Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

ProtectProcessing - HD

ProtectProcessing
Cryptographic API/ Toolkit
ProtectProcessing is a customization Software Development Kit (SDK) delivering an
unsurpassed level of flexibility, extensibility and security to your cryptographic applications.
SafeNet (SFNT:Nasdaq) is a global leader in information security. Founded more
than 20 years ago, the company provides complete security utilizing its encryption
technologies to protect communications, digital identities and intellectual property,
and offers a full spectrum of products including hardware, software, and chips.
SALES OFFICES
ARM, Bank of America, Cisco Systems, the Departments of Defense, and Homeland
Security, Microsoft, Samsung, Texas Instruments, the U.S. Internal Revenue Service,
and scores of other customers entrust their security needs to SafeNet. For more
information, visit www.safenet-inc.com.
Corporate: 4690 Millennium Drive, Belcamp, Maryland 21017 USA
Tel: +1 410 931 7500 or 800 533 3958 Email: info@safenet-inc.com
Australia +61 3 9882 8322
Brazil +55 11 3392 4600
Canada +1 613 723 5077
China +86 10 8266 3936
Finland +358 20 500 7800
France +33 1 47 55 74 70
Germany +49 18 03 72 46 26 9
Hong Kong +852 3157 7111
India +91 11 2691 7538
Japan (Tokyo) +81 3 5719 2731
Korea +82 31 705 8212
Mexico +52 55 5575 1441
Netherlands +31 73 658 1900
Singapore +65 6297 6196
Taiwan +886 2 2735 3736
U.K. +44 1276 608 000
U.S. (Massachusetts) +1 978 539 4800
U.S. (New Jersey) +1 201 333 3400
U.S. (Virginia) +1 703 279 4500
U.S. (Irvine, California) +1 949 450 7300
U.S. (Santa Clara, California) +1 408 855 6000
U.S. (Torrance, California) +1 310 533 8100
Australia +61 2 9906 2988
Brazil +55 21 2215 5765
Czech Republic +420 2 2423 6833
Germany +49 2151 3630 20
India +91 80 5110 0600
Italy +39 02 7729 7599
Netherlands +31 20 311 6540
Singapore +65 6559 3449
Switzerland +41 61 462 2010
U.S. (Roseville, California) +1 916 677 2450
Distributors and resellers located worldwide
2165EN-AU1205. ©2005 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet.
All other product names are trademarks of their respective owners.
BENEFITS AT A GLANCE
 Develop custom cryptographic and security
functionality to run on HSMs
 Modify or develop custom extensions to
off-the-shelf ProtectToolkit APIs and HSM
operations
 Execute critical custom application code within
the secure tamper-resistant environment of a
SafeNet PCI adapter or network-connected HSM
ProtectProcessing facilitates accelerated development and
performance, plus provides enhanced system security,
independence and confidentiality to security-sensitive
application developments.
 Develop and debug custom application code in a
convenient PC-based software emulation
environment, without the need for a HSM being
connected to the developer’s computer
ProtectProcessing provides the ability to create customized cryptographic applications
from scratch (including completely new algorithms), or develop custom extensions to
off-the-shelf PKCS#11 functionality by patching the standard routines that are executed within
the secure confines of a HSM.
 Enhance security to comply with certain security
policies or meet specific regulatory, industry or
regional requirements
 Increase performance by bundling multiple
individual cryptographic calls into one complex,
atomic custom API command. This results in
dramatically reduced function call overhead and
a boost in performance
ProtectProcessing includes a software emulation capability, plus a modified GNU compiler
and linker to generate the executable binary code for the HSMs native processor architecture.
This includes all the necessary tools for code signing and certificate management associated
with the import of trusted custom code extensions into the HSM.
