DataCore vFilO Key Management System – nCipher HSM

The nCipher Hardware Security Module (HSM) is the key management service currently supported by DataCore vFilO. Specifically, DataCore vFilO requires the nCipher Web Services Option Pack, which provides access to nCipher HSM platforms through a standard REST-based web interface.

DataCore vFilO cloud upload and download services use AES secret-key encryption to encrypt file chunks before uploading them to the cloud. The key is encrypted (wrapped) by a master AES key obtained from the HSM; that wrapped key is then stored with each chunk in the cloud.

When the file chunks are downloaded, the encryption context containing the wrapped key is also downloaded, decrypted with the configured HSM master key and then used to decrypt the file chunks.

The entire communications channel between the cloud mover and the HSM is also encrypted and secured using standard TLS encryption and security protocols, including mutual authentication between client and server components. The PKI materials for the REST TLS channel are themselves secured by the HSM.