Below we present a technological description of Chiave POS. For a more detailed specification, please contact us for a review with one of our technicians.
Dual Control. All activities associated with sensitive data, such as export and import, are protected with dual control.
Authentication: Access control of both administrators and key custodians is protected by strong two-factor authentication.
Encryption: Key components can only be viewed and entered in clear text via secure PED:s, components are encrypted end-to end, from smart card to HSM within Chiave.
Transfer: Remote transfer of key component to and from Chiave can be handled through normal card readers and regular open networks, since the information is encrypted.
Encryption standards: Built-in FIPS 140-2 level 2 hardware cryptographic engine. Level 3 is optional.
Symmetric key algorithms: AES, double- and triple-key DESede.
Asymmetric key algorithms: RSA 2048 and larger; PKI support through PKCS#10 certification requests and PKCS#7 certification responses.
Key export formats: Component based onto individual key custodian smart cards, 2-9 components; PKCS#12; Sun Java JKS format. XML export, including CBS/No-padding, CBS/PKCS#5 padding and ECB/No-padding format.
Key import formats: Component based, 2-9 components; PKCS#12; Sun Java JKS format. XML export, including CBS/No-padding, CBS/PKCS#5 padding and ECB/No-padding format.
Key custodian smart cards: JCOP21 v2.4.1.