Motivations to develop customized HSM code are diverse and may include:
 Need for specific functionality, like a regional cryptographic algorithm or key derivation method
 Add customized security functionality such as secure protocol conversion and re-encryption
within the secure confines of a HSM
 Change to an existing function, which may not deliver exactly what is required, or must be
removed
 Increase performance by bundling multiple individual cryptographic calls into one complex,
atomic custom API command resulting in a dramatically reduced function call overhead and
a boost in performance
PRODUCT DATA SHEET
WORLDWIDE OFFICES
www.safenet-inc.com
ABOUT SAFENET
ProtectProcessing
Cryptographic API/ Toolkit
ACCELERATED INDEPENDENT DEVELOPMENT
HSM PLATFORM OPTIONS
The Software Development Kit (SDK) and emulation functionality streamlines costs and resources enabling developers (either a SafeNet
partner or an end user) to create and debug custom-specific Functionality Modules (FMs) in a standard PC environment. This can be performed
outside of the HSM without any involvement from SafeNet.
The protection of keys and other valuable data within a physically secure tamper-resistant
HSM is paramount to achieve strong cryptographic security. The storage of keys within a
software-only solution greatly diminishes the security against malicious attack due to a
hacker’s ability to infiltrate and compromise keys from the file system or working memory.
All cryptographic functions are temporarily performed within software libraries on the development server avoiding the need to have a HSM
connected to each developer’s machine. Upon completion of development and testing, the implemented custom code can then be easily and
securely downloaded, stored and run within the secure environment of the HSM.
The SDK provides the software libraries, header files and reference documentation required to compile and link a Windows emulation build of
the FM. A modified GNU compiler and linker enable the generation of executable binary code within the FM for the HSMs native processor
architecture. Sample programs with source code and build instructions, providing re-usable code skeletons and demonstrations of typical
customization scenarios, assist and accelerate application development.
In addition, the necessary tools are provided for code signing and certificate management associated with the import of trusted custom code
extensions into the HSM.
ACCELERATED PROCESSING PERFORMANCE
Combining numerous individual cryptographic operations into a single comprehensive custom call dramatically reduces the processing load
between the HSM and the host system. Such consolidation of cryptographic functions into a single operation facilitates accelerated
performance of the overall system.
ENHANCED SYSTEM SECURITY
ProtectProcessing enables custom cryptographic processes to be securely performed within the protected environment of a SafeNet HSM rather
than on the host system. Complex security-critical processing components of an application, utilizing digitally signed code, can be operated as
a whole on the HSM, ensuring no risk of sensitive information ever being exposed in an unprotected environment. The net-effect of this approach
nes of the
HSM.
INDEPENDENCE AND CONFIDENTIALITY
ProtectProcessing enables independent in-house development by end users and solution providers. In addition, by avoiding the need to
engage third-party developers, full confidentiality of custom security systems and processes can be achieved. The development party is in full
control of the certificate management and code signing, and can also implement at their discretion, a trust model involving third-parties such
as a Trust Center.
TRAINING
SafeNet provides full training on ProtectProcessing to facilitate the specific in-house development needs of your security project. No prior
embedded system experience is required, only knowledge of the industry standard ANSI-based ‘C’ language and its ‘C’ run-time library.
ProtectProcessing operates seamlessly with the HSMs listed below.
PROTECTHOST ORANGE
ProtectHost Orange is a FIPS 140 - 2 level 3 certified
network-attached HSM that connects to a single machine or a
complete network as a central cryptographic subsystem to
perform symmetric and asymmetric cryptography.
PROTECTSERVER ORANGE EXTERNAL
ProtectServer Orange External is a FIPS 140 - 1 level 3
certified network-attached HSM that connects via TCP/IP to a single
machine or complete network (LAN) as a central cryptographic
subsystem to perform symmetric and asymmetric cryptography.
PROTECTSERVER GOLD
ProtectServer Gold is a FIPS 140 - 2 level 3 certified PCI
adapter-based HSM that can be installed in server systems as a
cryptographic subsystem to perform symmetric and asymmetric
cryptography.
