web-based interface

• FIPS 140-2 Level 3
• PCI HSM 2.X
• ANSI X9.24 Part 1
• ANSI X9.24 Part 2 – TR-39
• FCC Part 15 – Class B
• RoHS

Effortlessly increase your infrastructure’s throughput capacity without downtime.

Broad support for common interfaces makes integration painless.

• RESTful API
• PKCS #11
• JCA/JCE
• MS CAPI/CNG
• Open SSL

• Upgrade firmware
• Update network settings
• Execute secure application code
• Alter host software application parameters
• Performs all configuration functions