SmartCard-HSM 4K USB Token

SmartCard-HSM 4K USB Token

$64.00

  • Supports multiple applications: Secure Web Login, E-Mail encryption, File Signing and Encryption, Workstation MFA Login, VPN Access, Disk Encryption, eSign Documents, and Bitcoin Wallet
  • Works with Windows, Linux and Mac
  • Up to 4096 bit RSA, 521 bit ECC and 256 bit AES
  • Open Source middleware and tools
  • Supports key storage for X.509 certificates and private keys

Description

The SmartCard-HSM USB Token is a light-weight hardware security module for secure key generation, storage and use. It has been designed for PKI and cryptographic systems with low to moderate load. The unique build in support for card verifiable certificates as defined in BSI TR-03110 (Extended Access Control) makes a SmartCard-HSM the perfect choice for storing key material in a distributed Public Key Infrastructure. A trusted channel and public key attestation allow remote key generation and certificate issuance. Advanced key management functions provide for key backup and device clustering in key domains.

For more information about SmartCard-HSM you can visit CardContact Systems GmbH.

Features

  • Works with Windows, Linux and Mac
  • Build-in PKI for remote management
  • Key backup, restore and migration
  • Up to 4096 bit RSA, 521 bit ECC and 256 bit AES
  • Public Key Authentication
  • DKEK and XKEK Key Domains
  • Support for embedded systems (IoT)
  • Secure Messaging with asymmetric authentication
  • Common Criteria certified cryptography
  • Open Source middleware and tools
  • n-of-m Threshold Authentication
  • ECC Main / Sub Key Derivation
USB Token SIM / Card Micro SD
Form factor Standard-A
USB
ID-1 Contact
ID-1 Dual-IF
Mini-SIM
Micro-SIM
MicroSD
Software Version 4.x 4.x 3.x
RSA / ECC (max Bit) 4096 / 521 4096 / 521 2048 / 521
Memory 179KB 179KB 60KB/8GB
RSA key (byte) 4000 4000 2000
ECC key (byte) 2500 2500 2500
AES key (byte) 250 250 250
Interface CCID
ISO7816
ISO7816
ISO14443(*)
File
Exchange
ASSD
Build-in PKI check check check
Secure Channel check check check
Key Backup / Restore check check check
PIN Management check check check
Public Key Authentication check check check
n-of-m Threshold Scheme check check check
Transport-PIN Mode check check check
Key Restriction check check check
Key Use Counter check check check
Key Import check check check
End-to-end encryption check check check
SDK Access check check check
Key Domains check check check
ECC Key Derivation check check check
AES for Key Management check check check

Specifications

SmartCard-HSM

Order No 510040001 SmartCard-HSM USB-Token (4.1-P6)
510040101 SmartCard-HSM Mini-SIM (4.1-P6)
510040201 SmartCard-HSM Dual-IF (4.1-P6)
510040401 SmartCard-HSM Micro-SIM (4.1-P6)
Authentication User-PIN / Transport-PIN
Public Key Authentication with CV-Certificates
Chip Authentication V2.0 based on BSI TR-03110 with Secure Messaging (AES, TDES)
Peer authentication in key domains
Key Types RSA 1024, 1536, 2048, 3072 and 4096 bit
ECC 192, 224, 256, 320, 384, 512 and 521 bit on GF(p)
AES 128, 192 and 256 bit
Algorithms Generate key (RSA, ECC, AES)
RSA Sign (Raw, PKCS#1 V1.5, PSS, +SHA-1/256/384/512)
ECDSA Sign (Raw, SHA-1, SHA-256, SHA-384 and SHA-512)
Key Agreement (RSA OAEP, ECDH Raw and ECDH Authenticated)
AES Key Derivation with Export (CBC, CMAC, NIST SP 800-56C)
Wrap / Unwrap Key under AES-256 Key Encryption Key
Random Number 179Kb Flash
12Kb RAM
RSA 4096 key typically 4000 byte
ECC 521 key typically 2500 byte
AES 256 key typically 250 byte
All key sizes plus memory space for meta-data (e.g. certificates)
Performance RSA 1024: 40 ms
RSA 1536: 60 ms
RSA 2048: 120 ms
RSA 3074: 290 ms
RSA 4096: 1150 ms
RSAGEN 2048: 10 sec
RSAGEN 4096: 25 sec
ECDSA/ 256: 50 ms
ECDH 256: 50ms
ECDSA 512: 90 ms
ECDH 512: 90 ms
ECGEN 256: 1 sec
ECGEN 512: 2 sec
AES ECB 16 Bytes: 13ms
AES-CBC 1216 Bytes: 250ms
RNG 8 Bytes: 13ms
RNG 256 Bytes: 55ms
Data Retention Endurance 25 years
500000 cycles minimum
Platform Certification Common Criteria EAL 6+ (NSCIB-CC-0313985-CR)
No composite applet certification performed