Changchun Jilin University Zhengyuan Information Technologies Co., Ltd.HSM SJJ1978 is an independently developed high performance cryptographic device capable of using different types of applications to perform high speed, multi-parallel cryptographic processing. It can satisfy the application system’s signature/verification and encryption/decryption requests, guaranteeing the confidentiality, integrity, and validity of transferred information while also providing security along with a comprehensive key management mechanism.
The cryptographic application system uses the standard API function provided by the HSM to provide services. Calls between API and HSM is transparent to the upper application. The application developer can quickly use the security function provided by HSM. The cryptographic API interface conforms to PKCS#11, JCA, CAPI, which is universal and can be smoothlyconnected to various system platforms to meet the requirements of most application systems. In terms of application system security, it has a wide range of application prospects.
Multiple Algorithms: RSA、ECDSA、DES/3DES、AES
Multiple Operation System Compatibility: communication between application server and HSM through TCP/IP, supporting multiple major operation systems such as MS Windows, Linux, Solaris, AIX, HP-UX Unix.
Standard API: Conformed with‘ Cryptographic Products API Standard’, support PKCS#11, JCE, OpenSSL
Triple Level Key Structure: System Protection Key- Local Master Key(KEK) - Working Key triple level key protection structure to secure user keys and application system.
Secure Key Storage: no keys show/ present as plaintext outside of device and key backup is also protected by master key.
Connection Password and White list: Authorization through connection password and white list to improve system security.
Authorization: every user key pair comes with an unique authorization code to ensure securities of calls by the same application system using different passwords.
Key Generation and Management: ECC 256/384/521 and RSA -1024/2048/3072/4096 key generation. Physical noise generation chips approved by OSCCA to generate true random number.
Secured Storage of Keys: capacity of storing 50 pairs of ECC keys and 50 pairs of RSA keys and offering system key protection for private keys.
Encryption and Decryption: ECB, CBC, DES, 3DES,AES。
Verification code generation and verification: DES, DES3, AES,MAC to generate and verify.
Digest generation and verification: SHA, SHA1, SHA128, SHA256. SHA512.
Digital Signature Generation and Verification: stored RSA/ECDSA private keys or imported RSA/ECDSA private keys to request digital signature.
Digital Envelop: RSA /ECC digital envelop to support transition from interior key protection to exterior key protection.
Physical True Random Number Generation: use physical noise generation chip approved by OSCCA to generate true random number/ double true random number.
Control of user access: Management of users to improve device security.
Backup and Recovery: key backup and recovery based on master key protection to ensure security application system safety and reliability.
I want to consult