CryptoSwift For NetPay / SecureTranz
Features and Benefits

Feature Benefit
Fully integrated with NetPay SecureTranz Platform and NetPay CSP Functions as a optional extension to NetPay CSP. Transparent to all NetPay applications. NetPay applications automatically detect presence of CryptoSwift (CS) hardware and binds to it at runtime. Special firmware and software allows NetPay and CS to mutually authenticate each other at runtime. This ensures that only "certified" applications can access CS. Multi-threaded driver provides load distribution across multiple CS cards.
Patent-pending hardware accelerated cryptography system Off loads and performs the time-intensive cryptographic public-key operations. Frees up the server, improves response time 50%, and allows the server to process up to ten times more clients. Prevents losing customers due to server overloads.
Secure non-extractable key storage and management in hardware Private keys can be stored in a non-extractable encrypted format on the CryptoSwift board. When managed on-board, keys are not stored on disk and not resident or transferred to main CPU memory. Ensures that hackers can not make off with private keys, even if they break into the server.
Government-certified true hardware random number source for strong key generation Protects against key guessing attacks, which is common against software random generators.
Protocol independent Ensures that all public key cryptography operations are accelerated, even if running different protocols in separate applications. Multiple secure applications can be supported simultaneously, extending server investment.
Flexible modular design for scalable performance with multiple boards You can purchase capacity as needed, software reconfiguration is not required to support multiple boards.
Comprehensive public key functionality Supports all public key cryptography methods including RSA, Diffie-Hellman, DSA and general modular exponentiation operations.
Patent-pending dual 256-bit integer multipliers Calculates public key cryptographic math fast and efficiently to both improve server response time and increase capacity.
Field upgradeable flash memory Preserves your software investment.
PCI bus interface or Ethernet connection Ensures no loss in performance with a high-speed interface and can be used in many hardware environments.
Parallel processing architecture Allows any number of boards to run in parallel to host CPU(s) for maximum performance.
Fault tolerant design Multi-card configuration ensures mission critical and other servers requiring high availability will keep running in the unlikely event of a hardware failure.
Patent paid, expert RSA, Diffie-Hellman and DSA implementation Ensures that future protocols will also be supported with the inclusion of all standard algorithms.
Standard security protocol compliant Supports standard Internet security protocols including SSL, SET, and SSH.
Run time plug-in for commercial servers Seamless installation with Netscape 2.0, 3.0 and 3.5, Microsoft, Stronghold, Apache and other popular server applications.
Operates under multiple platforms Economically enhances server performance for BSDi 3.0; FreeBSD 2.1.5; LINUX 2.0; MacOS 7.5, 7.6; SUN/Solaris 2.5.1; WinNT 4.0, 3.5.1, 3.5; and other UNIX systems.
Supported by the leading cryptographic developer toolkits and secure applications Consensus SSL Plus, Cryptoki (PKCS #11) Ver 1.1, 2.0; RSA BSAFE 3.0; Maithean NetPay; Intel CDSA; Netscape NSAPI; and Microsoft CryptoAPI 2.0.


1. Performance

The below table shows the time in milliseconds [ms] required for CryptoSwift to complete various common public key operations at various key sizes.

  512 640 768 896 1024 1280 1586 2048
RSA Private Key w/CRT                
Modular Exponentiation                
RSA Public Key                
DSS Sign                
DSS Verify                

2. Secure key management

Hardware secure private key management capability prevents hackers from securing private keys, even if they break into the server. CryptoSwift contains 200KB of user secure private key storage. CryptoSwift firmware is field upgradable and these capabilities may be extended in the future.

3. True hardware random number generator

Government-certified true hardware random number generation is a source for strong key generation. The result is protection against key attacks, which is common against software random generators.

4. All patent and other IP licenses included with no royalties

CryptoSwift hardware is fully patent paid for all applications. Code you write using our SDK does not require any runtime license, and there are no future royalties due. This applies to all of CryptoSwift's capabilities, including RSA, DSA and DH algorithms.

5. Toolkit and CAPI support

CyptoSwift is supported by the leading cryptographic developer toolkits and secure applications:

6. Comprehensive algorithm functionality

CryptoSwift contains high performance, expert implementations of:

You can also access its modular exponentiation directly.

7. Code written today will work with next generation hardware

Because CryptoSwift is "backward compatible", future CryptoSwift versions will work with today's software, making additional performance enhancements truly plug and play. You will not need to re-write software code for compatibility with the next generation of CryptoSwift hardware.

8. Broad, cross-platform hardware/OS and algorithm support

CryptoSwift operates under multiple platforms and economically enhances server performance with device drivers and cryptographic library support for:

9. Fault tolerant design

When multiple CryptoSwift boards are used in your server, the secure transactions are fault tolerant. This multi-card configuration ensures that mission critical and other servers requiring high availability will keep running in the unlikely event of a hardware failure by one of the CryptoSwift boards.