1.Introduction

Fisherman Crypto Machine for Electric Power System (also known as "Electric Power Distribution Cryptographic Authentication Device") is a product developed by Shandong Fisherman Information Technology Co., Ltd. (hereinafter referred to as "Fisherman") for electric power system cryptographic application, it is a high-speed server cryptographic device independently developed by Fisherman and certified by the State Cryptography Administration. The product model is SJJ1115-A/B.

This product fully supports national cipher algorithms like SM1, SM6, SM2, SM3, SM4 and international algorithms such as DES, 3DES, AES, RSA, SHA1, SHA256, SHA512, etc. It is known for its high speed, stability and easy to use in the national cryptographic field and it is widely used in political power distribution control fields.

2. Features

Key Generation: This product support SM2 key pair generation, RSA key pair generation, and symmetric key generation.

Key Storage: By default, our product stores 64 pairs of SM2 key pairs and 64 pairs of RSA key pairs, and it can be customized to store a maximum of 1024 pair of the symmetric key pair if customers needed.

Key Destruction: Our product supports destroying SM2 key pair, RSA key pair and traffic encryption keys. All the keys are unrecoverable after destruction.

Key Update: Our product support symmetric and asymmetric key updates.

Key Backup and Restore: Our Product supports backing up the internal key in ciphertext form to the external storage and protect the backup data by using threshold secret sharing function. The backed up secret key can be recovered to the same type of crypto card.

True Random Number Generation: Our product can generate true random numbers by using physical noise generator approved by the State Cryptography Administration to protect the secret key.

Asymmetric encryption and decryption: Our product support native SM2 elliptic curve cryptography algorithm encryption and decryption, the key length is 256 bits, and RSA encryption/decryption are also supported.

Symmetric encryption and decryption: Our product can support symmetric encryption by using native cipher algorithms like SM1, SM4, SM6, and international standard cipher algorithms like DES, 3DES, AES, AES192, AES256.

Integrity checking: Our product can check the integrity of data by using the native SM3 hash cipher algorithm and SHA1 algorithm.

Signature/Signature Verification: Our product can support using the asymmetric private key to sign the data and using the corresponding public key to verify the signature.

Identification: Our product can use the public key of the asymmetric algorithm to verify the user’s identity.

Support: Our product supports Microsoft PKCS#11 interface, JCE interface and other standard interfaces; it also supports customized interface development and national standard interface mentioned in “Cryptographic Device Application Interface Specification". Besides, it also supports multi-process, multi-threaded call.

Key management: Our product relies on the three-level key management system, including master key, key protection key, and application key. Keys are all stored in the crypto card in ciphertext form, which can make sure the keys are well protected.

Permission management: Our product adopts hierarchical authority management system, users are divided into operators and administrators. 3 or more, up to 5 administrators can be generated, and only more than half of the administrators logged in can satisfy the management permission requirement and perform various management operations. The identity of the administrator and operator can be authenticated by using two-factor authentication via USBKEY.

System monitoring: Our product supports real-time monitoring of device CPU/memory usage, current business concurrency, and current business operations.

Business continuity: Our product supports broken link repair, multi-machine parallel and load balancing.

Log auditing: Our product supports auditing the operation behavior of the server crypto machine

3.superiority

Our product follows the relevant policy requirements of the State Cryptography Administration.

Our product adopts hardware algorithm modules, and strictly follows the relevant specifications of the national server crypto machine. The key is generated by a true random number generator approved by the State Cryptography Administration and stored in the cryptographic file inside the server crypto machine to ensure the data security of the device itself.

Our product supports the full range of national cryptographic algorithms.

Our product supports the national SM2 elliptic curve cryptographic algorithm with a key length of 256 bits, supports the national SM1, SM4 and SM6 symmetric cryptographic algorithms, and SM3 hash algorithm.

Our product supports mainstream operating systems

Our product supports Windows, Linux, AIX, Solaris, FreeBSD and other mainstream operating systems.

Our product supports flexible and diverse development interface

Our product supports national standard interface, Microsoft CSP, PKCS#11, JCE and other international standard development interfaces. And interfaces could also be customized based on user requirements.

Management system is secure and easy to operate.

Support B/S mode management, management interface is user-friendly. The operator implements identity authentication through the USB key and establishes an SSL secure channel between the operation terminal and the crypto machine to ensure the confidentiality, authenticity and non-repudiation of the device management operation.

Highly reliable data link

The Server Crypto Machine continually attempts to repair the connection when an abnormality occurs in the network causing the device to be disconnected. When the network returns to normal, the service data will continue to be sent without being restarted.

High-security management mechanism

Adopts strict three-level key management system and privilege separation management mechanism to ensure key security and device access control security.

Provide complete upgrade service, which can be easily and reliably upgraded.