Statistics showed majority of corporations suffered from confidential data theft, business partner phishing, data tampering by insiders or outsiders, and application hacking, do not aware until major losses are seen. If confidential letters are used to sealed and chopped while invaluable gemstones are used to be deposited in safeboxes, sensitive electronic enterprise data should be protected and insured. Bloombase believes the problem should best be solved by cryptographic technologies.

Bloombase product family is hardware-accelerated cryptographic network appliances to secure transient and persistence information enterprise-wide. Bloombase family is composed of Bloombase SOA, Bloombase Message and Bloombase StoreSafe.

• Bloombase SOA is created to secure enterprise application integration data from prying eyes and unauthorized alteration.
• Bloombase Message is a transparent email encryption entwork server to work with enterprise messaging gateways to deliver encrypted and signed emails. Thus, Internet hackers or system operators in recipient corporations have no way to snoop the confidential contents inside.
• Bloombase StoreSafe is a high performance cryptographic network appliance to encrypt/decrypt data on the fly as data are stored or retrieved from networked disks. It aims to protect databases, application servers, user files and archives from theft.

Most enterprises have invested in hardware and software systems which are mission-critical and operate in full capacity. Cryptographic operations like digital signature generation and encryption are computational and resource intensive tasks that normally are not welcomed by business systems like ERP, sales management and BI. This is the reason why majority of enterprises seek for hardware accelerators to offload SSL processes from their web servers.

Same applies to EAI, XML, email and file data which are integral part of business document exchange, messaging and storage systems. Bloombase's security strategy has common goal in

• Independency
• Scalability
• Performance

Only self-contained hardware appliances that are purpose-built to fit in dedicated applications and environments can fulfill the above requirements. Network and communication protocols are relatively stable standards across the industry for years if not decades and designed to support all vendors and platforms. Bloombase software appliances are purposely designed on the network layer supporting any computing environments of enterprises through high level modular interfaces.

Bloombase software appliances can easily scale up by configuring multiple boxes in a cluster. Loadbalancing and high-availability can be achieved on the network layer. Customers can have a better control of their investment and buy-as-they-go.

Security relies heavily on computational intensive mathematical operations that degrade overall system performance and throughput. By utilizing dedicated hardware acceleration, processing latency can be greatly reduced with enhanced throughput. It also gaurantees transparent operations and seamless deployment to existing enterprise infrastructure.

Bloombase Security Platform is built upon hardened Bloombase OS and Bloombase Security Framework which have been well tested for carrier grade operations serving enterprises, agencies and organizations. Bloombase is compliant to international information security standards. Cryptographic algorithms are proven and well-accepted as golden standards.

Bloombase excels amongst peer solutions by utilizing hardware appliance and ASIC-acceleration approach to reclaim performance loss due to cryptographic processing latency. Bloombase family solves various major transient and persistence data security problems for dedicated applications and systems.

Bloombase is highly scalable. It can easily be scaled up through multiplexing and clustering. Bloombase platform has a very small foot-print that it can run within embeded systems and offer low-cost solutions for departmental and home use.

Application specific integrated circuit (ASIC) is dedicated electronic hardware purpose-built for specific applications. ASIC differs from central processing unit-based hardware in a sense that it adapts easily to parellel and streamlined processing which are the core design principles of most cryptographic ciphers. Therefore, cryptographic operations run on ASIC normally supercedes general purpose microprocessors by 10-100 folds, greatly reducing the time it takes to complete an encryption/decryption task, thus increasing throughput. SCSI and dedicated graphics boards are good analogy of ASIC in security appliances versus computer world. Bloombase Security Platform is the only solution basket having all its family members supporting ASIC-powered cryptographic hardware acceleration.

Cryptographic algorithms and ciphers get updated every couple of years to cope with advances in computational hardware and infrastructure. Bloombase understands customers have growing need to the scope of data protection in their enterprises as well as compliance to the latest security standards. Bloombase customers can obtain latest upgrade and patches from Bloombase SupPortal and have their Bloombase hardware firmware upgraded. Firmware upgrade can be done easily through Bloombase secured web-based management console.

