JD Cloud HSM

JD Cloud HSM is equipped with the hardware encryption machine verified by the State Encryption Administration. Through the virtualization technology, it helps users meet the regulatory and functional requirements of data security and protect the security and privacy of business data on the cloud.

Use Now

Benefits

Safe and Reliable Data Encryption and Decryption Platform
It is required to use the cipher machine that meets the requirements of the State Encryption Administration (GM/T 0029-2014) and the People's Bank of China (PBOC 1.0/2.0/3.0) and to meet the regulatory specifications and usage requirements of the national password regulator.
Separation between Device Management and Key Management Permissions
JD Cloud is responsible only for maintenance of physical devices, including availability of monitoring devices as well as the startup and stop of devices. The key is completely managed by the customer, and no one else has any way to get the customer's key.
The national regulatory compliance needs are met
JD Cloud HSM is equipped with the cipher machine that has passed testing and verification by the State Encryption Administration, allowing users to securely generate, store, and manage keys for meeting the regulatory compliance needs.
High Availability and Elastic Expansion
The cipher machine is deployed in a clustered way. It supports the functions of Load Balancer and can effectively cope with sudden events such as power outages of Data Centers and device failures. Meanwhile, users can flexibly adjust the configuration and specification according to their own business needs to meet the requirements of different encryption and decryption.

Features

Support domestic and international encryption algorithms

Symmetrical Encryption Algorithm

SM1、SM4、DES、3DES、AES

Asymmetrical Encryption Algorithm

SM2、RSA(1024~4096)

Digest Algorithm

SM3、SHA1、SHA256、SHA384

Customized encryption and decryption requirements of the financial industry in line with the standards and norms of the People's Bank of China

Support application of financial and industrial IC cards (chip cards)

Support the relevant standards of the People's Bank of China (PBOC 1.0/2.0/3.0), support GP, TSM, EMV, etc.; support value-added business such as NFC.

Support application of traditional financial transactions (magnetic stripe cards)

Support PIN encryption, encryption conversion, verification and other operations; support CVV/CVN products and verification; support MAC calculation; support data signature and verification.

Support dynamic passwords

Support generation of seed keys and support their secure transfer; support dynamic password calculation.

Graded Permission Management Function

Based on the graded permission management function of intelligent Ukey, the user password and device security are improved.

Permission-Responsibility Separation

Device and Key Management

The cipher machine management is separated from the sensitive information management permission, so even the operation and maintenance personnel of JD Cloud cannot access the user's personal key.

Control over Authorization for Sensitive Instructions

Sensitive instructions support classified authorization control, effectively preventing emergence of unauthorized acts.

Support Various Verification Methods

Support user name password verification, digital certificate verification and other permission verification methods.

Availability Guarantee

High Availability

Clustering and functions of Load Balancer between cipher machines are achieved to effectively respond to sudden events, such as Data Center disconnection and device failure.

Key Backup and Recovery

Support the key backup and recovery functions based on the main key protection to ensure the security and reliability of the user application system.

Chip Array

Inside the cipher machine, the architecture design is achieved with a hardware chip array, and its use isn’t affected even if some hardware chips are damaged.

Exception Recovery System

The unique exception recovery system helps customers effectively cope with various sudden events.

Scenarios

Financial Payment Encryption

Applied to POS receipt, mobile payment, card payment, internet payment and other payment business scenarios, ensuring integrity and confidentiality of payment data in the process of transmission and storage process, payment identity verification, non-repudiation of payment process, which can fully meet the regulatory compliance requirements of financial industry.

Electronic Bill Encryption

Applied to various system applications such as electronic patient records, electronic invoices, electronic contracts, electronic policies and the like, ensuring the integrity and the confidentiality of various electronic bills in the process of production, transmission and storage; guaranteeing the authenticity of the application user identity of the electronic bills, which can guarantee the security of electronization, and promote the sustainable and healthy development of the electronic business.

Common Sensitive Data Encryption

Applied to various system applications, such as government affairs, enterprise, e-commerce, portal and Web sites which contain a large number of personal sensitive information. It can eliminate the risk of illegal access by unauthorized internal users, disclosure and tampering of plaintext data, so as to improve the robustness and customer value of the system.