User Management |
|
|
- Local user management
- Remote user association management
|
User Authentication |
|
|
- Simple authentication
- RADIUS authentication
- Two factor authentication
- One time password authentication
- Public key infrastructure (PKI) based authentication
|
Simple Authentication |
|
|
- Microsoft Active Directory (MSAD)
- Lightweight Directory Access Protocol (LDAP)
- Relational databases (RDB)
|
Device Management |
|
|
- Smart card/token key generation
- Smart card/token key management
- Smart card/token pin change
- Smart card/token pin unblock
- OTP device initialization
- OTP device synchronization
|
One Time Password Device Support |
|
|
- OATH-compliant HMAC-based OTP (HOTP) hardware tokens
- OATH-compliant HMAC-based OTP (HOTP) software tokens
- OATH-compliant time-based OTP (TOTP) hardware tokens
- OATH-compliant time-based OTP (TOTP) software tokens
|
Delivery Profile Support |
|
|
- Simple Mail Transfer Protocol (SMTP) email
- IBM Lotus Domino messaging
- Short Message Service Center (SMSC) protocol
- HTTP POST and GET
|
Security |
|
|
- NIST FIPS 197 AES encryption and decryption (NIST certificate #1041)
- RSA public key cryptography (NIST certificate #496)
- SHA-1, SHA-256, SHA-384, SHA-512 hash generation (NIST certificate #991)
- Proven keyed-hash message authentication code generation (NIST certificate #583)
- Japan NTT/Mitsubishi Camellia encryption and decryption
- Chinese National SCB2(SM1), SSF33, SSF28 encryption and decryption
- Korean Data Encryption Standard (SEED) and ARIA block ciphers
- NIST FIPS 46-3 3DES and DES encryption and decryption
- RC2, RC4, RC5 and RC6 encryption and decryption
- CAST5 encryption and decryption
- Twofish and Blowfish encryption and decryption
- IDEA encryption and decryption
- Serpent and Skipjack encryption and decryption
- DSA public key cryptography
- MD5 and Chinese National SCH(SM3) hash generation
- Pluggable cipher architecture for future cipher upgrade or custom cipher support
- Hardware ASIC cryptographic acceleration (optional)
|
Accreditations and Certification |
|
|
- NIST FIPS 140-2 compliant Bloombase Cryptographic Module
- Ministry of Public Security validated security product
|
Client Connectivity |
|
|
- RADIUS
- RESTful Bloombase Identity Manager API
|
Application Programming Interface |
|
|
- RESTful Bloombase Identity Manager API to send and receive identity information
- HTTPS security and authentication
- Plain text simple input/output
- JSON (JavaScript Object Notation) light-weight structured input/output
- XML generic structured input/output
|
Management |
|
|
- Web based management console
- Central administration and configuration
- User security
- Serial console
- SNMP v1, v2c, v3
- syslog, auto log rotation and auto archive
- Heartbeat and keep alive
|
Disaster Recovery |
|
|
- Configurations backup and restore
- FIPS-140 hardware security module recovery key or software recovery key vault for settings restoration
- Customer-defined recovery quorum (e.g. 2 of 5)
- FIPS-140 hardware security module operator key or operator pin for daily Bloombase KeyCastle operation
- High-availability option for active-active or active-standby operation
- Stateless active-standby failover
|
Platform Support |
|
|
|
Hardware Support |
|
|
- i386-base architecture
- AMD 32 and 64 architecture
- Intel Itanium-2 architecture
- IBM Power6 architecture
- PA-RISC architecture
- SPARC architecture
|
