h4.[Cryptographic Solutions for Financial Services: Using the Sun Crypto Accelerator 6000 Card !Main^download.gif!|http://mapping.sun.com/profile/offer.jsp?id=14]
*by Serge Nadon and Joel Weise*
{excerpt}February, 2008{excerpt}
The Sun Crypto Accelerator 6000 PCI-E card (SCA 6000 card) is a combined cryptographic accelerator and Hardware Security Module (HSM) that can be used to accelerate Secure Sockets Layer (SSL) and IPSec sessions, as well as perform arious financial services related cryptographic functions. Qualified as a FIPS 140-2 level 3 device, the SCA 6000 card is designed to prevent the disclosure or corruption of cryptographic keying material, intermediate cryptographic results, or other sensitive data. A direct key loading interface is incorporated to enable the secure entry of keying material. Since sensitive keying material does not cross system, network, or application boundaries, potential avenues of interception and attack are eliminated.
The security of a cryptographic device is dependent upon not only the anti-tamper circuitry and design of the device itself, but also the processes and procedures used to initialize the device, and perform key management and application level transactions. This Sun BluePrints article assumes a working knowledge of financial services and contemporary security issues, and discusses some control mechanisms. It describes some of the processes and procedures needed to make the SCA 6000 card available to an application performing financial services transactions such as PIN management and verification, and card verification.
{vote:Rate this blueprint}
Great
Good
Fair
Poor
{vote}
*by Serge Nadon and Joel Weise*
{excerpt}February, 2008{excerpt}
The Sun Crypto Accelerator 6000 PCI-E card (SCA 6000 card) is a combined cryptographic accelerator and Hardware Security Module (HSM) that can be used to accelerate Secure Sockets Layer (SSL) and IPSec sessions, as well as perform arious financial services related cryptographic functions. Qualified as a FIPS 140-2 level 3 device, the SCA 6000 card is designed to prevent the disclosure or corruption of cryptographic keying material, intermediate cryptographic results, or other sensitive data. A direct key loading interface is incorporated to enable the secure entry of keying material. Since sensitive keying material does not cross system, network, or application boundaries, potential avenues of interception and attack are eliminated.
The security of a cryptographic device is dependent upon not only the anti-tamper circuitry and design of the device itself, but also the processes and procedures used to initialize the device, and perform key management and application level transactions. This Sun BluePrints article assumes a working knowledge of financial services and contemporary security issues, and discusses some control mechanisms. It describes some of the processes and procedures needed to make the SCA 6000 card available to an application performing financial services transactions such as PIN management and verification, and card verification.
{vote:Rate this blueprint}
Great
Good
Fair
Poor
{vote}