Cryptographic Card for KMA

Pre-install or add a cryptographic card to the KMA to provide a FIPS 140-2 Level 3 certified cryptographic device.

The cryptographic card may sometimes be referred to as the Hardware Security Module (HSM). See the Oracle Key Manager Security Guide for more information.

SPARC KMAs running OKM 3.3 or later use the Thales nShield Solo PCIe card.

Sun Fire KMAs and SPARC KMAs running a release before OKM 3.3 use the Sun Cryptographic Accelerator (SCA) 6000 card . The firmware on the SCA 6000 card had previously undergone FIPS 140-2 Level 3 certification. However, this certification has been revoked as of December 31, 2015, and is no longer certified.

Thales Smart Card and Smart Card Reader

A smart card reader and smart card come with the Thales nSheild Solo+ installation kit. Retain the smart card and reader for installing and servicing the Thales card.

The customer should retain the smart card reader device and associated smart cards in the event the Thales card requires service. The Thales card operates securely without the smart cards once OKM has been configured to use the cryptographic card. Therefore, there is no security risk is an unauthorized individual acquires access to the smart cards.