1. Introduction

Fisherman Server Crypto Machine provides asymmetric/symmetric data encryption and decryption, integrity check, true random number generation , key generation and management and other crypto related services. It could be used to ensure the confidentiality, authenticity, integrity and effectiveness of user data. The product can independently provide high-performance data encryption/decryption services for application systems, and it can also be used as the main cryptographic device and core component of systems in the systems like identity authentication systems and key management systems. It has a wide range of system application potentials.

The product supports SM1, SM2, SM3, SM4, SM6 national cypher algorithm and international algorithms such as DES, 3DES, AES, RSA1024, RSA2048, SHA1, SHA256, SHA512. Password product model: SJJ1115-A/B.

2. Features

Key Generation: This product support SM2 key pair generation, RSA key pair generation, and symmetric key generation.

Key Storage: By default, our product stores 64 pairs of SM2 key pairs and 64 pairs of RSA key pairs, and it can be customized to store a maximum of 1024 pair of the symmetric key pair if customers needed.

Key Destruction: Our product supports destroying SM2 key pair, RSA key pair and traffic encryption keys. All the keys are unrecoverable after destruction.

Key Update: Our product support symmetric and asymmetric key updates.

Key Backup and Restore: Our Product supports backing up the internal key in ciphertext form to the external storage and protect the backup data by using threshold secret sharing function. The backed up secret key can be recovered to the same type of crypto card.

True Random Number Generation: Our product can generate true random numbers by using physical noise generator approved by State Encryption Administration to protect the secret key.

Asymmetric encryption and decryption: Our product support native SM2 elliptic curve cryptography algorithm encryption and decryption

Symmetric encryption and decryption: Our product can support symmetric encryption by using native cipher like SM1, SM4, SM6, and international standard cipher like DES, 3DES, AES, AES192, AES256.

Integrity checking: Our product can check the integrity of data by using the native SM3 hash algorithm and SHA1 algorithm to check the data integrity.

Signature/Signature Verification: Our product can support using the asymmetric private key to sign the data and using the corresponding public key to verify the signature.

Identification: Our product can use the public key of the symmetric algorithm to verify the user ’s identity.

Support: Our product supports Microsoft PKCS#11 interface, JCE interface and other standard interfaces; it also supports customized interface development and national standard interface mentioned in “Cryptographic Device Application Interface Specification". Besides, it also supports multi-process, multi-threaded call.

Key management: Our product relies on the three-level key management system, including master key, key protection key, and application key. Keys are all stored in the crypto card in ciphertext form, which can make sure the keys are well protected.

Permission management: Our product adopts hierarchical authority management system, users are divided into operators and administrators. 3 or more, up to 5 administrators can be generated, and only more than half of the administrators logged in can satisfy the management permission requirement and perform various management operations. The identity of the administrator and operator can be authenticated by using two-factor authentication via USBKEY.

System monitoring: Our product supports real-time monitoring of device CPU/memory usage, current business concurrency, and current business operations.

Business continuity: Our product supports broken link repair, multi-machine parallel and load balancing.

Log auditing: Our product supports auditing the operation behavior of the server crypto machine

3.superiority

Our product follows the relevant policy requirements of the State Cryptography Administration.

Our product adopts hardware algorithm modules, and strictly follows the relevant specifications of the national server crypto machine. The key is generated by a true random number generator approved by the State Cryptography Administration and stored in the cryptographic file inside the server crypto machine to ensure the data security of the device itself.

Our product supports the full range of national cryptographic algorithms

Our product supports the national SM2 elliptic curve cryptographic algorithm with a key length of 256 bits, supports the national SM1, SM4 and SM6 symmetric cryptographic algorithms, and SM3 hash algorithm.

Our product supports mainstream operating systems

Our product supports Windows, Linux, AIX, Solaris, FreeBSD and other mainstream operating systems.

Our product supports flexible and diverse development interface

Our product supports national standard interface, Microsoft CSP, PKCS#11, JCE and other international standard development interfaces. And interfaces could also be customized based on user requirements.

Management system is secure and easy to operate.

Support B/S mode management, management interface is user-friendly. The operator implements identity authentication through the USB key and establishes an SSL secure channel between the operation terminal and the crypto machine to ensure the confidentiality, authenticity and non-repudiation of the device management operation.

Highly reliable data link

The Server Crypto Machine continually attempts to repair the connection when an abnormality occurs in the network causing the device to be disconnected. When the network returns to normal, the service data will continue to be sent without being restarted.

High-security management mechanism

Adopts strict three-level key management system and privilege separation management mechanism to ensure key security and device access control security.

Provide complete upgrade service, which can be easily and reliably upgraded.

4.Licenses