Secure storage of private cryptographic keys and certificates with eXept´s Security-Box

Security-Box
Administration of certificates and keys.The Security Box of eXept Software AG stores cryptographic certificates and secret keys and protects them from manipulation and theft. The master key of the Security Box is encrypted via a USB token, so that the keys that are saved in the Security Box cannot be utilized without the respective token. Data backups of the Security Box are also encrypted with this master key. The Security Box can be placed in a safe and its door shall be safeguarded via door contacts. The keys cannot be read from the Security Box without decoding; all operations which require a key - such as decoding and encoding, creation and validation of signatures - operate within the Security Box. Keys that have been created in the Security Box can be written to USB tokens or on chip cards if necessary.

High Availability For highly-available applications, two Security Boxes can be interlinked so that all data can be saved on both boxes at the same time. As long as both boxes are available, the work is evenly distributed. In the event of failure of one Security Box, the other shall take over all tasks. As soon as the failed Security Box becomes available again, it automatically adapts to the current data status from the active box and runs a synchronization process.

ApplicationsIn addition to the encoding and decoding of data, the Security Boxes are especially suitable for the safe storage of certificates which were created internally or by third parties. In addition, you can create and sign your own certificates with the help of the Security Boxes.

These certificates can then be transferred to staff members or customers. The RSA (up to 2048 bit), AES, DES, Triple-DES, GOST, Rijndael, Skipjack, Blowfish and Twofish as well as SHA1, SHA-256, MD5, HMAC, RC4, RIPEMD160 and Square-Mod-N algorithms are supported. The protocols X.509 as well as PKCS#1 and PKCS#7 have been implemented. Due to the applied modular design, additional algorithms can be implemented easily (and even uploaded into the running operation). Different chip card terminals and chip cards can be integrated via an expanded chip card interface. The software of the Security Box runs on Linux and Solaris operating systems, but is upon request also available for other systems. Interfaces for Smalltalk, C/C++ and Java are available for the connection to the Security Box. Others can be provided upon request.

Field ProvenSince the year 2000, our Security Box is in constant use at many sites in Germany. As such, it is a central and essential part of the security infrastructure of one of the worlds largest telecom companies. The redundant, failsafe twin-configuration setup delivers uninterrupted (24 / 7) cryptographic services.

Call usA security solution for an enterprise is nothing you should buy ready-made off the peg. Very careful planing and implementation are essential. Please contact us and talk to one of our security experts.