TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
de
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Next event

24/Mar - 25/Mar | Webinar

The Path for Cloudifying Payment HSMs

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / solutions / applications / authentication

authentication

Hardware Security Modules (HSMs) generate, manage and store the secure cryptographic keys that are required for authenticating a user or device in a broader network. Get in touch at hsm@utimaco.com to learn more about the Utimaco HSM offering supporting user & device authentication!

Utimaco HSMs authentication

Strong authentication using Hardware Security Modules

How to securely confirm digital identities of users and devices

Authentication is a process that verifies the identity of a user or device. It can be part of a broader identity and access management process that continuously authenticates subjects in a system.

Is a subject really what it claims to be? This is what the authentication process confirms by means of various authentication mechanisms. Users e.g. may confirm their claimed identity via:

  • “Something they know”, e.g. password, PIN or security questions
  • “Something they have”, e.g. smart card, token or smartphone for receiving a one-time password (OTP)
  • “Something they are or do” (based on biometrics), e.g. fingerprint, face, iris or signature
  • “What they do”, which is related to continuous identity verification based on user behavior in a system and abnormal pattern
  • Or a combination of the above

Certificate-based authentication uses a digital certificate to authenticate users, but beyond that also machines, devices and IoT endpoints (using “something they have”). Advantages include ease of use – often happening automatically without the intervention of the user – and mutual authentication of the user or device to the network or system and vice versa.

Due to the sheer number of connected users and devices, and the increase in cloud-based services, secure identification and authentication are business-critical nowadays. Simple passwords are not sufficient anymore to get access to a network, system, resource or application. Regulations and industry-specific standards have come into place that require stronger authentication mechanisms.

Major concepts around authentication defined

  • Identification – A user or a device (“a subject”) claims an identity.
  • Authentication – Making sure the subject is, what it claims to be. This requires confirming the claimed identity, e.g. by presenting a password or a certificate, or using a smart card or fingerprint scan. Various distinct types of user authentication mechanisms exist, based on their knowledge, possession, biometrics or behavior.
  • Single-factor authentication – With only one single authentication mechanism being used, this type of authentication can be vulnerable and offers little fraud protection.
  • Two-factor authentication – A minimum of two authentication mechanisms from two different categories are used. Consequently, this approach is more secure and less likely for hackers to attack successfully.
  • Strong authentication = multi-factor authentication – This approach involves more than two authentication mechanisms of different types to prove the identity of a user or device.
  • Authorization – Once a user or device identity is confirmed, authorization mechanisms grant or deny access to specific data, files or applications.

Whether you need to authenticate employees or their devices in your network, machines in your production environment, customers using a cloud-based application or payment transactions – in all these cases, the use of an HSM as hardware Root of Trust ensures maximum security.

Application scenarios – Payment authentication & PSD2

The banking and financial services market has the most stringent security regulations and has a long-standing history of using security mechanisms such as authentication. Recent breaches and subsequent tightening of security measures are expected to bring biometric authentication into the focus of attention for future-proof authentication.

As part of the second Payment Services Directive (PSD2, since January 13th, 2018), the EU will introduce stricter requirements for authenticating online payments as from September 2019. These are known as Strong Customer Authentication (SCA) and complement PSD2 as part of the European Commission’s Delegated Regulation on Regulatory Technical Standards (RTS). They will significantly impact how users are identified and authenticated, involving at least two of three authentications methods (knowledge, possession and inherence). Biometrics (inherence) such as fingerprints will be more widely used as a highly secure way to identify individuals. Important prerequisites are the secure storage of biometric data and use of a public key infrastructure, which is ideally backed by an HSM for managing cryptographic keys. With these new requirements, the EU aims at reducing online payment fraud and identity theft.

Application scenarios – The role eIDAS plays

A standardized electronic identification system across the European Union facilitates strong and straight-forward authentication mechanisms. The related standards as defined in the eIDAS regulation (EU) N°910/2014 are fully taken into consideration for maximum security, e.g. with qualified certificates for website authentication or qualified certificates for payment providers’ electronic seals.

