Date: Tue, 23 May 2006 23:03:59 +0200 From: =?ISO-8859-1?Q?Eirik_=D8verby?= <ltning@anduin.net> To: freebsd-security@freebsd.org Subject: HSM devices and FreeBSD Message-ID: <626F25E3-D4B6-4EEB-9361-DC70D49CFAA4@anduin.net>
next in thread | raw e-mail | index | archive | help
Hello all, first, if this is disallowed by the rules for this list (I'm a bit uncertain..), then please forgive me. I am working for a company doing services for the credit card industry. Among other things, we specialize in authentication systems (3-D Secure) for internet-based trade, and are subject to very strict security requirements (obviously). The relevant systems are all running on FreeBSD, and so far we have had little or no problems passing all the requirements, save for one thing: HSM devices. When the system was originally set up about 4 years ago, an agreement was made with Thales e-Security, Inc. that they should deliver a FreeBSD version of their pkcs#11 libraries and OpenSSL engine implementation for their WebSentry devices. This was indeed done, but there has been no support or updates since, and the software vendor we are using have since started moving to other ways of interacting with their supported HSMs - meaning that we are slowly being left in the dust. I am therefore researching other possible vendors of HSM devices. They need to be external and network-attached (i.e. no kernel mode drivers necessary), and they need to fulfill certain requirements, first and foremost the FIPS 140-1 levels 2 and (for some applications) 3. In addition, the software APIs supplied should include a pkcs#11 library, an openssl engine implementation, and a Java implementation (possibly using JNI for the communications, ref. the pkcs#11 library). Does anyone know of any such products that have any sort of FreeBSD support at all? Please note that these are not simply crypto accelerators; they also store keys etc. securely. With best regards, Eirik Øverby Unicore AS Oslo, Norway
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?626F25E3-D4B6-4EEB-9361-DC70D49CFAA4>