ProtectProcessing

SafeNet Inc. pioneered as early as 1991 the ability for developers to write their own custom cryptographic applications or extend proprietary cryptographic applications that could be downloaded and run in the secure execution environment of a Hardware Security Module - HSM. ProtectProcessing is the latest evolution of this pioneering achievement.

ProtectProcessing is a customization Software Development Kit enabling developers to write their own secure processes (Functionality Modules [FMs]) on top of the industry standard crypto API ‘PKCS#11’ and securely execute these programs within the security perimeter of an HSM. It facilitates accelerated development, performance, plus provides enhanced system security, independence and confidentiality to security sensitive developments.

ProtectProcessing enables users to:

Develop custom cryptographic and security functionality to run inside Hardware Security Modules - HSMs
Develop custom extensions to or modify SafeNet Inc. off-the-shelf ProtectToolkit APIs and HSM operations
Execute critical custom application code within the secure tamper resistant environment of an SafeNet HSM, either in form of PCI adapter or network connected device
Develop and debug custom application code in a convenient PC-based software emulation environment, without the need of a HSM being connected to the developers computer
Enhance Security to comply with certain security policies or meet specific regulatory, industry or regional requirements.
Increase Performance, by bundling multiple individual cryptographic calls into one complex, atomic custom API command. This results in dramatically reduced function call overhead and hence greater performance

ProtectProcessing facilitates accelerated development

The Software Development Kit and emulation functionality streamlines costs and resources enabling developers (either an SafeNet's partner or an end user) to develop and debug custom specific Functionality Modules (FMs) on a standard PC environment. This can be performed outside of the HSM.

All cryptographic functions are temporarily performed within software libraries in the development server avoiding the need to have an HSM connected to each developer’s machine. Upon completion of development and testing, the implemented custom code can then be easily and securely downloaded, stored and run within the secure environment of a HSM.

The Software Development Kit (SDK) provides the software libraries, header files and reference documentation required to compile and link a Windows emulation build of the Functionality Module. Software Emulation capability plus a modified GNU compiler and linker enable the generation of executable binary code within the Functionality Module (FM) for the HSM’s native processor architecture. Sample programs with source code and build instructions, providing re-usable code skeletons and demonstrating typical customization scenarios, assist and accelerate application development. In addition, the necessary tools are provided for code signing and certificate management associated with the import of trusted custom code extensions into the HSM.

No prior embedded system experience is required, only knowledge of the industry standard ANSI based C language and its ‘C’ run-time library.

ProtectProcessing facilitates accelerated processing performance

Combining numerous individual cryptographic operations into a single comprehensive custom call dramatically reduces the processing load between the HSM and the host system. Such consolidation of cryptographic functions into a single operation facilitates accelerated performance of the overall system. Card Management and Card Personalization are typical application fields where such consolidation of cryptographic calls is desirable.

ProtectProcessing enhances system security

ProtectProcessing enables custom cryptographic processes to be securely performed within the secure environment of an SafeNet HSM rather than on the inferior security of a host system. Complex security-critical processing components of an application can be moved as a whole to the HSM, utilizing digitally signed code, ensuring no risk of sensitive information ever being exposed in an unprotected environment.

Independence and Confidentiality

ProtectProcessing enables independent in-house development by the customer or solution provider, avoiding the need to engage third party developers, thereby facilitating full confidentiality of custom security systems and processes. The development party is in full control of the certificate management and code signing, yet could also implement, at their discretion, a trust model involving third parties such as a Trust Center.

Training

SafeNet provides full training on ProtectProcessing to facilitate the specific in-house development needs of your security project.