Cryptographic Key Management



Ultra’s KeyperPLUS Hardware Security Module (HSM) is the only device to be certified to FIPS 140-2 Level 4, ensuring the highest standards of security and protection available on the market. KeyperPLUS secures the most sensitive data and information systems


Where cryptographic security is critical, such as for businesses in PKI, VPN and internet security, only a physically separate Hardware Security Module (HSM) offers a level of security that provides reassurance that the integrity of essential data is maintained, making it a critical element in any security system.

Robust and reliable HSM technologies offer the ultimate layer of protection for sensitive information, going far beyond the layers of security offered by mediums including software, smart cards and USB tokens. The security of the underlying signing and encryption keys ensures the protection of those elements critical to the security of the system.

KeyperPLUS HSM is the only module to be certified to FIPS 140-2 Level 4, ensuring the highest standards of security and protection available on the market. KeyperPLUS secures the most sensitive data and information systems, employing the next generation flexible crypto platform that provides the highest level of assurance over the integrity of the information it holds.

KeyperPLUS has been specifically designed to limit all potential points of access with a tamper-resistant design, ensuring only those with intended permission are able to access the sensitive data it protects. Through vigorous and careful management of any areas of physical or digital infiltration, KeyperPLUS delivers a robust solution that meets the most stringent of security standards.

Based on this core technology, Ultra has built a product range to cater to the PKI, VPN and Internet security markets. The KeyperPLUS HSM is ideally suited to businesses deploying a cryptographic system where the protection of cryptographic keys is a priority, for example, in organisations requiring certificate signing, code or document signing, bulk generation or ciphering of keys or data.

FIPS 140-2 Security Levels Explained

KeyperPlus HSM provides the ultimate level of protection for the most sensitive data and information systems. At the heart of KeyperPlus is Ultra's revolutionary ACCE technology; the flexible crypto platform providing the highest level of assurance – FIPS 140-2, Level 4.

Source: NIST
Contact us

Back to Military Communication Systems

Cryptographic Key Management capabilities & products

KeyperPLUS Image

Where cryptographic services are used to protect an information system, trust and integrity are derived from the security of the underlying signing and encryption keys. This makes protection of these keys critical to the overall trust and integrity of a system.

Key Features:

  • Assurance - The only stand-alone HSM with NIST FIPS 140-2 Level 4 certification
  • Capability - Provides for secure key generation and storage, encryption/decryption, digital signature generation/verification using a broad range of algorithms, including AES, RSA, DSA, ECC (various curves)
  • Flexibility - Software Development Kit supplied for bespoke security application development and technical support
  • Pedigree - Over 20 years history of trusted use worldwide by blue chip companies and market leaders in a range of sectors, including online retail, digital entertainment distribution, banking and internet infrastructure administration
  • Scalability - Load sharing across up to 16 devices.
  • Reliability - Resilience and disaster recovery configurations
  • Reactive anti-tamper mechanisms (even when unpowered) 
  • Hardware cryptographic acceleration 
  • Chip and PIN smartcard multi-operator authentication
  • Local and remote management facilities via included software
  • Customisable cryptographic mechanism configuration
  • Large internal key storage capacity
  • Compatible with Windows and Linux operating systems
  • Ability to remote backup cryptographic keys using  Keyper Management Centre

Contact us

Load Balancer
Load Balancer Image

The Keyper Load Balancer shares the creation and distribution of keys between HSM units, analysing workload and issuing tasks to where they can most efficiently be completed. This results in quicker and more effective key generation and distribution than ever before.

Should a disaster strike, Load Balancer gives you one less thing to worry about. If one location were to be disrupted, Load Balancer automatically redistributes the workload with no interruption to service or disturbance to users.

The Keyper Load Balancer is a highly flexible piece of software that sits between the Keyper Hardware Security Module (HSM) and its Providers (PKCS#11, Microsoft CAPI/CNG Providers). It allows:

Scalability - Aggregated performance of multiple HSMs acting in parallel 
Resilience - Active - active high availability HSM configurations
Automatic Key Backup - key replication over a secured channel
Geographic DR - Architectures supporting service continuity 

All of these services are transparent to the Application and the Provider, without either being ‘aware’ that any of these services are being performed. Up to 16 Keyper HSMs can be handled, appearing as one logical HSM to the application accessing those HSMs via an AEP Provider. 

Download Datasheet