TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
de
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • key management
      • Enterprise Key Management
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • key management
      • Enterprise Key Management
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / solutions / applications / public key infrastructure (PKI)

public key infrastructure (PKI)

Use public key infrastructure (PKI) with Utimaco HSMs as the Root of Trust to secure the Internet of Things.

A PKI can provide

  • confidentiality,
  • integrity,
  • authenticity and
  • non-repudiation

of your information, code and devices.

Utimaco HSMs public key infrastructure (PKI)

Public key infrastructure – the root of trust for the IoT?

Why use a public key infrastructure (PKIs)?

Public key infrastructure (PKI) has become the cornerstone in modern IT infrastructures when it comes to ensuring confidentiality, integrity, authenticity and non-repudiation of sensitive information. This information can be as diverse as eID services like passport production to digital rights management in the entertainment industry. It can reach across industries like automotive, smart metering and payment infrastructures. One of the most common use case for PKIs is that of authenticating employees and devices against a company’s IT infrastructure.

Based on the well-studied mathematical schemes of asymmetric cryptography and hierarchical structures, PKI is a powerful tool for securely communicating amongst large groups of users or computing nodes. The principle behind it is simple: a message – or certificate – is encrypted or signed with a private key and can be decrypted or verified with a corresponding public key.

The challenge in this scheme is to reliably distribute the public key, so a reader or recipient of a message can be sure about its origin. This is commonly achieved by establishing a trustworthy third party to assure authenticity and integrity of the public keys – a Public Key Infrastructure, or PKI.

What makes a good PKI: Critical success factors

Obviously, a PKI stands and falls with the trust one can place in the measures deployed to safeguard the cryptographic keys. This is where deploying Hardware Security Modules in a PKI becomes a critical success factor.

Organizations deploying their own internal PKIs have the flexibility to define the security models that fit their specific needs. They face a number of challenges in defining, maintaining and securing their PKI:

  • Theft of CA signing private keys or root keys: This allows fake certificates to be issued. Even the suspicion that this may have taken place leads to the re-issuance of some or all of the previously issued certificates.
  • Theft or misuse of keys: Any keys associated with the online certificate validation processes can be used to subvert the revocation processes and thus allow for malicious use of revoked certificates.
  • Weak controls: Access to the signing keys can lead to the misuse of the CA, if the keys are not compromised.
  • Scalability & performance: As more and more applications are brought deployed, the HSM performance available for signing activities associated with issuance and validation checking may need to be extended.

What PKI trends are there?

Internal PKI. This is the more traditional approach of setting up and managing a public key infrastructure where organizations setup, deploy and manage a PKI within the boundaries of their IT infrastructure. Setting up and maintaining an internal PKI becomes the favorable choice if the aspects of infrastructural and expertise maintenance costs are affordable for an organization.

PKI as a Service. As virtualization and cloud computing have taken up speed in the past few years; outsourcing of previously in-house kept services has become a cost effective approach for a variety of organizations. Having the option of outsourcing business critical services to economic, trustworthy and highly specialized third party providers has made the idea of outsourcing a PKI a luring alternative for many organizations. Especially in the context of cost and expertise that accompanies setting up and maintaining such an infrastructure within organizational boundaries.

Work with a Utimaco partner

Utimaco is the only HSM vendor with a global partner network, specialized in different disciplines of using HSMs – including the deployment in PKI. Click here to find a PKI implementation partner of your choice.

Or start now: try our free-of-charge, fully functional HSM simulator!

If you want to build a PKI for your own research project or a customer, start today with our fully functioning simulator. It allows you to test the capabilities of your development upfront and free of change. To download the simulator please see here below.

Ready to take off?

Download our HSM simulator!

Register for free
Take me there

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

MIcrosec intarsys AG JJNet International Co., Limited - Utimaco Hardware Security Modules Partner CertiSur S.A. PETA (Thailand) Co., Ltd. MTG - Utimaco Hardware Security Modules Partner Baas Control s.r.o. Cryptomathic Inc. Softline Solutions GmbH CREA plus d.o.o. Compumatica secure networks GmbH Utimaco HSM - PTESA_profesionales en transacciones electronicas cv cryptovision GmbH VAR Group SpA - Utimaco Hardware Security Modules Partner PrimeKey Labs GmbH AKEA S.A. - Utimaco Hardware Security Modules Partner Versasec Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner CREAplus Italia S.r.l Cryptomathic A/S Komar Consulting Inc. - Utimaco Hardware Security Modules Partner Ascertia - Utimaco Hardware Security Modules Partner Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner Fortiedge Pte Ltd. Macroseguridad Utimaco HSM - QuintessenceLabs CEGA Security ESYSCO Sp. z o.o. Altacom UAB Real security d.o.o. Cogito Group Pty Ltd Nexus - Utimaco Hardware Security Modules Partner Clearkey Consulting - Utimaco Hardware Security Modules Partner Nexus - Utimaco Hardware Security Modules Partner SecureMetric Technology Sdn. Bhd. MALKOM D.Malińska i Wspólnicy s.j. E-Sign S.A. Thomas-Krenn.AG Abrantix AG Rohde & Schwarz Cybersecurity GmbH Primekey Solutions AB Utimaco HSM - InfoGuard Swiss Cyber Security Encryption Consulting LLC Fornetix - Utimaco Hardware Security Modules Partner Microexpert Limited Nexus Technology GmbH Cyber Armor Pte Ltd PKI Solutions Inc. Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner Envoy Data Corporation - Utimaco Hardware Security Modules Partner CewTec S.A. Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner Cryptomathic GmbH Perceptus-sp.-z-o.-o. IQuantics Corp Compumatica secure networks B.V. EUROPEAN DYNAMICS SA. Safesoft Kft. Telegrupp AS
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • key management
      • Enterprise Key Management
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research