The BlackVault platform provides maximum protection for cryptographic keys. It’s FIPS 140-2 Level 3 tamper reactive, silicon based, cryptographic boundary ensures keys and other cryptographic material cannot be compromised. An attempt to defeat the BlackVault’sphysical, environmental, and electronic protection mechanisms causes keys to be deleted (zeroized).
The BlackVault platform also has a unique single trust path authentication mechanism. Two factor authentication is determined directly at the BlackVault by inserting a smart card into the smart card reader and entering your PIN on its touch screen display. This prevents compromised third party devices from gaining access to the BlackVault platform.
An “M of N” quorum can also be established for Crypto Officer, User, and Key Backup / Restore authentication. In this case, a minimum of “M” personnel (smart cards / PINs) must be present to authorize an action by the BlackVault. For example, a new code release cannot be digitally signed unless Engineering, QA and Product Management “sign-off” on the release.
The BlackVault platform includes both USB and Ethernet ports for on-line as well as off-line (air-gapped) applications. The USB port is also used for off-line file transfer and key backup. Backups are encrypted and the backup encryption key can be distributed across multiple smart cards. The Ethernet port is a secure TLS connection.
Compact and portable, with a battery life measured in decades, the BlackVault is easily transported and stored in a safe or other secure location.
With a menu driven touch screen display, and built-in applications, the BlackVault achieves a new level of simplicity and ease-of-use for what has traditionally been very complex functions.
Behind the scenes, the BlackVault platform supports the most advanced cryptographic algorithms and popular cryptographic APIs.