PROTECTSERVER ORANGE
ProtectServer Orange is a FIPS 140 - 1 level 3 certified PCI
adapter-based HSM that can be installed in server systems as a
cryptographic subsystem to perform symmetric and asymmetric
cryptography.
PROTECTSERVER BLUE
ProtectServer Blue is an ITSEC certified PCI adapter-based
HSM that can be installed in server systems as a cryptographic
subsystem to perform symmetric and asymmetric cryptography.
TECHNICAL SPECIFICATIONS
SUPPORTED DEVELOPMENT PLATFORMS
FM Development
 Windows NT 4.0, 2000, XP, Server 2003
Host Side Development
(Host Development Kit - HDK)
 Windows NT 4.0, 2000, XP, Server 2003
 Linux Kernel 2.4.18 and later, 2.6.x
 Sun Solaris (Sparc) 7, 8, 9
DEVELOPMENT TOOLS REQUIRED
FM Software Emulation
 Microsoft Visual C++ 6 or later
Please Note - GNU compiler and linker (for HSMs
ARM CPU code generation) is included in the SDK
HOST DEVELOPMENT
 Native compiler toolkit for the supported platform
 gnumake v3.78.1 - This package can be obtained
from www.gnu.org/software/make/make.html
PROTECTPROCESSING APIs









Host Message Dispatch (MD) API
HSM Interface Service (SVC) API
FM Dispatch API
PKCS#11 API (full)
PKCS#11 State Management API
Application ID API
Serial communications API
High Resolution Timer API
ANSI C RTL API (Subset)
API LANGUAGE
 FM code - ‘C’
 Host side code - ‘C’, Java
ProtectProcessing
Cryptographic API/ Toolkit
ACCELERATED INDEPENDENT DEVELOPMENT
HSM PLATFORM OPTIONS
The Software Development Kit (SDK) and emulation functionality streamlines costs and resources enabling developers (either a SafeNet
partner or an end user) to create and debug custom-specific Functionality Modules (FMs) in a standard PC environment. This can be performed
outside of the HSM without any involvement from SafeNet.
The protection of keys and other valuable data within a physically secure tamper-resistant
HSM is paramount to achieve strong cryptographic security. The storage of keys within a
software-only solution greatly diminishes the security against malicious attack due to a
hacker’s ability to infiltrate and compromise keys from the file system or working memory.
All cryptographic functions are temporarily performed within software libraries on the development server avoiding the need to have a HSM
connected to each developer’s machine. Upon completion of development and testing, the implemented custom code can then be easily and
securely downloaded, stored and run within the secure environment of the HSM.
The SDK provides the software libraries, header files and reference documentation required to compile and link a Windows emulation build of
the FM. A modified GNU compiler and linker enable the generation of executable binary code within the FM for the HSMs native processor
architecture. Sample programs with source code and build instructions, providing re-usable code skeletons and demonstrations of typical
customization scenarios, assist and accelerate application development.
In addition, the necessary tools are provided for code signing and certificate management associated with the import of trusted custom code
extensions into the HSM.
ACCELERATED PROCESSING PERFORMANCE
Combining numerous individual cryptographic operations into a single comprehensive custom call dramatically reduces the processing load
between the HSM and the host system. Such consolidation of cryptographic functions into a single operation facilitates accelerated
performance of the overall system.
ENHANCED SYSTEM SECURITY
ProtectProcessing enables custom cryptographic processes to be securely performed within the protected environment of a SafeNet HSM rather
than on the host system. Complex security-critical processing components of an application, utilizing digitally signed code, can be operated as
a whole on the HSM, ensuring no risk of sensitive information ever being exposed in an unprotected environment. The net-effect of this approach
nes of the
HSM.
