1.Introduction

Fisherman PCI-E Crypto Card Series are the first type of high-speed crypto devices that use PCI-E bus technology in China, they are developed by Shandong Fisherman Information Technology Co Independently. It follows the State Cryptography Administration’s convention of PCI crypto card, certified by State Encryption Administration, the product model number is SJK1120-A/B.

This product fully supports the national encryption algorithms like SM1/SM6, SM2, SM3, SM4 and the international standard algorithms like DES, 3DES, AES, AES192, AES256, RSA SHA1 and so on. It could protect the sensitive data’s confidentiality, authenticity, integrity, availability, and non-reputation. Now it has been widely used in different types of security devices such as signature and verification server system, IPSec/SSL VPN gateway, and different types of software system like electronic seal management system, secure document transmission system and so on.

2. Features

Key Generation: This product support SM2 key pair generation, RSA key pair generation, and symmetric key generation.

Key Storage: By default, our product stores 64 pairs of SM2 key pairs and 64 pairs of RSA key pairs, and it can be customized to store a maximum of 1024 pair of the symmetric key pair if customers needed.

Key Destruction: Our product supports destroying SM2 key pair, RSA key pair and traffic encryption keys. All the keys are unrecoverable after destruction.

Key Update: Our product support symmetric and asymmetric key updates.

Key Backup and Restore: Our Product supports backing up the internal key in ciphertext form to the external storage and protect the backup data by using threshold secret sharing function. The backed up secret key can be recovered to the same type of crypto card.

True Random Number Generation: Our product can generate true random numbers by using physical noise generator approved by the State Cryptography Administration to protect the secret key.

Asymmetric encryption and decryption: Our product support native SM2 elliptic curve cryptography algorithm encryption and decryption, the key length is 256 bits, and RSA encryption/decryption are also supported.

Symmetric encryption and decryption: Our product can support symmetric encryption by using native cipher algorithms like SM1, SM4, SM6, and international standard cipher algorithms like DES, 3DES, AES, AES192, AES256.

Integrity checking: Our product can check the integrity of data by using the native SM3 hash cipher algorithm and SHA1 algorithm.

Signature/Signature Verification: Our product can support using the asymmetric private key to sign the data and using the corresponding public key to verify the signature.

Identification: Our product can use the public key of the asymmetric algorithm to verify the user’s identity.

Support: Our product supports Microsoft PKCS#11 interface, JCE interface and other standard interfaces; it also supports customized interface development and national standard interface mentioned in “Cryptographic Device Application Interface Specification". Besides, it also supports multi-process, multi-threaded call.

Key management: Our product relies on the three-level key management system, including master key, key protection key, and application key. Keys are all stored in the crypto card in ciphertext form, which can make sure the keys are well protected.

Permission management: Our product adopts hierarchical authority management system, users are divided into operators and administrators. 3 or more, up to 5 administrators can be generated, and only more than half of the administrators logged in can satisfy the management permission requirement and perform various management operations. The identity of the administrator and operator can be authenticated by using two-factor authentication via USBKEY.

Document Management: Our product adopts an embedded file system with independent intellectual property rights. It supports the directories and files creation, deletion, enumeration, and reading/writing, and it also supports multi-level directory management and can set read and write permissions of files.

Certificate Management: Our product supports a dedicated digital certificate operation interface, it supports reading, writing, enumeration, and deletion of digital certificates, and can be used as a security carrier for digital certificates.

3.superiority

High security

Using the cryptographic algorithm chip approved by the State Cryptography Administration　

Using real random number chips to generate random numbers, improved the quality of passwords and all types of keys.

Adopted a strict key protection security mechanism. Keys in the card cannot be exported in plaintext format.

The users’ identities can be verified by high-security USB keys.

USB keys could be used to back up the keys and sensitive information.

High Performance

Using a high-performance DSP chip as the master chip of crypto card, with a performance exceeding 5000 MIPS

The data transmission between the host and the crypto card uses efficient DMA processing to reduce the CPU usage of the host.

The cryptographic algorithms are implemented by dedicated ASIC algorithm chip or FPGA hardware.

High ease of use

Our product is suitable for PC, server and other hardware platforms. It supports PCI-E x1 ~ x16 slots.

Our products support the user/kernel interface, national standard interface and international standard interfaces such as PKCS#11, Microsoft CSP, JCE, etc., and can be customized according to user requirements.

The product uses an embedded file system with independent intellectual property rights to provide directories and files management services.

Our product supports multi-card parallel, multi-process, multi-threaded calls.