CriptoNube: HSM as a Service

CriptoNubeCriptoNube is a middleware that brings you all the advantages of HSMs (Hardware Secure Modules) as a service and makes easy their integration through a complete REST API.

Benefits

The main advantages of using HSMs in the cloud are:

  • Secure environment in the cloud
    With CriptoNube you can have a safe place in the cloud where to perform operations with sensitive data. The provider is never allowed to access these data.
  • Efficient and easy key management
    With a HSM you can generate and store keys safely in order to perform operations with them whenever you want.
  • Acceleration of cryptographic operations
    The HSM has specific hardware that lets you perform very fast encryptions and decryptions..
  • Regulatory compliance
    The functionalities of the HSM and its security certification FIPS 140-2 help to the accomplishment of regulations and data protection laws.
  • Pay per use
    You can access the service and pay only for the use you make of the HSM. If  you don’t use it, you don’t pay.
  • No maintenance
    You don’t need to buy a HSM, you have it as an external secure component,  so you don’t need to worry about the hardware maintenance and software updates.
  • Support for encrypted cloud storage
    You have the possibility of using a cloud storage seamlessly to store and retrieve your encrypted data through the HSM.

Functionalities

The operations you can perform through the CriptoNube’s REST API are:

  • Key management and key storage
  • Generation of symmetric keys (AES, DES)
  • Generation of asymmetric keys, public and private (ECDSA, RSA)
  • Signing and verification (ECDSA, RSA)
  • Encryption and decryption (AES, DES, RSA)
  • Hash calculation (AES, DES, SHA, RIPEMD, MD5)
  • Key format conversions

Comparison

The following table shows a comparison of some features between  CriptoNube and other cloud HSM services:

SCAPE CriptoNube Other cloudHSM products
Instant provisioning of HSMs
Not required to configure and install HSM software
Seamless integration, at service level
High-level API (REST)
No reservation fee
Pay per use
Custom operations in the HSM (under demand)
Support of security estandar FIPS 140-2

Service architecture

CriptoNube’s architecture shows how to access the HSM service from a client using the API which allows to send encrypted data. Only the HSM can access these data in a secure way to process the information. Additionally it is possible to ask the HSM to store or retrieve encrypted data from a cloud storage service. A CryptoNode is an appliance that have a set of already configured HSMs. Criptonube’s middleware communicates with this appliance to provide the service in a transparent way.

Architecture_Criptonube

Another option is to make use of CriptoNube from applications already deployed in the cloud (SaaS). In this case the client can send the encrypted data to the application so that it can manage the interaction with the HSM through the API.
Architecture_Criptonube

Use cases
More information
Contact us

FacebookTwitterGoogle+LinkedIn