RUITING E2EE SOLUTION that meets endpoint-to-endpoint encryption mechanism specification is the best choice for financial industry
The following rules are provided for the online banking identity confirmation with fixed passwords on the internet prescribed in the 【Financial Institutions for the Security Management of Electronic Banking Business】set by the National Association of the Republic of China Banking Commercial Association：
Providing end-to-end encryption mechanism.
It means that as soon as a client (such as a browser) inputs data, it is encrypted and transmitted to a financial institution’s trusted network segment (such as a separate network segment separated by two firewalls) and is decrypted and verified in a FIPS 140-2 Level 3 or above compliant hardware security module (such as HSM).
In response to this demand, we have specially developed the “RUITING E2EE SERVER” to assist financial institutions to comply with relevant regulations.
- One-piece 2U rack server with built-in German Utimaco CryptoServer PCIe HSM, complied with FIPS 140-2 Level 3 certification
- The HSM contains a special E2EE module developed with Utimaco CryptoScript architecture.The FIPS 140-2 certification for HSM equipment is not affected without additional firmware (If commercial HSM adds additional modules after obtaining FIPS 140-2 software and hardware certification,it should be resubmitted for requalification)
- The client side security component and script are responsible for encrypting the client’s password or password hash value with the public key
- Server-side RESTful Web Service API, call E2EE module in HSM for password verification
Implementing security won’t bring about the result of gaining in one thing and losing in another
“E2EE performed password verification in HSM is to achieve the highest security, but the HSM on the market usually needs to add a firmware module to add this function.However, adding new firmware after leaving factory will violate the original FIPS 140- of HSM. 2 Certification,unless it is resubmitted to the laboratory to obtain new certification,which is time-consuming and extremely expensive,otherwise it will violate E2EE related provisions in the security control operation benchmark that HSM must comply with FIPS 140-2 Level 3 or above.”
In addition to the traditional firmware modification, there is a smarter CryptoScript architecture.The new CryptoScript code is placed outside the FIPS boundary, but it is executed on the VM within the scope of FIPS certification, so it can be used both at the same time and meet the E2EE requirements without violating FIPS certification.
- Meets the E2EE requirements for the safety design of the trading surface in the Banking Association’s security control benchmark
- Built-in FIPS 140-2 Level 3-compliant Utimaco HSM Made in Germany
- The E2EE module built into HSM does not violate HSM’s FIPS 140-2 safety certification
- It also applies to all types of services, including the hash value or encrypted value of the password in the existing database
COPYRIGHT © 2019 RUITING CO., LTD.