Datacryptor Link and Layer 2 Encryption

Datacryptor
 

Datacryptor Link and Layer 2 Encryption Platforms

High assurance, low latency solutions for securing point-to-point and multipoint links

FIPS 140-2     Common Criteria

Datacryptor Link and Layer 2 standalone network encryption platforms from Thales e-Security provide secure, efficient, and scalable data transport for a variety of point-to-point and multipoint applications. These tamper-resistant devices protect data confidentiality using the strongest commercially available and government encryption algorithms and sophisticated key lifecycle management and storage techniques—at near-line-speed performance. Use Datacryptor Link and Layer 2 devices to protect sensitive and high-value data for a range of connections, including:

These tamper-resistant units authenticate remote devices, exchange key material automatically, and encrypt and decrypt transmitted data. Trusted to protect sensitive networks around the world, Datacryptor Link and Layer 2 appliances are certified to meet FIPS and Common Criteria standards.

Benefits

  • Proven, certified, and trusted to protect the world’s most sensitive networks.
  • Designed to meet the highest security standards for voice, video, and data communications (FIPS, Common Criteria, CAPS, UCAPL).
  • Secures a wide range of new and legacy point-to-point and multipoint connections while delivering low latency and near-line-speed performance. 
  • Maximizes return on investment in existing network infrastructure. 
  • Reduces cost of ownership with remote management and configuration, minimal routine handling, and field upgradeability.
  • Protects your investment—buy only the capacity you need, and upgrade easily as your needs change.

Datacryptor Link and Layer 2 Encryption Products


Model Speed
1Mbps 10Mbps 100Mbps 1Gbps 10Gbps
Link Encryption
Datacryptor  Link Encryptor (19" Rack Mountable)
Datacryptor  Link Encryptor (Small Form Factor)
Datacryptor  E1/T1, E3/T3 (Small Form Factor)
Frame Relay
Datacryptor Frame Relay (19" Rack Mountable)
Datacryptor Frame Relay (Small Form Factor)
Layer 2 Encryption
Datacryptor Ethernet Layer 2
Datacryptor SONET/SDH

Datacryptor

Datacryptor Link and Layer 2 Encryption Products: Features

Security Features 

  • The strongest commercially available algorithms, government ciphers, or customized algorithms enable Datacryptor Link and Level 2 encryption products to meet the highest security standards.
  • Customizable algorithms and software provide the flexibility to address a diverse range of security requirements—from enterprise data protection to the most sensitive government networks.
  • Physical and logical separation of network administration and security responsibilities enforces policy and reduces opportunity for insider attacks.
  • Advanced key management capabilities provide the strongest levels of security for key generation and key storage.
  • Most products are certified to FIPS 140-2 Level 3 and Common Criteria EAL 4 and EAL 5 standards. Datacryptor Ethernet Layer 2 and Datacryptor SONET/SDH are certified to Common Criteria EAL 3.

Operational Features

  • A commercial, off-the-shelf (COTS) platform that can be customized as needed helps organizations to reduce cost and accelerate deployments.
  • Remote management capability—including re-key—reduces time, effort, and cost of managing and configuring devices.
  • A choice of speeds allows organizations to buy and deploy only the capacity needed today, and then upgrade easily as their needs change.
  • The ability to upgrade firmware, algorithms, and speed in the field helps organizations adapt more easily to evolving requirements. 
  • Hot standby capability makes Datacryptor Link and Layer 2 encryption products devices suitable for high availability environments.
  • Delivered as standard 19” rack mountable devices. Datacryptor Link and Datacryptor Frame Relay are also offered in small form factor versions to facilitate use in space-constrained environments.

Datacryptor Link and Layer 2 Encryption Products: Options & Accessories


QUICK LINKS

Datacryptor Link and Layer 2 Encryption Products

Link and Layer 2 Table
Model Speed
1Mbps 10Mbps 100Mbps 1Gbps 10Gbps
Link Encryption
Datacryptor  Link Encryptor (19" Rack Mountable)
Datacryptor  Link Encryptor (Small Form Factor)
Datacryptor  E1/T1, E3/T3 (Small Form Factor)
Frame Relay
Datacryptor Frame Relay (19" Rack Mountable)
Datacryptor Frame Relay (Small Form Factor)
Layer 2 Encryption
Datacryptor Ethernet Layer 2
Datacryptor SONET/SDH

Software and Installation Packs

Each Datacryptor Link and Layer 2 Encryption product is delivered with fully functional software that requires Certificate Manager software for commissioning. Only one Certificate Manager is required to commission all Datacryptor devices and therefore is sold separately. Additionally, management software and new release upgrade software can be ordered separately.