Application scenarios – Conditional Access

Identification and authentication mechanisms are a prerequisite to implement conditional access. A securely identified user or device is granted access to a network, system, data or other when meeting a specified set of criteria.

  • A best-in-class case: Microsoft offers user access based on geolocation or IP address (location-based conditional access) and ensures that only registered and approved devices get access (device-based conditional access). Conditional access schemes and policies are deeply integrated into Microsoft solutions that manage access to applications on promises or in the cloud with fine-grained controls and based on a multitude of conditions.
  • In the media and entertainment industry, conditional access (CA) and digital rights management (DRM) are two key concepts to ensure proper authentication and authorization. CA has been widely used for TV streaming, ensuring that only customers/users with the appropriate receiver and valid decryption key can “unscramble” a film or media stream. Hence they get access to that content if one or multiple conditions are met. Most keys are valid for a short / specific time frame only, so that stealing and decrypting this key is basically useless. The key will have already been replaced by a subsequent key.

Application scenarios – Digital Rights Management

Although similar to CA in terms of intent, i.e. limiting access to content for authorized/paying users, DRM usually protects a specific piece of content at rest or in transition. It allows users to access the content and defines the when, how, how long/often, on which device(s), etc.

Related Utimaco case studies

/ Utimaco & Irdeto case study

Irdeto – Protecting Valuable Media Assets from the Threat of Piracy

The way we access and consume video content has changed dramatically in recent years. The new Pay TV landscape means that consumers have a wealth of choice from content which is broadcast and consumed on set top boxes to OTT content delivered to any device.

Read more

/ Utimaco & InWebo case study

InWebo – Protecting digital identities: secure, simple and cost efficient

As banking, payment, and financial services shift massively to web and mobile, fraud opportunities multiply. Cars get connected and in-car & cloud services sprout. Cybersecurity issues raise safety & privacy concerns. The motivation: protecting digital identities for any industry.

Read more

Ready to take off?

Download our HSM simulator!

Register for free
Take me there

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

CEGA Security Macroseguridad cv cryptovision GmbH Cyber Armor Pte Ltd Cryptomathic Inc. Ascertia - Utimaco Hardware Security Modules Partner Fortiedge Pte Ltd. Versasec MIcrosec Abrantix AG Primekey Solutions AB MTG - Utimaco Hardware Security Modules Partner Microexpert Limited Rohde & Schwarz Cybersecurity GmbH Nexus - Utimaco Hardware Security Modules Partner IQuantics Corp Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner CREA plus d.o.o. Komar Consulting Inc. - Utimaco Hardware Security Modules Partner CREAplus Italia S.r.l Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner PETA (Thailand) Co., Ltd. Real security d.o.o. Utimaco HSM - PTESA_profesionales en transacciones electronicas Telegrupp AS SecureMetric Technology Sdn. Bhd. Softline Solutions GmbH EUROPEAN DYNAMICS SA. Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner Perceptus-sp.-z-o.-o. MALKOM D.Malińska i Wspólnicy s.j. CertiSur S.A. Compumatica secure networks GmbH Nexus - Utimaco Hardware Security Modules Partner Thomas-Krenn.AG Nexus Technology GmbH Utimaco HSM - QuintessenceLabs JJNet International Co., Limited - Utimaco Hardware Security Modules Partner Cogito Group Pty Ltd Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner Utimaco HSM - InfoGuard Swiss Cyber Security Envoy Data Corporation - Utimaco Hardware Security Modules Partner ESYSCO Sp. z o.o. CewTec S.A. Clearkey Consulting - Utimaco Hardware Security Modules Partner Safesoft Kft. Cryptomathic GmbH VAR Group SpA - Utimaco Hardware Security Modules Partner PrimeKey Labs GmbH PKI Solutions Inc. Baas Control s.r.o. Fornetix - Utimaco Hardware Security Modules Partner Encryption Consulting LLC AKEA S.A. - Utimaco Hardware Security Modules Partner Cryptomathic A/S Compumatica secure networks B.V. intarsys AG E-Sign S.A. Altacom UAB
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research