INDEPENDENCE AND CONFIDENTIALITY
ProtectProcessing enables independent in-house development by end users and solution providers. In addition, by avoiding the need to
engage third-party developers, full confidentiality of custom security systems and processes can be achieved. The development party is in full
control of the certificate management and code signing, and can also implement at their discretion, a trust model involving third-parties such
as a Trust Center.
TRAINING
SafeNet provides full training on ProtectProcessing to facilitate the specific in-house development needs of your security project. No prior
embedded system experience is required, only knowledge of the industry standard ANSI-based ‘C’ language and its ‘C’ run-time library.
ProtectProcessing operates seamlessly with the HSMs listed below.
PROTECTHOST ORANGE
ProtectHost Orange is a FIPS 140 - 2 level 3 certified
network-attached HSM that connects to a single machine or a
complete network as a central cryptographic subsystem to
perform symmetric and asymmetric cryptography.
PROTECTSERVER ORANGE EXTERNAL
ProtectServer Orange External is a FIPS 140 - 1 level 3
certified network-attached HSM that connects via TCP/IP to a single
machine or complete network (LAN) as a central cryptographic
subsystem to perform symmetric and asymmetric cryptography.
PROTECTSERVER GOLD
ProtectServer Gold is a FIPS 140 - 2 level 3 certified PCI
adapter-based HSM that can be installed in server systems as a
cryptographic subsystem to perform symmetric and asymmetric
cryptography.
PROTECTSERVER ORANGE
ProtectServer Orange is a FIPS 140 - 1 level 3 certified PCI
adapter-based HSM that can be installed in server systems as a
cryptographic subsystem to perform symmetric and asymmetric
cryptography.
PROTECTSERVER BLUE
ProtectServer Blue is an ITSEC certified PCI adapter-based
HSM that can be installed in server systems as a cryptographic
subsystem to perform symmetric and asymmetric cryptography.
TECHNICAL SPECIFICATIONS
SUPPORTED DEVELOPMENT PLATFORMS
FM Development
 Windows NT 4.0, 2000, XP, Server 2003
Host Side Development
(Host Development Kit - HDK)
 Windows NT 4.0, 2000, XP, Server 2003
 Linux Kernel 2.4.18 and later, 2.6.x
 Sun Solaris (Sparc) 7, 8, 9
DEVELOPMENT TOOLS REQUIRED
FM Software Emulation
 Microsoft Visual C++ 6 or later
Please Note - GNU compiler and linker (for HSMs
ARM CPU code generation) is included in the SDK
HOST DEVELOPMENT
 Native compiler toolkit for the supported platform
 gnumake v3.78.1 - This package can be obtained
from www.gnu.org/software/make/make.html
PROTECTPROCESSING APIs









Host Message Dispatch (MD) API
HSM Interface Service (SVC) API
FM Dispatch API
PKCS#11 API (full)
PKCS#11 State Management API
Application ID API
Serial communications API
High Resolution Timer API
ANSI C RTL API (Subset)
API LANGUAGE
 FM code - ‘C’
 Host side code - ‘C’, Java
ProtectProcessing
Cryptographic API/ Toolkit
ProtectProcessing is a customization Software Development Kit (SDK) delivering an
unsurpassed level of flexibility, extensibility and security to your cryptographic applications.
SafeNet (SFNT:Nasdaq) is a global leader in information security. Founded more
than 20 years ago, the company provides complete security utilizing its encryption
technologies to protect communications, digital identities and intellectual property,
and offers a full spectrum of products including hardware, software, and chips.
SALES OFFICES
ARM, Bank of America, Cisco Systems, the Departments of Defense, and Homeland
Security, Microsoft, Samsung, Texas Instruments, the U.S. Internal Revenue Service,
and scores of other customers entrust their security needs to SafeNet. For more
information, visit www.safenet-inc.com.
