Utimaco HSMs Product Portfolio · Simulator 2007 eID „Deutschland“ HSM 2010 ... 2015 Office in...

Utimaco HSM Business Unit · Aachen, Germany · © 2017 - November 2017 hsm.utimaco.com Page 1

Utimaco HSMsProduct PortfolioNovember 2017

Dieter Bong, Head of Product Management

Christian Bollich, Director of Payment Program


Installations1.000+

Fastest growing

Employees170+70% in R&D, Support and Production

~ € 40 MillionRevenue

Aachen, GermanyHeadquarters

Utimaco: Facts and Figures

independent

HSM vendor

worldwide


2001 German Land Registry Office 2008

Conditional Access for PayTV

Utimaco: 25 years of experience in IoT security

Foundation Utimaco 1983

1st Gen HSM KryptoServer1991

TimeStampfor Lotteries1999

2nd Gen HSM CryptoServerSeries (Incl. Sensor Foil)2002

Market Leader in Telecommunications 2006

HSM Software Simulator2007

eID

„Deutschland“ HSM2010

ImmigrationControl2012

6th Gen HSM 2016

1993ZKA Approval

1997 1st Automotive Application 2004

Road Pricing

2006 HSM Software Development Kit

2011 SmartGrid

2013Payment EFT POS for large Food Retailer

2014Industrial IoT with leading Semiconductor

Office in USA2013

US Electric Car Maker2015

Office inSingapore

2008–2013Sophos


Challenges

CyberSecurity

?

Compliance

Regulations and market-specific security requirements

mandate confidentiality of data

GDPR, HIPAA, …: personally identifiable information (PII)

PCI DSS: cardholder data

Confidentiality is achieved by encrypting the data

Data encryption keys must be securely generated,

stored and used

Access to encryption keys must be restricted

to dedicated personnel


Connected World

Identification and authentication of connected devices in large infrastructures

Smart Metering, V2x communication, Internet of Things (IoT), …

Each device requires a unique ID and key material

Challenges

CyberSecurity

HSMs are the Root of Trust

for many industries

and the IOT


Utimaco HSMs – The Root of Trust


CryptoServer Hardware Security Modules

Product Portfolio

PCIe

plug-in card

Network

attached

(T)DES, AES, RSA, (EC)DSA, (EC)DH, SHA, …

FIPS 140-2 Level 3,

Common Criteria EAL4+

acc. Protection Profile EN 419221-5 *

Physical

Interface

Cryptographic

Support

Certifications

(* in progress)

CryptoServer

Se-Series 12/52/500/1500

FIPS 140-2 L3 w/ Phys. Security L4,

CC Evaluation w/ Attack Potential “High”,

“DK” Approval, PCI-HSM

PCIe

plug-in card

Network

attached

CryptoServer

CSe-Series 10/100


Product Portfolio - Product Packages

Product Portfolio

PKCS#11, JCE, MS CSP/CNG/SQL EKM, CXISecurityServer

CryptoServer

Se-Series 12/52/500/1500

CryptoServer

CSe-Series 10/100

TimestampServerRFC 3161,

CTS API

RFC 3161,

CTS API

Development Kit for CryptoServer Firmware DevelopmentCryptoServer

SDK

PaymentServer EFTPOS


PKCS#11, JCE, MS CSP/CNG/SQLEKM, CXI

Internal and external key storage

Internal key storage fulfills most stringent compliance requirements

External key storage provides

Virtually unlimited storage capacity

Easy setup HSM cluster

HSM cluster for high-availability or load-balancing

Virtually unlimited number of slots

Great performance

Great Functionality, Capacity and Scalability

Utimaco SecurityServer


Multitude of authentication mechanisms

Username/password

Keyfile

Smartcard

2 factor authentication

4 eyes principle and M of N authentication

Configurable role-based access control

Granular definition of required permissions

Interface hardening

Extremely Powerful and Flexible Access Control Mechanisms

SecurityServer

Fulfil any security policy

from straightforward to most-demanding

Something

you have.

Something

you know.

HSM


Fully functional software simulator for Windows and Linux

HSM administration, user authentication, key management, cryptography, etc.

