Technical Perspective - Chiave POS

FUNCTIONALITY AND SPECIFICATIONS

Below we present a technological description of Chiave POS. For a more detailed specification, please contact us for a review with one of our technicians.

Dual Control. All activities associated with sensitive data, such as export and import, are protected with dual control.

Authentication: Access control of both administrators and key custodians is protected by strong two-factor authentication.

Encryption: Key components can only be viewed and entered in clear text via secure PED:s, components are encrypted end-to end, from smart card to HSM within Chiave.

Transfer: Remote transfer of key component to and from Chiave can be handled through normal card readers and regular open networks, since the information is encrypted.

Encryption standards: Built-in FIPS 140-2 level 2 hardware cryptographic engine. Level 3 is optional.

Symmetric key algorithms: AES, double- and triple-key DESede.

Asymmetric key algorithms: RSA 2048 and larger; PKI support through PKCS#10 certification requests and PKCS#7 certification responses.

Key export formats: Component based onto individual key custodian smart cards, 2-9 components; PKCS#12; Sun Java JKS format. XML export, including CBS/No-padding, CBS/PKCS#5 padding and ECB/No-padding format.

Key import formats: Component based, 2-9 components; PKCS#12; Sun Java JKS format. XML export, including CBS/No-padding, CBS/PKCS#5 padding and ECB/No-padding format.

Key custodian smart cards: JCOP21 v2.4.1.