|
|
 |
LYNKS Series II Hardware Security Modules
The LYNKS Series II Hardware Security Module (HSM) family offers a high security solution for client, server and embedded security applications. The LYNKS Series II HSM, with upgraded flash memory and FPGA capabilities, supports the new, stronger, and faster Suite B algorithms, including elliptic curve cryptography with ECMQV key establishment, AES, and the SHA-2 algorithms. It also supports up to 4096-bit RSA keys. Available with either PCMCIA or stackable USB interfaces, the new LYNKS Series II HSM provides the strongest, most economical, future-proof protection for valuable data available anywhere.
The LYNKS Series II HSM provides security-critical capabilities for PKI-based identity management, data security, data integrity, and nonrepudiation. When used in conjunction with SPYRUS Rosetta CSI Software, the LYNKS HSM provides support for standard cryptographic application interfaces such as the Microsoft® Windows® Cryptographic API and the PKCS #11 interface. Custom application integration is available through the SPYRUS developer toolkits. |
 |
Features and Benefits
- Suite B Algorithm Support
The LYNKS Series II HSM incorporates the very latest in cryptographic algorithms. SPYRUS has received the first patent license for elliptic curve cryptography to be issued by the National Security Agency (NSA) under the terms of the NSA Field of Use patent license. The license covers a total of 26 individual U.S., Canadian, and European patents and patent applications. The Field of Use includes elliptic curve cryptography in the prime field GF(p), using 256-bit or longer keys in implementations that are FIPS 140-2 certified, among other requirements. The typical applications are those that involve federal, state, and local governments, including interoperation with foreign governments.
SPYRUS is the first company under this license to incorporate this patented technology in all of its product lines, including the LYNKS Series II HSM, the Rosetta Series II smart card and USB token, Rosetta CSI Software, Security In A Box, and the Signal Identity Manager.
The LYNKS Series II HSM goes beyond the Suite B algorithms, and includes elliptic curve cryptography (ECC) using the highest-strength P-256, P-384, and P-521 curves defined for use by the U.S. Government. The P-521 keys are equivalent to a 15,360-bit RSA key in strength, but the ECC operations are much faster than RSA. The ECDSA digital signature standard and the ECMQV and EC Diffie-Hellman key establishment schemes will be supported in accordance with NIST SP 800-56 Key Establishment Guidelines. The AES-128/194/256 symmetric key algorithms are supported, along with the SHA-224/256/384/512 hash functions. In addition, the LYNKS Series II HSM supports RSA-1024/2048 and 4096, and triple-DES. The RSA key generation complies with the stringent X9.31 specification.
- Tamper-Proof Security
The LYNKS HSM features either an ultrasonically welded or an overmolded case for tamper evidence.
- Future-Proof Design
The LYNKS Series II HSM is designed to be extensible and future-proof.
High-speed FPGAs are used to maximize performance, and custom algorithms
and/or features, potentially including classified algorithms, can be added
through a trusted firmware update process.
- Backup Utility Option
The optional HSM Copy utility can clone a LYNKS HSM to create alocked-down replica as a backup CA.
Applications
- Certificate and Registration Authorities
The LYNKS CA HSM provides secure off-line storage of a Root Certificate Authority private key, including Microsoft Windows Certificate Services in Windows 2000 and Windows Server 2003 Enterprise Edition. The LYNKS CA HSM uses the unique master key stored in the cryptographic engine to encrypt private data and private keys, making it almost impossible to attack.
The LYNKS RA HSM fully supports the SPYRUS Signal Identity Manager™, which complements Windows Server 2003 Certificate Services by adding Registration Authority (RA) support, secure key generation, HSM-based key archiving and recovery, token management, and auditing capabilities.
- Secure Document Retention
High-strength encryption and digital signatures for technical nonrepudiation.
- Electronic Notary
Digitally sign legal documents, including forensic evidence.
- Code Signing
For executable code and macros. Is compatible with Windows .NET Security Framework.
- Secure Master Key Storage
Supports applications that use software encryption for high-speed file encryption and streaming media, while still maintaining the master keys in a secure HSM. This can protect against the theft or surreptitious cloning of a server file system, including backup or archived files. In this way, SSL private keys and secure disk encryption applications can also be protected.
- Trusted, Auditable Timestamp (custom option)
Documents and transactions can be securely timestamped using the on-board time-of-epoch clock and a trusted timestamp key used only for this purpose. The time-of-epoch clock within the cryptographic enclosure can never be altered, but it allows calibration against primary standards, with the digitally signed results recorded for a precise, auditable UTC time.
Model Numbers
| Product Name |
Model Number |
| LYNKS Series II HSM |
- PC600 – [LYNKS HSM only] PCMCIA interface
- PC800 – [LYNKS HSM only] USB interface
- RES416 – LYNKS HSM (PCMCIA) with Rosetta CSI middleware, FIPS 140-2 Level 2 validated
- RES417-F – LYNKS HSM (USB) with Rosetta CSI middleware, FIPS 140-2 Level 2 validated
- RES416C – LYNKS CA HSM (PCMCIA) with Rosetta CSI middleware, right to use license as a Certificate Authority HSM, utility to copy keys for backup, FIPS 140-2 Level 2 validated
- RES417C – LYNKS CA HSM (USB) with Rosetta CSI middleware, right to use license as a Certificate Authority HSM, utility to copy keys for backup, FIPS 140-2 Level 2 validated
- RES416R – LYNKS RA HSM (PCMCIA) with Rosetta CSI middleware, right to use license as a Certificate Authority HSM, utility to copy keys for backup, FIPS 140-2 Level 2 validated
- RES417R – LYNKS RA HSM (USB) with Rosetta CSI middleware, right to use license as a Certificate Authority HSM, utility to copy keys for backup, FIPS 140-2 Level 2 validated
*Note: The LYNKS CA and RA HSMs can support multi-party key generation, secure key generation, and secure key archiving. The LYNKS CA and RA HSMs include Rosetta CSI middleware.
|
| Supported Operating Systems |
- Microsoft Windows 2000 SP4
- Microsoft Windows XP SP2
- Microsoft Windows Server 2003
- Microsoft Windows Vista SP1
|
Download datasheet.
|
|
