Encryption Key Management - Thales Luna Network HSM
Are you comfortable with encrypting sensitive data?
Accidents involving the leakage of information, such as personal information, credit card numbers continue to occur.
Even if confidential data is stored in encrypted form, it can be easily decrypted if the encryption key for is not securely managed.
Thales Luna Network HSM is a network-attached general-purpose HSM (hardware security module).
By strictly managing the encryption key in the hardware and physically separating the encrypted data and the encryption key, even if the encrypted data is stolen, the encryption key is not stolen and cannot be decrypted.
Data Encryption and Risk
If encryption key is not well managed, there will be following risks:
- Information leakage due to unauthorized access by privileged users
- Information leakage due to exploitation of encrypted data and encryption key by unauthorized external access
- Information leakage due to theft of backup data
- Information leakage from backup storage destroyed due to failure
- If encryption key is stored separately during backup, it cannot be decrypted if lost
- Information leakage due to disk removal (taking out)
- Information leakage from disk destroyed due to failure
Key Management by Thales Luna Network HSM
Key management using Network HSM can reduce the above risks.
Encryption keys managed within the HSM are not stored outside the HSM in any way.
The risk of information leakage can be reduced by physically separating the encrypted data from the encryption key and managing the encryption key in the HSM.
Features of Thales Luna Network HSM
- Key management with highly reliable hardware
- FIPS 140-2 (Level 2, Level 3) verified
- Encryption keys are not stored outside the HSM in any form
- In the event of a physical attack, the unauthorized use prevention function is activated and the encryption key is automatically deleted
- Network connection
- Easy-to-install network connection type
- Division of duties
- By dividing the authority, operations can be performed without concentrating the authority on one administrator
- MofN authentication (*authentication system that uses a different physically secure interface for each user and role) eliminates unauthorized operations
- Remote PED function allows management from remote location
- Application Interface
- PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL, REST
- Application Examples
- PKI key generation and storage (Certification authority)
- Certificate validation and signature
- Database encryption and key management
- Master key management
- More robust security in addition to standard functions (optional)
- Backup of encryption keys by BACKUP HSM
- Two-factor authentication with authentication PED terminal (PIN input device)/Ikey (physical key)
Example of Thales Luna Network HSM configuration
Strengths of NTT DATA INTELLILINK
- Technical capabilities as a specialized security unit
- Utilizing the technical expertise we have gained over the years, we not only provide products, but also offer optimal proposals ranging from construction support to operational support according to the customer environment.
- Experience as the first PCI DSS accredited audit organization in Japan
- We hold QSA/ASV/PA-QSA certification as the first domestic accredited auditing organization for PCI DSS (the international uniform security standard for effective protection of credit card information).
Our team of experienced professionals will help you comply with and maintain PCI DSS.
Thales Luna Network HSM is effective in addressing some of the requirements of PCI DSS, such as protection of confidential data, minimum necessary data access privileges, physical access control to confidential information, and monitoring of confidential information access.
- *Thales Luna Network HSM is a registered trademark of Thales, Inc.
- *All other company names, product names, service names, etc. mentioned herein are trademarks of their respective owners.