Optional Software Licenses

For Datacryptor Ethernet Layer 2 devices, an optional Multipoint and MPLS-aware software license is available. New Datacryptor Ethernet Layer 2 devices can be purchased with the Multipoint and MPLS-aware software installed.  Fielded units can be upgraded by ordering the software license separately. Lower speed Datacryptor SONET devices can be software upgraded to support higher data rates. These software upgrades are available through licenses and are designed to meet a variety of speed enhancements.

Shelf Kits

Both single and dual-shelf mount kits are available to suit a variety of rack-mount requirements.

Power Supplies and Metal Keys

Datacryptor AP and Datacryptor Ethernet Layer 2/SONET power supplies are designed for long life and continuous operation (some models available with dual-redundant power supplies). Replacement and backup power supplies can be ordered separately, meeting the same specifications as the power supplies shipped with the original units. Some Datacryptor AP models require physical keys for operation. Replacement keys are available based on the model purchased.

Wiring and Cables

A large selection of host and network cables including RS-232, RS-530, X.21, V.35, and E1 (RJ48C and BNC) are available to meet any of your networking and host management requirements. Plug-in Optical Laser Modules are available to meet short, medium, and long-range connectivity requirements.

Custom Services

Custom algorithms can be developed for Datacryptor AP products including algorithm upgrades and re-loads. Custom training and consulting are also available.

Datacryptor Link and Layer 2 Encryption Products: Specifications

Cryptography

  • Datacryptor AP
    • Triple DES
    • AES (128, 192, 256-bit key lengths)
    • Custom algorithms also available
    • CFBB, CBC, GCM
  • Datacryptor Ethernet Layer 2 and Datacryptor SONET
    • o AES 256
    • o Galois Counter Mode (GCM) frame authentication (multipoint mode)

Certifications (check latest software version for certification compliance)

  • Datacryptor AP Certifications
    • FIPS 140-2 Level 3
    • CAPS
      • Baseline Grade
      • Enhanced Grade (up to UK Secret)
    • Common Criteria EAL4
    • NATO 
  • Datacryptor Ethernet Layer 2 and Datacryptor SONET
    • FIPS 140-2 Level 3 (version 4.5)
    • Common Criteria EAL-3 (version 4.5)
    • U.S. Defense Information System Agency’s Unified Capabilities Approved Products List (UCAPL) (version 4.5)

Key Management Support

  • Datacryptor AP
    • Device Authentication: X.509 Certificates
    • Key Agreement
      • Diffie-Hellman 
      • National and/or Custom algorithms are also supported
  • Datacryptor Ethernet Layer 2 and Datacryptor SONET
    • Centralized Key generation/distribution
    • Signed Diffie-Hellman Key Agreement (Elliptic Curve Diffie-Hellman version 5.0)
    • Device Authentication: X.509 Certificates
    • Hardware random number generation
    • Automatic and customizable time-triggered key change without interruption of service

Host Connectivity

  • Datacryptor AP
    • Network Ports: 10BASE-T/100BASE-TX Ethernet (RJ45)
    • Management Port: 10BASE-T Ethernet (RJ45)
    • Control Port: RS-232 Serial (DE9)
  • Datacryptor Ethernet Layer 2
    • 100Mbps platform
      • RJ-45 copper 10 or 100BASE-T host and network ports
      • Serial V.24 and Ethernet management ports
    • 1Gbps platform
      • Removable RJ-45 copper (SFP) host/network ports
      • Removable multi-range and DWDM optical (SFP) duplex LC host/network ports
      • Serial V.24 and Ethernet management ports
    • 10Gbps platform
      • Removable multi-range and DWDM optical (XFP) host and network ports
      • Serial V.24 and Ethernet management ports

Additional Security Features

  • Data Integrity
    • Galois Counter Mode (GCM)
    • Extended Sequence Numbers
  • Encrypted Management Traffic (HMAC authenticated)
  • Hardware Random Number Generator
  • Firmware Signing (DSA, SHA-1)
  • Tamper Detection and Tamper Resistance
  • Secure Auditing

Datacryptor Ethernet Layer 2 Data Sheet

Datacryptor Ethernet Layer 2

Datacryptor SONET/SDH Data Sheet

Download
Datacryptor AP Link Frame Relay Data Sheet

Download
Datacryptor AP SFF Multiprotocol Data Sheet

Download
Datacryptor AP E1T1 E3T3 Data Sheet

Download