Deutschland HSM

Overview Cryptography & Tamper Technology Model Drill Down Pricing Support Downloads

The Hardware Security Module for eID Infrastructure

ePassports and eID systems are introducing the next step in the issuance of travel documents and identity management. Passports or eIDs and their corresponding inspection systems used by airlines and border control authorities at airports, harbors, and roadside country borders will be able to match documents to people, authenticate data in the documents, and more efficiently process travelers at checkpoints. The ePassport also offers substantial benefits to the rightful holder by providing the confirmation that the passport belongs to that person and that it is authentic, without endangering his privacy.

Addressing all the various kind of requirements from the different core elements in ePassport and eID management cycles, Utimaco has defined and implemented various sets of features and algorithms (e.g. ECC) into their top line HSM product, the SafeGuard^® CryptoServer Deutschland HSM.

Utimaco provides the security solutions for the following components within ePassport system infrastructures:

Country Signing Certification Authority (CSCA) & Country Verifying Certificate Authority (CVCA):
Utimaco HSM provides CA key protection and secure issuance of Document Signer (DS) and Document Verifier (DV) certificates.
Document Signer (DS):
Utimaco HSM provides key protection and secure high performance signing of BAC Document Security Objects (DSOs).
Document Verifier (DV) sub-CA:
Utimaco HSM provides sub-CA key protection and secure issuance of Inspection System (IS) certificates.
ePassport / eID Chip Personalization:
Utimaco HSM ensures the secure loading of passport holder information, including biometrics, as well as issuing information, to the MRTD chip during the chip personalization process, using a unique, direct cryptographic channel between HSM and chip (secure messaging).
ePassport Inspection System (IS) / Border Control System:
Utimaco HSM provides key protection for private keys of Inspection Stations / Inspection Servers, and performs the cryptographic operations on the terminal side for terminal authentication and chip authentication. Additionally, an HSM may securely store CSCA, CVCA, DS, and DV certificates.

Cryptography & Tamper Technology

The most common usage of Hardware Security Modules is the tamper-proof preparation and storage of cryptographic keys. Within these mission-critical host applications Hardware Security Modules are included as the standard today.

With the SafeGuard^® CryptoServer product line we are offering different kinds of security and performance levels in terms of tamper technology. With our experience of over 25 years in developing and manufacturing hardware security modules we are able to provide our customers the highest product quality and reliability in terms of tamper technology starting from standard tamper-proof devices up to the highly secure, tamper-responsive HSM SafeGuard^® CryptoServer CS.

Details

Cryptographic Algorithms

SafeGuard^® SecurityServer is available with the following cryptographic algorithms:
- RSA
- DSA, ECDSA
- AES, DES, Triple DES
- AES MAC, Triple DES MAC, Retail MAC
- Hash algorithms SHA-1, SHA-2 family, RIPEMD-160, MD5
- Diffie-Hellman
- Additional algorithms on request
Certification

SafeGuard^® SecurityServer is available with the following certification levels:
- FIPS 140-2 level 3
- FIPS level 4 for „physical security“
- Common Criteria EAL4+
For details please consult the “MODELL DRILL DOWN” section
Random Number Generation

Safeguard SecurityServer comes with the following options:
- Physical random number generation in accordance with AIS 31 (class P2)
- Deterministic random number generation according to FIPS 186-3 or AIS 20 (class K4)
For details please consult the “MODELL DRILL DOWN” section
Tamper Technology

SafeGuard SecurityServer is available with the following tamper features:
- tamper-proof
- tamper-responsive
- secure deletion if mechanical / physical / chemical attacs occur
- secure deletion in case of temperature fluctuation or if the energy supply is outside of defined limits
- possibility of manual deletion
For Details please consult the “MODELL DRILL DOWN” section

Model Based Highlights

CS-Series

High-end HSM for advanced and uncompromising hardware security requirements

CS LAN

Central point of highest physical security for ePassport and eID applications
Simplifies key management
High availability features
Extreme scalability with no limitation regarding connections

Hardware Specifications
- Power Supplies: AC or optional D
- Interfaces: USB and serial ports, 2 Ethernet up to 1 GBit
- Frontpanel display for status and basic administration
Performance
Supported OS
- Microsoft Windows
- Linux
- Solaris
- AIX 5L
SNMP Support
MIB Files are provided on the product CD

CS-Series

High-end HSM for advanced and uncompromising hardware security requirements

CS PCI

Highest security HSM for eID/ePassport server applications
Optimized for cryptographic acceleration in host applications
Integrated key management
Delivers FIPS and Common Criteria compliance

Hardware Specifications
- Dimensions: length: 167 mm (“half” length) height: 107 mm (“full” height) operating power 3.3 and 5.0 volt (PCI bus specification) environmental temperature in operation: +10°C to +35°C / +50°F to +95°F
Performance
Supported OS
- Microsoft Windows
- Linux
- Solaris
- AIX 5L

Pricing

With the Deutschland HSM package, Utimaco offers a fair and transparent pricing to all it's customers in the ePassport and eID area.

Based on our comprehensive software and hardware architecture, we are able to offer a complete suite of algorithm and API's that comes with the Deutschland HSM package. It enables our customers to start the HSM integration based an their specific system architecture and to have the option to expand the usage of the HSM in other integration scenarios.

Support

Security and availability of you infrastructure lay today the foundation to your success.

With our flexible service portfolio we provide multiple support options that suits your business needs. Starting from a basic support and hardware repair service up to 24/7 service we are able to tailor the services exactly to your needs.

How to contact us:

E-Mail: support-cs@utimaco.de

Download SecurityServer Simulator

To support our customers from the beginning of the selection process on, Utimaco offers a complete functional SafeGuard^® Security Simulator.

After registration you can download the SafeGuard^® SecurityServer Simulator. Included are all API's, libraries, administration tools and documentation of the SecurityServer. Utimaco's SafeGuard^® SecurityServer Simulator at a glance:

Please contact us for more detailed information or to find out which partner can help you best with your request