Corporate: 4690 Millennium Drive, Belcamp, Maryland 21017 USA
Tel: +1 410 931 7500 or 800 533 3958 Email: info@safenet-inc.com
Australia +61 3 9882 8322
Brazil +55 11 3392 4600
Canada +1 613 723 5077
China +86 10 8266 3936
Finland +358 20 500 7800
France +33 1 47 55 74 70
Germany +49 18 03 72 46 26 9
Hong Kong +852 3157 7111
India +91 11 2691 7538
Japan (Tokyo) +81 45 640 5733
Korea +82 31 705 8212
Mexico +52 55 5575 1441
Netherlands +31 73 658 1900
Singapore +65 6297 6196
Taiwan +886 2 2735 3736
U.K. +44 1276 608 000
U.S. (Massachusetts) +1 978 539 4800
U.S. (New Jersey) +1 201 333 3400
U.S. (Virginia) +1 703 279 4500
U.S. (Irvine, California) +1 949 450 7300
U.S. (Santa Clara, California) +1 408 855 6000
U.S. (Torrance, California) +1 310 533 8100
Australia +61 2 9906 2988
Brazil +55 21 2215 5765
Czech Republic +420 2 2423 6833
Germany +49 2151 3630 20
India +91 80 5110 0600
Italy +39 02 7729 7599
Netherlands +31 20 311 6540
Singapore +65 6559 3449
Switzerland +41 61 462 2010
U.S. (Roseville, California) +1 916 677 2450
Distributors and resellers located worldwide
2165EN-AU1205. ©2005 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet.
All other product names are trademarks of their respective owners.
BENEFITS AT A GLANCE
 Develop custom cryptographic and security
functionality to run on HSMs
 Modify or develop custom extensions to
off-the-shelf ProtectToolkit APIs and HSM
operations
 Execute critical custom application code within
the secure tamper-resistant environment of a
SafeNet PCI adapter or network-connected HSM
ProtectProcessing facilitates accelerated development and
performance, plus provides enhanced system security,
independence and confidentiality to security-sensitive
application developments.
 Develop and debug custom application code in a
convenient PC-based software emulation
environment, without the need for a HSM being
connected to the developer’s computer
ProtectProcessing provides the ability to create customized cryptographic applications
from scratch (including completely new algorithms), or develop custom extensions to
off-the-shelf PKCS#11 functionality by patching the standard routines that are executed within
the secure confines of a HSM.
 Enhance security to comply with certain security
policies or meet specific regulatory, industry or
regional requirements
 Increase performance by bundling multiple
individual cryptographic calls into one complex,
atomic custom API command. This results in
dramatically reduced function call overhead and
a boost in performance
ProtectProcessing includes a software emulation capability, plus a modified GNU compiler
and linker to generate the executable binary code for the HSMs native processor architecture.
This includes all the necessary tools for code signing and certificate management associated
with the import of trusted custom code extensions into the HSM.
Motivations to develop customized HSM code are diverse and may include:
 Need for specific functionality, like a regional cryptographic algorithm or key derivation method
 Add customized security functionality such as secure protocol conversion and re-encryption
within the secure confines of a HSM
 Change to an existing function, which may not deliver exactly what is required, or must be
removed
 Increase performance by bundling multiple individual cryptographic calls into one complex,
atomic custom API command resulting in a dramatically reduced function call overhead and
a boost in performance
PRODUCT DATA SHEET
WORLDWIDE OFFICES
www.safenet-inc.com
ABOUT SAFENET
Related documents
Vishay 2100 Strain Gauge Conditioner and Amplifier System
Vishay 2100 Strain Gauge Conditioner and Amplifier System
Text S3. Theoretical Point Spread Function of HSM
Text S3. Theoretical Point Spread Function of HSM
Center for Network Centric Technologies (CENTech)
Center for Network Centric Technologies (CENTech)
Evaluation of Illinois Highway Safety Programs: Six Years
Evaluation of Illinois Highway Safety Programs: Six Years
problems for chapter 5
problems for chapter 5
the new formal method calculus for cryptographic protocols
the new formal method calculus for cryptographic protocols
Download