Utimaco CryptoServer CP5 – eIDAS- & CC-certified Hardware Security Module

Utimaco CryptoServer CP5 – The eIDAS-compliant CC-certified Hardware Security Module

The Utimaco CryptoServer CP5 supports Trust Service Providers (TSPs) in fulfilling policy and security requirements defined in various ETSI technical standards (ETSI EN 319 401, EN 319 411, EN 319 421). With key authorization functionalities, it is ideally suited for eIDAS-compliant qualified signature creation and remote signing. Other application areas include the issuing of (qualified) certificates, OCSP (Online Certificate Status Protocol) and time stamping. The CryptoServer CP5 is based on the CryptoServer Se Gen2 hardware platform and Common Criteria-certified according to the eIDAS Protection Profile (PP) EN 419 221-5 “Cryptographic Module for Trust Services”. It is available as a PCIe plug-in card or as network-attached appliance.

Remote signing applications require a Signature Activation Module (SAM) to authorize a signature or operation. Utimaco offers you a powerful combination of CryptoServer CP5 and CryptoServer CP5 SDK, allowing for SAM firmware to be developed and run inside the tamper-protected environment of the HSM. CryptoServer CP5 SDK is the ideal choice for developers of such “internal SAMs”, and TSPs operating such server signing solution.

Inquire now about CryptoServer CP5 and CryptoServer CP5 SDK, reach us at hsm@utimaco.com.

Product data sheet

Common Criteria & eIDAS-compliant

Full compliance at an attractive price

For applications with low to highest performance requirements

Extensive remote administration

Efficient key management and firmware updates via remote access

Automation of remote diagnosis via SNMP (Simple Network Management Protocol)

Dedicated software simulator for evaluation and integration testing

Features

Key authorization API and tool (acc. PP EN 419 221-5)
Secure key storage and processing inside the secure boundary of the HSM
Extensive key management with key authorization
2-factor authentication with smartcards
“m out of n” quorum authentication (e.g. 3 out of 5)
Multi-tenancy support
Remote management
Dedicated software simulator for evaluation and integration testing
Supported operating systems: Windows and Linux
Multiple integrations with PKI applications, etc.
All features included in product price

Cryptographic algorithms

RSA, ECDSA with NIST and Brainpool curves
ECDH with NIST and Brainpool curves
AES
CMAC, HMAC
SHA2-Family, SHA3
Hash-based deterministic random number generator (DRG.4 acc. AIS 31)
True random number generator (PTG.2 acc. AIS 31)
Up to 3,000 RSA or 2,500 ECDSA signing operations in bulk processing mode
All algorithms included in product price

Security, safety, environmental compliance

Common Criteria EAL4+, based on eIDAS Protection Profile EN 419 221-5
CE, FCC Class B
UL, IEC/EN 60950-1
CB certificate
RoHS II, WEEE

Application programming interfaces (APIs)

PKCS#11
Cryptography Next Generation (CNG)
Cryptographic eXtended services Interface (CXI) – Utimaco‘s high performance interface ensures easy integration of cryptographic functionality into client applications

PCIe card physical specifications

Half-length, full-height single lane PCI Express card
Supports PCIe 1.1, PCIe 2.0 and PCIe 3.0 slots
Operating voltage: 3.3 V
3 V lithium battery, Ø 12 mm, length 600 mm, FDK CR 12600 SE or VARTA CR2NP
USB interface
Operating temperature: +10°C to +45°C (+50°F to +113°F)
Storage temperature: -10°C to +55°C (+14°F to +131°F)
Relative humidity: 10% to 95%, non-condensing
MTBF 360,000 hours at 25°C / 77°F

Network appliance physical specifications

19” 1U form factor
Redundant field-replaceable power supply: 2 x 100 ~ 240 V AC, 50 ~ 60 Hertz, 300 W
Power consumption: typically 45 W / 66 VA, max. 50 W / 70 VA
Heat dissipation: max. 171 BTU/h
2 RJ45 1 Gb/s network interfaces
Operating temperature: +10°C to +50°C (+50°F to +122°F)
Storage temperature: -10°C to +55°C (+14°F to +131°F)
Relative humidity: 10% to 95%, non-condensing
MTBF 100,000 hours at 25°C / 77°F, environment GB, GC – Ground Benign, Controlled