HSM devices and FreeBSD
Hello all,
first, if this is disallowed by the rules for this list (I'm a bit =20
uncertain..), then please forgive me.
I am working for a company doing services for the credit card =20
industry. Among other things, we specialize in authentication systems =20=
(3-D Secure) for internet-based trade, and are subject to very strict =20=
security requirements (obviously).
The relevant systems are all running on FreeBSD, and so far we have =20
had little or no problems passing all the requirements, save for one =20
thing: HSM devices.
When the system was originally set up about 4 years ago, an agreement =20=
was made with Thales e-Security, Inc. that they should deliver a =20
FreeBSD version of their pkcs#11 libraries and OpenSSL engine =20
implementation for their WebSentry devices. This was indeed done, but =20=
there has been no support or updates since, and the software vendor =20
we are using have since started moving to other ways of interacting =20
with their supported HSMs - meaning that we are slowly being left in =20
the dust.
I am therefore researching other possible vendors of HSM devices. =20
They need to be external and network-attached (i.e. no kernel mode =20
drivers necessary), and they need to fulfill certain requirements, =20
first and foremost the FIPS 140-1 levels 2 and (for some =20
applications) 3. In addition, the software APIs supplied should =20
include a pkcs#11 library, an openssl engine implementation, and a =20
Java implementation (possibly using JNI for the communications, ref. =20
the pkcs#11 library).
Does anyone know of any such products that have any sort of FreeBSD =20
support at all? Please note that these are not simply crypto =20
accelerators; they also store keys etc. securely.
With best regards,
Eirik =D8verby
Unicore AS
Oslo, Norway=
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)