TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / Blogs / eIDAS regulation: do not make the wrong choice when you are picking your HSM

eIDAS regulation: do not make the wrong choice when you are picking your HSM

November 09, 2020

In this blog post, I want to limit myself to the essential basis of eIDAS, the HSM (Hardware Security Module). If you want more information about eIDAS, please visit the websites mentioned at the end of this article.

eIDAS stands for “Electronic Identification and Trust Services for electronic transactions in the Internal Market”.

eIDAS is described in the EU Regulation 910/2014. With this, the EU regulates the market: The digital borders are disappearing and the means for electronic identification (eID)of the EU countries can be accepted by other countries.

A large part of this law concerns trust services, such as electronic signatures, electronic delivery, electronic seals and website authentication. The eIDAS regulation ensures that electronic signatures have the same legal validity as hand-drawn signatures, so that contracts can be digitally ratified.

Federal-Information-Processing-Standard-FIPS-140-2-1024x282

Figure: federal Information Processing Standard (FIPS) 140-2

This standard is maintained by the National Institute of Standards and Technology (NIST). NIST is a US government organization. The FIPS 140-2 standard has 4 levels for which a module can be evaluated.

  • Level 1 – lowest level; basic security requirements are specified
  • Level 2 – contains requirements for tamper evidence, user authentication
  • Level 3 – contains requirements for tamper detection / security (tamper-proof), data zeroization, and recognizes different user roles
  • Level 4 – the highest level; intrusion into the module is detected with high probability, requirements in the area of physical/environmental security.

Common Criteria Evaluation Assurance Levels (CC-EAL)

2.3.1.1-Common-Criteria-Logo-300x93

Common Criteria is an internationally recognized set of standards for the evaluation of security hardware and software. It is a tightly regulated process with the following characteristics:

  • the product under evaluation is called “Target of Evaluation” or TOE
  • the TOE is evaluated against a Protection Profile (PP); this is a profile defined by a user or user community, e.g. the SSCD (Secure Signature Creation Device) is a profile based on the European Digital Signature Directive.
  • the evaluation is carried out on the basis of a so-called “Security Target” (ST), a detailed descriptive document of the security functions of the TOE, and refers to the Protection Profile.
  • if a product has been evaluated, it is classified with an Evaluation Assurance Level (EAL) in the range of 1 to 7 where 1 is the lowest and 7 is the highest qualification (minimum level 4 for an HSM).

If an HSM has been evaluated in accordance with Common Criteria, it is recommended that the EAL is at least 4.

eIDAS compliant HSMs support new business opportunities

New call-to-actionSuch uniform standards give companies new opportunities to do business. They can tap into new markets and do business in other European countries in a very safe and compliant way. The most relevant Protection Profile for HSMs, “Cryptographic Module for Trust Services”, has recently been certified by an approved test laboratory. […] Please note that only the HSM of a German manufacturer is being evaluated in accordance with this Protection Profile where the definitive Common Criteria certification is expected in Q3 2018.

No HSM manufacturer has been certified so far! Do not be confused by the mentions at https://www.commoncriteriaportal.org/products/.

HSM manufacturers have an active role in drafting security requirements and Protection Profiles at the European Committee for Standardization (CEN).

The goal is set for secure qualified signatures, seals and timestamps in accordance with the EU eIDAS regulation.

Certification against the correct Protection Profile guarantees that you may use it for eIDAS applications. For this see mainly https://www.commoncriteriaportal.org/files/ppfiles/ANSSI-CC-PP-2016_05%20PP.pdf.

Some manufacturers like to refer to the website with approvals   (https://www.commoncriteriaportal.org/products/) however, to this day, there is no HSM certified against the correct Protection Profile!

Note: Within the EU, the Protection Profile for Secure Signature Creation Devices (SSCD) (European standard CWA 14169) is a valuable profile for evaluation.

More Information about eIDAS:

  • www.eidas2018.eu
  • https://www.logius.nl/fileadmin/logius/ns/evenementen/roadshow_toegangsdiensten/Roadshow_eIDAS.pdf
  • https://www.eherkenning.nl/aansluiten-op-eherkenning/eidas
  • https://ec.europa.eu/digital-single-market/en/trust-services-and-eid

The title of this piece, “Do not make the wrong choice”, is a warning for a divestment. At this moment, there is no HSM certified for eIDAS applications. It is also NOT possible to “upgrade” an already purchased HSM to CC EAL 4+ because certain conditions and requirements have to be met from production and logistics.

Who are the main players on the European market?

The HSM market is undergoing consolidation. There used to be three players, Thales (including nCipher), Gemalto (including SafeNet) and Utimaco. In the past year, Thales announced the intention to acquire Gemalto and Utimaco did the same for the payment HSM section of MicroFocus, Atalla. Utimaco is a real “runner-up” in the HSM market and is growing fast by supplying a very cost-effective, flexible and reliable complete system.

Further reading about eIDAS is also available on the Utimaco website: see also eIDAS page, the CP5 simulator & 2 webinars.

New call-to-action

  • This article has been first published by Ad Koolen in Feb 2018 in Dutch language.
  • It was first published on July 11, 2018 in this blog
Back to overview

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

Cryptomathic Inc. CewTec S.A. CertiSur S.A. CEGA Security Primekey Solutions AB Nexus - Utimaco Hardware Security Modules Partner Compumatica secure networks B.V. MIcrosec Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner Rohde & Schwarz Cybersecurity GmbH Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner Real security d.o.o. Ascertia - Utimaco Hardware Security Modules Partner intarsys AG Fornetix - Utimaco Hardware Security Modules Partner Cryptomathic GmbH CREA plus d.o.o. Compumatica secure networks GmbH Cogito Group Pty Ltd Versasec Fortiedge Pte Ltd. Utimaco HSM - InfoGuard Swiss Cyber Security Microexpert Limited cv cryptovision GmbH PETA (Thailand) Co., Ltd. Encryption Consulting LLC ESYSCO Sp. z o.o. MALKOM D.Malińska i Wspólnicy s.j. Safesoft Kft. Nexus - Utimaco Hardware Security Modules Partner CREAplus Italia S.r.l Thomas-Krenn.AG PKI Solutions Inc. PrimeKey Labs GmbH Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner Abrantix AG IQuantics Corp Utimaco HSM - QuintessenceLabs Cyber Armor Pte Ltd VAR Group SpA - Utimaco Hardware Security Modules Partner SecureMetric Technology Sdn. Bhd. AKEA S.A. - Utimaco Hardware Security Modules Partner Envoy Data Corporation - Utimaco Hardware Security Modules Partner Baas Control s.r.o. Cryptomathic A/S Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner Softline Solutions GmbH Perceptus-sp.-z-o.-o. Clearkey Consulting - Utimaco Hardware Security Modules Partner Altacom UAB Utimaco HSM - PTESA_profesionales en transacciones electronicas Komar Consulting Inc. - Utimaco Hardware Security Modules Partner Nexus Technology GmbH Macroseguridad MTG - Utimaco Hardware Security Modules Partner Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner Telegrupp AS E-Sign S.A. JJNet International Co., Limited - Utimaco Hardware Security Modules Partner EUROPEAN DYNAMICS SA.
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research