Selected models of Bloombase software appliances are fault-tolerant by design. Other Bloombase software appliances can be configured to run in high-availability mode such that when the active appliance fails, backup takes over and act as active node.

Bloombase system settings and security configurations can be archived and sent offsite for backup retention. Bloombase backup archives are secured by recovery key(s)/token(s) which are generated during installation phase. Bloombase administrators should devise and carry out backup procedures whenever there are configurations updates made to the Bloombase servers. In worst case scenario where a disaster recovery is to be carried out, the recovery key(s)/token(s) are required to be restored back to a brand new operational Bloombase software appliance prior to successful restoration of the configurations backup archive. A normal disaster recovery process takes within minutes to a quarter hour's time.

Bloombase Core Cryptographic processor currently supports the following industry-standard encryption ciphers

• AES 128, 192 and 256-bit cipher
• Camellia 128, 192 and 256-bit cipher
• Chinese National SCB2(SM1), SSF33, SSF28 ciphers
• 3DES cipher
• DES cipher
• CAST5 cipher
• CAST6 cipher
• IDEA cipher
• RC2 block cipher
• RC5 block cipher
• RC6 block cipher
• RC4 stream cipher
• Blowfish cipher
• Twofish cipher
• Serpent cipher
• Skipjack cipher
• RSA cipher

Bloombase Recovery Key is either a set of software key vaults in form of files or physical keys in form of PKCS#11 compliant hardware secure module (HSM) tokens or cards. Bloombase Recovery Key is a quorum of multiple key(s) whereas the recovery key holder quorum and body sizes are up to customer's choice. Recovery key(s) are the required elements for successful restoration of Bloombase configurations archives. Failing to present the minimum quorum of recovery key(s)/token(s)/card(s) fails to restore its corresponding Bloombase configurations archives. Therefore, once recovery key(s) are generated in the installation phase, they should be assigned to data owner(s) and kept in a safe location. Recovery key(s) should never be exposed and duplicated and should only be presented during disaster recovery or Bloombase cloning.

The quorum recovery key(s) refer to the minimum set of dissimilar recovery key(s) prior to the condition of a successful restoration of configurations archive is satisfied. A body size of 2 and quorum of 1 means there are a total of 2 physical recovery keys to be generated and held by 2 persons whereas any one of the body already satisfies a valid quorum for recovery to be carried out. A body size of 3 and quorum of 2 means there are a total of 3 physical recovery keys to be held by a maximum of 3 persons (A, B, C), during recovery process, either A-and-B, B-and-C or C-and-A is satisfied as a valid quorum for recovery.

Please note that recovery key(s) are generated ONLY ONCE during installation phase, no more such key(s) can be further generated.

Operations of Bloombase security appliances are secured by Bloombase Operator Key(s). Bloombase Operator Key can be in form of pin, software key vault, PKCS#11 compliant hardware security module (HSM) token or card.

Bloombase servers/appliances require at least one operator key to be present for successful initialization. There is no maximum limit on the number of operator keys. Authenticated administrative users accessing Bloombase in its normal production mode of operation can issue new operator key(s) or revoke existing operator key(s) via the web-based management console.

Power-up of Bloombase servers/appliances only starts the management modules for local and remote administration. Actual cryptographic processes are started only when a valid operator key is presented remotely via the web-based management console or locally/physically at the hardware appliance.

Bloombase hardware appliances contain high performance cryptographic processors that are generally considered strategic commodities. Such goods are under strict import and export controls in many nations. In any case an appliance is considered lost, you should report to your local police immediately follow-by a formal notice to us with official's document(s) of proof.

Bloombase software appliances require presentation of valid operator key(s) prior to normal cryptographic operations. That is, without getting hold of any of your operator keys, criminals obtaining your Bloombase software appliances have no way of making it to function, not mentioning decryption of your Bloombase-protected data. Technically speaking, your Bloombase-secured data are still safe.

Yes. Bloombase security servers are PKCS#11 ready and support all PKCS#11-compliant hardware security modules (HSM) out-of-the-box. For compliance concern, customers may consider the use of PKCS#11 compliant HSMs for key generation, storage and security.