ViPNet HSM PS (Hardware Security Module)

The number of cashless payment services is growing rapidly, and the "money online" model is becoming one of the main trends of the 21st century for both B2C and B2B markets. But not only money goes online, but also attackers. The emergence and spread of new threats from cybercriminals requires continuous improvement of solutions for ensuring the information security of payment card systems.

To ensure the protection of payment card systems, hardware security modules - HSM (Hardware Security Module) are used, which create a secure and resistant to various hacking methods environment for cryptographic processing of cardholder data, as well as protection and management of cryptographic keys.

In Russia, the domestic HSM market is just beginning to form. It should be borne in mind that payment card systems are mass service systems that require fast cryptographic calculations, high-power cryptographic protection that can process millions of requests a day from an increasing number of users. Until today, the leaders of the HSM market were foreign companies: there were no domestic solutions on the Russian market that met such strict requirements for ensuring the information security of payment card systems.

The Russian analogue of foreign hardware cryptomodules was the ViPNet HSM PS product, developed by InfoTeCS.

Benefits of ViPNet HSM PS

With the proliferation of payment services and plastic cards, the ability to cope with increasing pressures is a critical aspect for financial institutions. ViPNet HSM PS, which is based on new security mechanisms built on the product token architecture, is a trusted cryptographic platform with high performance.

In addition to functional compliance with foreign HSMs, the ViPNet HSM PS hardware and software complex, based on the results of regression testing, which took place in one of the banks, showed higher performance relative to the maximum performance of the imported analogue: at the deployed stand, this indicator was increased by almost 1.3 times, and under the conditions of a synthetic test, the performance indicator was increased by 4 times.

In addition, based on the results of load testing on signature operations (GOST R 34.10-2001 and GOST R 34.10-2012), performance was obtained up to 35 thousand operations per second.

ViPNet HSM PS ensures the security of financial transactions not only of the national payment system World"" in accordance with the requirements of Russian regulators, but also of payment systems Visa and. MasterCard

The Russian analogue of foreign hardware cryptomodules of InfoTeCS has become a reliable domestic solution for effective comprehensive protection of the processes of issuing bank cards and processing payment transactions with a performance of up to 6,000 transactions per second in PVV/CVV verification mode. ViPNet HSM PS is much cheaper than foreign counterparts, which will allow customers to significantly reduce bank equipment costs.

The ViPNet HSM PS hardware and software complex implements various cryptographic algorithms, including GOST, RSA and 3DES and can be successfully used to solve a large number of problems. ViPNet HSM PS is used to process payment transactions in accordance with foreign and domestic protocols and cryptographic algorithms, as well as to support the issue of payment cards intended for use in both national and international payment systems. In addition, the ViPNet HSM PS supports the necessary functionality according to EMVCo specifications.

Certification

The ViPNet HSM PS product was created on the basis of the ViPNet HSM cryptographic platform, which was developed by Infotex for cryptographic protection of applied electronic services. In 2016, InfoTeCS received an extract from the positive conclusion of the FSB of Russia on the compliance of the ViPNet HSM hardware and software complex with the requirements for CIPF to protect information that does not contain information constituting a state secret in class CV.

The ViPNet HSM solution was continued, and, as a result, InfoTeCS created a service for banking electronic payment card systems ViPNet HSM PS, which provides comprehensive protection of the processes of issuing bank cards and processing payment transactions using Russian and foreign crypto algorithms and can be effectively used by customers under the import substitution program. Currently, ViPNet HSM PS is undergoing the final stage of certification in the FSB of Russia.

ViPNet HSM PS has passed several testing cycles in Russian banks, including Bank of Russia and Sberbank.

2023: Obtaining certificates of the FSB of Russia

On July 6, 2023, the InfoT eCS company announced the receipt of certificates from the FSB of Russia for the ViPNet Hardware Security Module (ViPNet HSM) hardware and software complex.

Certificates No. SF/124-4538 dated 21.06.2023, No. SF/124-4539 dated 21.06.2023 confirm the compliance of PAC ViPNet HSM (versions 7 and 8, respectively) with the requirements for the means of cryptographic protection of information of the KV class, the requirements for electronic signatures approved by the Order of the FSB of Russia dated 27.12.2011 No. 796 established for class KV2.

ViPNet HSM is a universal cryptographic module providing a PKCS# 11 interface for embedding. ViPNet HSM can also be used as a platform for developing cryptographic services.

A feature of the 8 version of the ViPNet HSM PAC is the use of a certified physical random number generator (RNG) by Grandmaster. The RNG is based on the nondeterminability of the physical processes of restoring the state of the noisy diode, which eliminates the disadvantages inherent in program random number generators.

The obtained certificate of the FSB of Russia for PAC ViPNet HSM with a hardware certified State Emergency Committee in its composition is the result of our many years of cooperation with the Grandmaster company. Its use in the cryptographic module allows you to solve the issue of obtaining the correct initialization sequence for the operation of CIPF and high-class security EP tools without using DDDR disks. We plan to expand the line of ViPNet products equipped with GSC "Grandmaster," which, in turn, will make it easier for our customers to operate solutions, InfoTeCS said Dmitry Gusev, Deputy General Director of InfoTeCS.

Indeed, the State Security Service "Grandmaster" complies with the regulator's requirements for cryptographic information protection, including requirements for analyzing software and hardware for random number generators. I note that the possibility of using the State Security Service "Grandmaster" instead of foreign analogues meets the current import substitution policy. InfoTeCS specialists suggested some points that taught the State Emergency Committee, figuratively speaking, to fly, - said Pyotr Ershevich, General Director of the Grandmaster company.