AES-256 Based Data Protection for Mission-Critical Data Networks
The automated Keynet 2 system seamlessly connects to a customer's network, where it transparently performs all centralized key management functions required of a secret distributed key based encrypted data network. In addition, Keynet 2 performs device status monitoring (auditing), as well as securely collecting traffic statistics.
Prior versions of Keynet were based solely on Triple DES (TDES). This newest release delivers 256-bit AES message encryption as well as (optionally) supporting a TDES capability for networks in transition between older TDES and newer, AES-based Cipher X units. Dual vault Keynet systems incorporate two separate Security Vaults, one supporting the AES-256-based units and the other supporting the TDES-based units.
The Keynet 2 support system is comprised of a custom Windows XP-based application that runs on a host personal computer (PC), and is attached to one or more Security Vaults. Each Security Vault securely generates and retains all of the keying materials in an anti-tamper protected enclosure. It also encrypts and decrypts all of the SNMP messages that are either sent to or received from each Cipher X data encryption device on the data network.
All key management messages are secured using FIPS 171 (ANSI X9.17) banking security standard. All other sensitive messages are likewise encrypted between the Keynet 2 server and the fielded Cipher X 7x00 devices using secure SNMP messaging.
Key Benefits
- Intuitive graphical user interface (GUI) that is very easy to learn and use.
- Form secure user groups by dragging and dropping Cipher X 7100 and Cipher X 7200 icons.
- Communication over the network via a secure SNMP protocol.
- Status at a glance is displayed via color-coded icons on the key management map
- Low cost platform based on Windows XP application server
- Anti-tamper, hardware-based Security Vault protects keys from physical compromise
- Hot-standby mode provides restoral for mission-critical networks
Application
Management of Cipher X secure communication systems
Encryption
Advanced Encryption Standard Block Cipher / 256-bit keys
Triple DES (TDES) Block Cipher / 112-bit keys
AES and TDES dual configuration supports networks consisting of both Cipher X 7100 and Cipher X 7200 devices while transitioning from TDES to AES
Security Standards
FIPS 197 (AES-256)
FIPS 46-3 / ANSI X9.52 (TDES)
NIST SP 800-38A (AES & TDES)
FIPS 140-1 Level 3
FIPS 171 (Key Management)
ISO 8732
Components
Security Vault (one or both used)
AES Security Vault
TDES Security Vault
Desktop Personal Computer
Keynet Application
Windows XP (opt. Vista or Windows 7)
SmartModule-2K Key Fill Devices
256-bit SKEKs (Security Vault KEKs)
256-bit MKEKs Loaded into Cipher X 7x00
Primary Power Input
85-264VAC, 45-65Hz
Environmental
Operational Temperature
10°C to 35°C
Humidity
5% to 90% (Non-condensing)
Network Protocol Support
SNMP MIB II
Customer Support
90 day software warranty
1 year Security Vault warranty
Extended support and maintenance contracts available
Cipher X and KEYNET are trademarks of Technical Communications Corporation
All other products mentioned may be trademarks of their respective companies.
All specifications are subject to change without notice
Microsoft Windows NT and Microsoft SQL Server are trademarks and products of Microsoft Corporation.
