government

Utimaco HSMs as a Root of Trust for government bodies and agencies

Governments continuously work on their service offerings and improvements to their infrastructure and efficiency at local, state and federal government level.

Examples of this are as diverse as the X-Road project in Estonia that aims to provide comprehensive and secure online services for citizens, new regulations simplifying the digitaization and standardization of business activities and citizen services, such as eIDAS, or ICAO compliant ePassport validation and border control.

Utimaco’s portfolio for the public sector comprises

• Hardware Security Modules (HSMs)
• Hard disk encryption (DiskEncrypt) and
• Centralized Key Management (ESKM)

We provide the required hardware Root of Trust and support governments & the public sector with solutions that

• keep documents confidential (VSNfD, EU restricted, NATO restricted) via
• authentication & access restriction mechanisms,
• encryption of data at rest
• PKI applications as well as
• signature creation capabilities including crypto agile hybrid signatures

Border control & ePassport validation facilitated by Hardware Security Modules

The International Civil Aviation Organization (ICAO) works to reach standards and recommended practices (SARPs) for an efficient and secure execution of flights worldwide. This includes machine-readable travel documents (MRTD), such as the ePassport. The electronic passport contains a chip with biographical information and the issuing country’s unique digital signature. Validating an ePassport at an international border consists of verifying the authenticity of its chip with the issuing country’s CA (certificate authority). The ICAO Public Key Directory (PKD) is a centralized database that facilitates the exchange of information and digital certificates between countries to enable fast and secure authentication of ePassports.

In this context, the Ministry of Security and Justice of the Netherlands uses Utimaco HSMs to facilitate border control. The ICAO-compliant solution provides different levels of access to the (biometrical) data stored on the chip of e-documents for verification and validation of the document holder’s identity.

The implementation of eIDAS as a key driver of eID and eTS interoperability

The European eIDAS regulation, which replaced the eSignature directive and came into effect on July 1st, 2016, promotes cross-border recognition & legal validity of national eIDs and electronic trust services (eTS) within the EU.

The deadline for the cross-border recognition of eIDs is September 29th, 2018.

• The Dutch eIDAS 2018 Municipalities Project is one of the first actual implementations of the eIDAS principles, providing access to public services for foreigners starting with Austrian, German and Belgian eID holders.
• Another leading e-government example in Europe is Estonia and its e-Estonia Named “the most advanced digital society of the world”, the country has successfully managed its digital transformation for the past 20 years. Estonia now has nearly 1.3 million eID cards. What’s more, 99% of public services are available online 24/7 and 95% of electronically filled tax declarations as well as medical data are stored in e-Health records. The backbone of the Estonian e-government solution is the Data Exchange Layer X-Road, which uses Utimaco HSMs as Root of Trust.
• Remote server signing based on a signature activation module (SAM) will make banking transactions safer and faster in the future. As a concept, remote signing speeds up and simplifies processes such as signing contracts, opening an account or issuing insurance policies. Bank-Verlag and achelos are currently developing such a SAM together with Utimaco, read more here (German).

Utimaco is at the forefront of providing eIDAS compliant HSM solutions, with their Se-Series Gen2 CP5 HSM currently being certified according to Common Criteria (CC) protection profile EN 419 221-5 [PP_CMTS]. The Se Gen2 CP5 HSM builds the basis for compliant signatures and other trust services.

How smart nations improve their citizens’ lives

Smart nation and smart city initiatives are emerging all over the world, with the aim to improve the management of public services, transportation and traffic, availability of (natural) resources and their disposal, as well as healthcare and public safety. As an example, Singapore’s Smart Nation initiative was launched at the end of 2014 and has since then successfully achieved various milestones. Since 2017, Singapore has addressed five Strategic National Projects to further build their smart nation:

• National Digital Identity (NDI)
• E-Payments for fast, seamless and safe payments
• Smart Nation Sensor Platform (SNSP) to accelerate the deployment of IoT sensors
• Smart Urban Mobility to enhance (public) transportation
• Moments of Life, bundling government services across agencies

Read more about this subject in our “Hardware Security for Smart City & Smart Nation Concepts” white paper.

Fiscalization and electronic invoicing – secured by HSMs – to fight tax fraud and evasion

Governments have introduced regulations around fiscalization and electronic invoicing to control tax payments and have solid audit options at hand. Regulations are very country-specific but mandatory for businesses of all kinds & sizes in many countries. E-invoices and their digital signatures need to go through authentication and validation by the governments’ tax authorities, which is a often a challenge. More detailed information about country-specific regulations here.

HSMs play a major role as Root of Trust within all the above-mentioned applications and processes. The German solution is also supported by Utimaco’s SecurityServer TSE.