SSL relies on the use of trusted digital credentials and both symmetric and asymmetric cryptographic techniques to establish sessions between clients and servers. Unfortunately, SSL suffers from two potential weaknesses: first, the digital credentials used to authenticate the identity of a web server can be stolen or copied; second, the intensive cryptographic processes required to create SSL sessions can have a negative impact on web server performance.
Hardware security modules (HSMs) offer protection for digital credentials and SSL accelerators offload computationally intensive cryptographic calculations, adding increased security and performance to applications relying on SSL.
Improving the Speed and Security of SSL
SafeNet HSMs provides secure, high-performance SSL acceleration that permits the deployment of trustworthy SSL web servers. Hardware security modules mitigate the risks associated with weaker, software-based key management, by protecting SSL keys inside FIPS 140-2-validated hardware that is impervious to both physical and electronic attacks that would cause lesser solutions to surrender sensitive keys to exploitation.
SafeNet Luna SA offers a number of features that allow it to perform SSL acceleration while protecting sensitive SSL private keys:
High-Performance SSL Acceleration. Luna SA for SSL delivers up to 6000 transactions per second (1024-bit RSA decryptions) to meet the requirements of the most demanding SSL applications.
Integrated FIPS-validated Hardware Key Management. Luna SA features a dedicated HSM, the K6 Cryptographic Engine, to perform cryptographic operations and provide secure storage for SSL private keys. The K3 Cryptographic Engine provides the Luna SA’s HSM functionality, offering FIPS 140-2-validated hardware-secured key management, hardware SSL acceleration (over 6000 transactions per second), administrative access control, and policy management.
Network Shareable. Luna SA is network shareable, allowing multiple web servers to use the Luna SA’s SSL acceleration features concurrently, making it ideal for service providers or enterprise customers who host multiple web servers. Luna SA for SSL clients are web servers that connect to the Luna SA to use its HSM capabilities. Each web server communicates with the Luna SA through Network Trust Links (NTLs) authenticated with digital certificates and unique client passwords.
Scalability. Multiple Luna SA machines can be pooled together to scale capacity as needed.
Manageable. A compact 1U rack-mount chassis and remote administration interface make the Luna SA ideal for data center environments, where space and manageability are primary concerns.
Network Trust Links — NTL. Network Trust Links (NTLs) are secure, authenticated network connections between the Luna SA and its clients. NTLs use two-way digital certificate authentication and SSL data encryption to protect sensitive data as it is transmitted between the Luna SA and Clients.
view HSM Products For SSL AccelerationSafeNet HSMs provides secure, high-performance SSL acceleration that permits the deployment of trustworthy SSL web servers. Hardware security modules mitigate the risks associated with weaker, software-based key management, by protecting SSL keys inside FIPS 140-2-validated hardware that is impervious to both physical and electronic attacks that would cause lesser solutions to surrender sensitive keys to exploitation.
view More InformationSSL Acceleration Resources
As a pioneering developer of HSMs, SafeNet has been bringing secure HSMs to market since 1994. SafeNet Luna products incorporate features developed through extensive operational experience. To learn more, please refer to our resources below.
The Secure Sockets Layer (SSL) protocol secures client-server communication sessions through the use of public key authentication and strong encryption.
The volume of information is mushrooming and being transformed from paper to digital form at an alarming rate with no end in sight. Individually, we all experience the steady growth in storage capacity and our use of that capacity in the devices we touch daily – our laptops, desktops, and smart phones. On the commercial side, a conversation with the IT data center personnel quickly reveals that adding storage capacity is a perennial budget item.
With the rising incidence of threats to consumer data, and increasing requirements to protect that data, merchants must focus on their security infrastructure. Regulations have been implemented not only by the state and federal governments, but by the credit card industry as well. Companies are compelled to prove their compliance with these regulations and will be held liable for their failure to do so. While these rules focus on protecting the consumer, they also serve as protection for the merchant, as security breaches can have a far-reaching impact to both a company’s finances and reputation.
Regulatory mandates are nothing new, but in most organizations, the pressure, cost, and effort required to sustain compliance are reaching unprecedented levels. Compliance is challenged by evolving mandates, infrastructure changes like data center consolidation, new deployment models like cloud and virtualization, as well as advancing threats to the security of sensitive data itself.
As businesses transform and use sensitive data within their enterprise and in the cloud, it is imperative to ensure trust ownership. SafeNet Hardware Security Modules (HSMs) provide reliable protection for transactions, identities, and applications by securing cryptographic keys and provisioning encryption, decryption, authentication, and digital signing services. SafeNet HSMs are ranked #1 in the market worldwide. They provide the highest-performing, most secure, and easiest-to-integrate application and transaction security solution for enterprise and government organizations. Robust FIPS and Common Criteria validation makes SafeNet HSMs tamper-resistant.
This document describes the security policies enforced by SafeNet Inc.’s Remote PED configured for use in the Luna SA.
SafeNet HSM & Oracle Transparent Database Encryption Solution Brief 1 SafeNet hardware security modules (HSMs) combine the strongest cryptographic security with the highest performance, reliability and ease of integration for rapid and affordable application protection using Oracle Advanced Security with Oracle Database.