TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / Blogs / What are the common criteria for hardware security modules (HSMs)?

What are the common criteria for hardware security modules (HSMs)?

November 09, 2020

All the critical banking and payment systems incorporate Hardware Security Modules (HSMs) for the protection of user information and business transactions. HSMs deliver secure management of crypto keys along with encryption/decryption, digital signatures and authentication mechanisms which are frequently used for the security of corporate business applications. A globally certified HSM not only guarantees secure and proficient integration with the existing business workflows but also offers legal and regulatory compliances for the trust of buyers and system evaluators. Common Criteria (CC) is a well-recognized certification and helps in choosing security-appropriate HSMs.

1. Different types of hardware security modules and their importance

New call-to-actionHardware Security Modules (HSMs) are a very critical component of business application because they are responsible for the security of confidential information and transactions. They are either a dedicated hardware machine or a cluster of multiple devices with embedded processors which can swiftly carry on cryptographic operations. HSMs or “Secure Cryptographic Devices” are available in several sizes/types and different security levels such as TPMs/ embedded HSMs, software tokens, PCI Cards, Smart Cards, USB tokens, and network-attached HSMs. Every HSM types offer features (performance, standalone/network-attached) as per the requirements of corporate applications.

HSMs not only provide different levels of logical but also physical protection to crypto keying material against unauthorized access by adversaries consequentially acting as security backbone of your business architecture.

So HSMs provide accelerated crypto operations on one end and curtails/lessens the business risks on the other end. The incorporation of HSM in business provides the following plus points.

  • Enhanced Security
  • Centralized Policy Enforcement
  • Augmented Business Efficiency
  • Decrease Operational Cost/Complexity
  • Legal and Regulatory Compliance

Banking and corporate sectors have a huge clientele and have to serve a large user base securely and efficiently. The risk of failover and downtime is very critical in such organizations and can lead to the huge amount of business loss. Hence, the HSMs are deployed in cluster/redundancy, HA (High Availability) and load-balancing mode to guarantee contingency and ensure business continuity.

2. Advantage of CC certified HSMs

A certification is an immediate and documented benchmark about the features and functionalities of an HSM based on standardized testing procedures. International and globally recognized certifications assure the trust/confidence of all the stakeholders (managers, designers, clients/end users and evaluators etc.) of an architecture. The core intention behind the initiative of Common Criteria was to assure the trust and global acceptance to the security products sold in the international market so that they don’t need to be re-evaluated by each buying client/country.

International and corporate organizations/clients always prefer/recommend HSMs and crypto devices having Common Criteria certifications. Federal Agencies of USA have made it mandatory to procure IT products which are Common Criteria certified. Common Criteria enlists all the certified products on their website. As a whole, the following advantages are offered by a certification:

  • Competitive benefit among vendors
  • Trust among stakeholders
  • Interoperability
  • Legal/Regulatory bindings

3. Common Criteria Certification

Common Criteria (CC) is a globally recognized standard/certification (ISO/IEC 15408) which helps in choosing maximum security and assurance levels of HSMs. It is a joint effort of six (06) countries: US, UK, Canada, France, Germany & Netherlands. It is the cutting edge feature for the procurements of HSM among the competitor vendors and a core requirement of security aware corporations. The latest version (v3.1) was released in April 2017.

4. Common Criteria evaluation of HSMs

Common Criteria Evaluation of an HSM involves the validation that the HSM or crypto module fulfills a particular set of security objectives and requirements. The HSM or crypto module which has to be evaluated is referred to as TOE (Target of Evaluation) and the security requirements are referred to as ST (Security Target). After the evaluation process, an EAL (Evaluation Assurance Level) is assigned to the product. The EAL ranges from 1 (minimum) to 7 (maximum). EAL rating is basically a rating of testing, not the security. Hence it means that if an HSM has a higher EAL rating then it does not mean that it is more secure, it only means that the HSM has been thoroughly tested and evaluated based on the standards. It is highly recommended to procure/deploy HSMs which have an EAL rating of 4 or higher.

New Call-to-action

Back to overview

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

Nexus - Utimaco Hardware Security Modules Partner Compumatica secure networks GmbH Softline Solutions GmbH Fornetix - Utimaco Hardware Security Modules Partner Primekey Solutions AB E-Sign S.A. Baas Control s.r.o. Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner Telegrupp AS Compumatica secure networks B.V. AKEA S.A. - Utimaco Hardware Security Modules Partner Cryptomathic A/S CREAplus Italia S.r.l CewTec S.A. Perceptus-sp.-z-o.-o. Nexus - Utimaco Hardware Security Modules Partner Ascertia - Utimaco Hardware Security Modules Partner Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner Cyber Armor Pte Ltd CertiSur S.A. MTG - Utimaco Hardware Security Modules Partner Cogito Group Pty Ltd Utimaco HSM - InfoGuard Swiss Cyber Security Cryptomathic GmbH MIcrosec Abrantix AG Microexpert Limited JJNet International Co., Limited - Utimaco Hardware Security Modules Partner EUROPEAN DYNAMICS SA. intarsys AG CEGA Security Macroseguridad Nexus Technology GmbH cv cryptovision GmbH Cryptomathic Inc. Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner Komar Consulting Inc. - Utimaco Hardware Security Modules Partner Envoy Data Corporation - Utimaco Hardware Security Modules Partner CREA plus d.o.o. Thomas-Krenn.AG Versasec PKI Solutions Inc. Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner PrimeKey Labs GmbH ESYSCO Sp. z o.o. SecureMetric Technology Sdn. Bhd. PETA (Thailand) Co., Ltd. Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner Fortiedge Pte Ltd. Real security d.o.o. Altacom UAB Encryption Consulting LLC MALKOM D.Malińska i Wspólnicy s.j. Clearkey Consulting - Utimaco Hardware Security Modules Partner Rohde & Schwarz Cybersecurity GmbH Safesoft Kft. VAR Group SpA - Utimaco Hardware Security Modules Partner Utimaco HSM - QuintessenceLabs IQuantics Corp Utimaco HSM - PTESA_profesionales en transacciones electronicas
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research