TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
de
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
        • building trust in the cloud
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
        • the keys to building a platform of trust in cryptography
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
    • u.trust 360
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
        • building trust in the cloud
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
        • the keys to building a platform of trust in cryptography
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
    • u.trust 360
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / solutions / compliance / compliance & standardization / Certificate Policy of the Smart Metering PKI

Certificate Policy of the Smart Metering PKI

This German Certificate Policy and Technical Guideline BSI TR-03109 define specifications related to the “Smart Metering PKI”. A PKI ensures the integrity, confidentiality and authenticity of data circulating around the smart metering gateway (SMGW). Utimaco HSMs are particularly suited in this context. The Utimaco CryptoServer CSe has been successfully evaluated and found to fulfill the requirements of the Certificate Policy.

Utimaco compliance

Certificate Policy of the Smart Metering PKI

BSI TR-03109 from the German Federal Office for Information Security

With the progressive adoption of smart meters, a large amount of consumption data will be stored and transmitted online. It is crucial to ensure that no unauthorized individual can access this data – or worse, manipulate entire power grids. In this context, the German Federal Office for Information Security (BSI) issued the Technical Guideline BSI TR-03109 and related Certificate Policy of the Smart Metering PKI (German only). They specify the requirements that IT components in smart metering environments must fulfill regarding functionality, interoperability and security.

Parts 3 and 4 of this Technical Guideline define “cryptographic specifications for the infrastructure of smart metering systems“ and specifications related to the “Smart Metering PKI”. A PKI ensures the integrity, confidentiality and authenticity of data circulating around the smart metering gateway (SMGW), the central communication unit of the smart grid architecture.

Utimaco HSMs are particularly suited in this context. The Utimaco CryptoServer CSe has been successfully evaluated and found to fulfill the requirements of the Certificate Policy.

Requirements for Hardware Security Modules used in smart metering environments

BSI TR-03109 and the Certificate Policy of the Smart Metering PKI require that specialized Hardware Security Modules (HSMs) are used to securely generate, store and use cryptographic keys. Chapter 6.2 of the Certificate Policy states that HSMs for smart metering must be certified according to referenced Common Criteria protection profiles. The security of the HSM may alternatively be assessed by an accredited evaluation laboratory, proving

  • the high quality of a true random number generator, as well as
  • physical security through tamper protection and
  • side-channel resistance.

A yearly update of BSI TR-03116, Part 3 (German only) on cryptographic requirements for smart metering projects of the German Federal Government complements the Technical Guideline BSI TR-03109. It defines mandatory cryptographic procedures and key lengths to use.

TR-03109 overview

Successful evaluation of Utimaco HSMs

Utimaco CryptoServer CSe has been evaluated and found to fulfill the requirements of the Certificate Policy:

  • Secure random number generator DRG.4 according to AIS31
  • Tamper protection against attack potential “high” (exceeds required level “moderate”)
  • Side-channel resistance against attack potential “high” (exceeds required level “moderate”) for algorithms AES-256, Diffie-Hellman key exchange, ECDSA signature generation and verification and ECDH key exchange

The evaluation certificate for Utimaco CryptoServer CSe is available here.

This evaluation has been performed by a Common Criteria (CC) evaluation facility based on the German BSI Technical Guideline BSI TR-03109 and Certificate Policy. It gives utility companies and their customers the certainty that deployed IT components and devices – such as Utimaco HSMs – fulfill the requested security requirements.

The German Federal Office for Information Security (BSI) aims at establishing appropriate IT-security standards with the publication of technical guidelines, among others. They basically address every company developing, setting up or securing IT systems. They “provide criteria and practices for conformity evaluations ensuring the interoperability of IT-security components as well as the implementation of defined IT-security requirements”. Technical guidelines, which could be considered simple recommendations or best practices, reference or complement existing standards such as the CC Protection Profiles. Once laws or regulations refer to them, however, they can become mandatory. The same applies to public tenders which require the bidder to conform to such technical guidelines.

Manufacturers and distributors can ask the BSI to confirm and certify the conformity of their IT-products or -systems with specific technical guidelines.

Stay on top of our news
Don’t miss out on any Utimaco updates

Partners

CREA plus d.o.o. Baas Control s.r.o. Clearkey Consulting - Utimaco Hardware Security Modules Partner Utimaco HSM - InfoGuard Swiss Cyber Security Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner Thomas-Krenn.AG Primekey Solutions AB CewTec S.A. Envoy Data Corporation - Utimaco Hardware Security Modules Partner CREAplus Italia S.r.l Ascertia - Utimaco Hardware Security Modules Partner Real security d.o.o. E-Sign S.A. cv cryptovision GmbH Altacom UAB JJNet International Co., Limited - Utimaco Hardware Security Modules Partner MTG - Utimaco Hardware Security Modules Partner intarsys AG Utimaco HSM - QuintessenceLabs Macroseguridad Compumatica secure networks B.V. Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner IQuantics Corp Perceptus-sp.-z-o.-o. MIcrosec PKI Solutions Inc. ESYSCO Sp. z o.o. Safesoft Kft. SecureMetric Technology Sdn. Bhd. Telegrupp AS CertiSur S.A. MALKOM D.Malińska i Wspólnicy s.j. Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner Nexus Technology GmbH Softline Solutions GmbH Cryptomathic Inc. Microexpert Limited Abrantix AG AKEA S.A. - Utimaco Hardware Security Modules Partner Cryptomathic A/S Cyber Armor Pte Ltd CEGA Security Fornetix - Utimaco Hardware Security Modules Partner Komar Consulting Inc. - Utimaco Hardware Security Modules Partner Nexus - Utimaco Hardware Security Modules Partner Encryption Consulting LLC Fortiedge Pte Ltd. PrimeKey Labs GmbH VAR Group SpA - Utimaco Hardware Security Modules Partner PETA (Thailand) Co., Ltd. Cogito Group Pty Ltd Nexus - Utimaco Hardware Security Modules Partner Rohde & Schwarz Cybersecurity GmbH Cryptomathic GmbH Versasec Compumatica secure networks GmbH Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner Utimaco HSM - PTESA_profesionales en transacciones electronicas EUROPEAN DYNAMICS SA.
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
        • building trust in the cloud
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
        • the keys to building a platform of trust in cryptography
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
    • u.trust 360
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research