Introduction

Kluis, Multi-Tenant HSM Solution for orginisations requiring high security cryptography for transactions while still managing the complexity, cost and elasticity. Kluis is a solution that enable businesses and institutions to own their HSM at the lowest cost ever in history of PKI industry. This allows users to fully manage & control HSM slots as per CCA regulations in India. Users can easily generate and use their own signing/encryption keys and also automates time-consuming administrative tasks, such as hardware and software provisioning, patching and maintaining backups.

Kluis, HSM Solution is a fully-managed service that automates time-consuming administrative tasks, such as hardware provisioning, software patching, high-availability, and backups. Kluis also enables you to scale quickly by adding and removing capacity on-demand, with no up-front costs.

Kluis, solution is hosted on FIPS 140-2 Level 3 compliant redundant hardware in HA (High Availability) & DR (Disaster Recovery) HSMs for hosting user keys. Thus your keys are replicated on at least 3 or more HSMs. Kluis comes with easy to use Web interfaces for navigation, integration and telematics and provides an ability to use & manage signing/encryption keys with web UI or Rest APIs, simplifying the integration to the HSM for fast paced development. Nonetheless, Kluis comes with free Signer.Digital application!

How it Works:

Kluis, Multi-Tenant HSM Solution, runs in most secured Data Centres, enabling you to easily integrate your own dedicated HSMs slot with applications running on your servers. Your applications connect to Kluis API using mutually authenticated SSL channels established by your client software.

  1. Kluis manages the Slot in hardware security module (HSM) appliance but does not have access to your keys.
  2. You control and manage your own keys.
  3. Application performance improves (by using Kluis API calls in multiple sessions/threads).
  4. Secure key storage in tamper-resistant redundant hardware viz. 2 mirrored HSM in DC & 1 HSM in DR in different zone.
  5. HSMs are behind the Kluis API application servers and not accessible over Internet, resulting in more secured hosting of keys.
  6. Kluis API application servers and HSM is managed and monitored for availability.

Kluis Features

Kluis is a Multi-Tenant Hardware Security Module (HSM) that allows you to easily add secure key storage and high-performance crypto operations, accessible through API, to your applications. Kluis has no upfront costs and provides the pay per use model, allowing you to provision and use capacity when and where it is needed quickly and cost-effectively. Kluis is a managed service that automates time-consuming administrative tasks, such as hardware provisioning, software patching, high availability, and backups. It offers a high level of security for your cryptographic keys.

Tamper-resistant and FIPS 140-2 Level 3 compliant HSMs:

Kluis offers multi-tenant access to tamper-resistant HSMs that comply with the U.S. Government’s FIPS 140-2 Level 3 standard for cryptographic modules.
Isolated Slots:

Kluis solution is designed according to CCA guidelines ensuring a fully isolated HSM slot for each client. User gets unique slot serial numbers to maintain & map.
User Ownership Control:

Kluis allows user with full administrative capabilities to control HSM slot/s. User own the slot in the HSM along with the password and the keys stored in the respective slot.
Scalable HSM capacity:

Kluis comes with all the benefits of owned HSM. It is offered on pay as you go model with no hardware cost and can be scaled up or down easily on requirement.
Load Balancing and High Availability:

Each HA Kluis Group has keys securely replicated on 2 HSMs talking to 2 application servers in Data Centre behind the load balancer and 1 HSM in behind the application server in Disaster Recovery location. This provides additional cryptographic capacity and improves the durability of the keys. By storing multiple copies of your keys across HSMs located in different Zones, your keys will be available and protected.
Industry-standard APIs:

Kluis provides an easy to use JSON based web service to allow you the ability to encrypt, decrypt and sign the given data across various data formats.
Managed Infrastructure:

Kluis provides an easy to use JSON based web service to allow you the ability to encrypt, decrypt and sign the given data across various data formats.

Getting Started with Kluis:

Register your Crypto Signer Client (CSC) account on Kluis CRM home page. Client is registered as Crypto Signer Client (CSC). The CSC Id and Password may be used to login to Web Application, Kluis CRM, where CSC gets to access to utilities like:

Provider would create and allocate required number of slots under your CSC account.