<html>
<title>PCI and SBus Crytpographic Servies Providers | Product Specifications</title>
<body>
<font face="arial" size="2">
<center>
<h1>PCI and SBus Cryptographic Services Providers Product Specifications</h1>
</center>
<hr width="600" align="center">
<center><a href="#hardware">Hardware Description </a>|<a href="#software"> Software Description </a>|
<a href="#manage"> Key and Certificate Management </a>|<a href="#access"> Authentication and Access Control</a></center>
<hr width="600" align="center">
<center>
<table>
<tr><td width="500" valign="top"><font face="arial" size="2">3Si's advanced technology Cryptographic Services Provider
(SCP) provides a high-performance server system by off-loading cryptographic processing from 
the host system.  It provides hardware based security services to applications 
or provides network security on the Internet.</font></td>
<td width="500"><font face="arial" size="2">&nbsp;&nbsp;&nbsp;&nbsp;It consists of:<menu><li>Hardware board(s) loaded with firmware</li><li>Software on the host server
platform which includes a cryptographic API (CAPI), Security Manager, board driver and
Administration graphical user interface.</li></menu></font></td></tr><tr><td height="10" colspan="2"></td></tr>
<tr><td align="left"><font color="red" size="5" face="arial"><b>&nbsp;&nbsp;&nbsp;Features</b></font></td>
<td align="left"><font color="red" size="5" face="arial"><b>&nbsp;&nbsp;&nbsp;Benefits</b></font></td></tr>
<tr><td width="500" valign="top"><font face="arial" size="2"><ul><li>Government and commercial algorithms (SkipJack, KEA, DES, 3DES, SHA-1, MD5, DSA,
D-H and others) in hardware</li><li>Multiple cryptographic processor design optimized for 
significant performance</li><li>Scaleable and flexible design - one or more cryptographic 
processors per board and multiple boards in a system</li><li>Data confidentiality, data integrity,
key management, digital signature and time-stamp services</li><li>FORTEZZA Cryptographic Interface
(CI) and PKCS #11 Application Programming Interface (API) support</li></ul></font></td>
<td width="500"><font face="arial" size="2"><ul><li>Secures Government and commercial information systems at the application
or network layers</li><li>Provides security without degrading performance or requiring costly upgrades</li>
<li>Supports concurrently a mix of server applications such as E-Commerce, web, database and others</li>
<li>Provides high-assurance security solutions</li>
<li>Security Manager manages sessions and tokens</li>
<li>Layered architecture is adaptable to other CAPIs</li>
<li>Virtual token support is adaptable to different formats</li>
<li>Ideal for Virtual Private Network (VPN) infrastructure components, and banking and finance
applications</li></ul></font></td></tr>
</table>
</center>
<center>
<table>
<tr bgcolor="navy">
<td align="center"><font color="white" face="arial" size="3">Characteristic</font></td>
<td align="center"><font color="white" face="arial" size="3">PCI Version</font></td>
<td align="center"><font color="white" face="arial" size="3">SBus Version</font></td>
</tr>
<tr>
<td><font face="arial" size="2">Form Factor</font></td><td align="center"><font face="arial" size="2">Single Slot Long Care</font></td>
<td align="center"><font face="arial" size="2">Single Width</font></td></tr>
<tr bgcolor="lavender">
<td><font face="arial" size="2">Voltage</font></td><td align="center"><font face="arial" size="2">[email protected] Amps</font></td><td align="center"><font face="arial" size="2">[email protected] Amps</font></td></tr>
<tr>
<td><font face="arial" size="2">Normal Operating Temperature</font></td><td align="center"><font face="arial" size="2">10 to 40 degrees C (50 to 104 Degrees F)</font></td>
<td align="center"><font face="arial" size="2">10 to 40 degrees C (50 to 104 Degrees F)</font></td></tr>
<tr bgcolor="lavender">
<td><font face="arial" size="2">Operating Systems</font></td><td align="center"><font face="arial" size="2">Sun Solaris x86 Version 2.6 and 7; Windows NT 4.0</font></td>
<td align="center"><font face="arial" size="2">Sun Sparc Solaris 2.6 and 2.7</font></td></tr>
<tr>
<td><font face="arial" size="2">Number of Cryptoprocessors (max.)</font></td><td align="center"><font face="arial" size="2">8</font></td><td align="center"><font face="arial" size="2">4</font></td></tr>
</table>
</center><br><br>
<a name="hardware">
<font color="red" size="5"><b>Hardware Description</b></font><br><br>
The board limits and controls access to the multiple cryptographic processors as the bus master.  
Multiple internal DMA channels transfer data across the host system bus and to the cryptographic 
processors.  Dual-ported RAM interface facilitates independent reads/writes between each cryptographic 
processor and the on-board control processor.  Each cryptoprocessor has dedicated hardware for 
computing the FORTEZZA SkipJack, DES, and 3DES (single and two key) encryption algorithms (several 
chaining modes), Key Exchange Algorithm (KEA), Digital Signature Algorithm (DSA), Secure Hash 
Algorithm (SHA-1), Message Digest (MD5) and other algorithms.  Each cryptographic processor is 
also equipped with:  a full 1024-bit (extendible to 2048 bits in firmware) exponentiator to 
facilitate key operations such as in RSA algorithms, a digital non-deterministic randomizer, 
and a key cache for high speed cryptographic context switching.<br><br>

On board flash memory retains trusted keys and certificates and the firmware code which is 
digitally signed and verified upon initialization.  An identifier unique to each board is 
programmed in a dedicated programmable memory chip (based on Dallas Semiconductor's I-Button 
technology) which serves as a 'signature' unique to an organization or a company.  A time-of-day 
clock on the board provides time/date stamping preventing replay attacks.  The cryptographic 
mechanisms comply with the FIPS PUB 140-1 level 2 standard.<br><br>

<a name="software">
<font color="red" size="5"><b>Software Description</b></font><br><br>
The Security Manager is the interface (via the CAPI) between the users (or server applications)
and security services such as strong authentication, certificate management, access control 
and directory access.<br><br>

The Security Manager stores and retrieves individual users' virtual tokens, containing the 
users' keys and certificates.  A user can own more than one token.  Each instantiation of the
virtual token on the board is unique and provides the user with a "physical" implementation 
of a cryptographic card.  The Security Manager manages an unlimited number of concurrent sessions 
or connections, constrained only by the computer hardware resources.  The Security Manager also 
performs security administration and auditing.<br><br>

<a name="manage">
<font color="red" size="5"><b>Key and Certificate Management</b></font><br><br>
Trusted keys and certificates are either loaded into or generated, and protected on the board.
This minimizes the possibility of compromise common to software based security solutions.  
User keys and certificates stored in virtual cryptographic tokens contain a minimum 10 key 
registers and 48 certificate slots.  Virtual tokens, when they are held in the host 
environment, are cryptographically protected with keys that are generated and resident only 
on the board, thereby providing the full benefit of a hardware based security solution.  
Large numbers of virtual tokens can be stored securely in the host environment.<br><br>

Interface to Government and commercial certificate authorities is provided and the CSP is 
public key infrastructure (PKI) enabled.<br><br>

<a name="acces">
<font color="red" size="5"><b>Authentication and Access Control</b></font><br><br>
User will access the keys and certificates in the virtual token via a Personal Identification
Number (PIN).  Role-based access controls define the level of access given to users:  
Site Security Officer (SSO)  or Administrator; or User requesting security services from the 
board.  Access to security-critical cryptographic functions are restricted to the SSO 
or Administrator.<br><br>
</font>
</body>
</html>