Ideal for

Product evaluation

Dry-run before setup of production HSM

Integration testing

Training

Free HSM simulator

SecurityServer


Easy and fast setup

HSM is up and running in a few minutes

Remote Management

Powerful command-line administration tools

Scriptable

Easy-to-use graphical administration tools

Unmatched Ease of Use

SecurityServer


Fixed-price policy w/o hidden costs

No license fees for additional connections, clients, partitions

No expensive PIN entry devices for remote management

Low price for additional authentication token

Smartcards and PIN Pad

Performance upgrade @ minimal service fee

Upgrade from Se12 / Se500 / CSe10 to Se52 / Se1500 / CSe100

Best price/performance ratio

Ease of use

Lowest TCO

SecurityServer


Standardized cryptographic APIs support many cryptographic algorithms and mechanisms …

PKCS#11, JCE, Microsoft CSP/CNG

… but do not

Cover all algorithms and mechanisms used worldwide

(Secret) Government algorithms

Key derivation mechanisms only used for payment transactions in selected countries

Immediately incorporate new algorithms as they get designed and standardized

Post Quantum Cryptography

Support complex protocols or sequences of functions as atomic operations

Key derivation and PIN calculation for card personalization

Challenges

CryptoServer SDK


Utimaco‘s CryptoServer SDK is the most powerful and flexible development kit that enables you to

Define and implement custom functionality with optimized application interfaces

Develop custom code that runs inside the secure boundary of any Utimaco HSM

Extend PKCS#11 functionality by Vendor Defined Mechanisms

The Solution

CryptoServer SDK


Full control of HSM functionality

Modular firmware concept allowing for a virtually unlimited number of firmware modules

C / C++ programming language

Complete Utimaco base firmware re-usable

Support for common development tools

Microsoft Visual Studio

gcc

HSM simulator for testing and debugging

Sample firmware modules and host applications

Most Powerful SDK for HSM Firmware Development

CryptoServer SDK


Extension of PKCS#11 provider by non-standardized mechanisms

Key derivation for Global Platform Secure Channel Protocol '03' (SCP03)

Local government algorithms

Localized product versions

Card personalization with common functionality but localized key derivation functions

Replacement of multiple standardized mechanisms by single atomic operation

Avoids intermediate results outside HSM

Increases performance

Replacement of standardized mechanism by customized variant

RSA key generation with custom prime number generation

Plug-in for PKCS#11 Vendor Defined Mechanisms Use Cases

CryptoServer SDK


A Timestamp proves that

Specific data / document existed at a certain point in time, and has not been modified since

An event occured at some point in time

Utimaco‘s TimestampServer

Safeguards and uses the TimestampServer signing key inside the secure boundary of an HSM

Synchronizes its internal time with a reference NTP server

Integrates with any application implementing the RFC 3161 time stamp protocol

E.g. Adobe Acrobat

Reliable Timestamps

TimestampServer


Payment cards and transaction security have a long history

Well established protocols and understood use-cases for HSM

Still growing globally in double digits

Incumbent and Traditional Market

The Payment Landscape

Number of Worldwide Non-Cash Transactions (Billion), by Region, 2011-15


Emerging Market


Almost done in Germany

The rest of the world

will follow

Payment sector is the first

to move into blockchain technology

Within the next 3 years implementation of

Payment authorization

Clearing and settlement

We will we see first productive

implementations soon.

Driven by Customer expectation for more

convenience using banking applications

In-App payments

Venture Capital

PSD2 will have an impact

Irrevocable – Potential to replace cash

and checks

In the UK today 5% of all non-cash

Payments are done via Fast Payment

Service

SEPA Instant Payments starts

November 2017

Introduction of AES FinTech

Blockchain Immediate or Instant Payments


Cards moving to contactless

Contactless penetration in

Canada > 40%

Australia > 85%

Europe between 20-50%

USA < 5%

New protocols to be implemented

VISA qVSDC

MasterCard M/Chip Fast

Emerging Market


Adoption rate of contactless cards worldwide

Source: https://www.nfcworld.com/2015/02/06/334018/contactless-payment-card-shipments-grow-35-percent/

> 40% > 85% 20 –50%

< 5%

Canada Australia Europe USA


PSD2 – Payment Services Directive 2

Europe will become a fully interoperable, digital market

Huge impact on Payment Service Provider and FinTechs

Will have global reach and shape other international standards

PCI – Payment Card Industy

PCI HSM gains more attraction as FIPS 140-2 disallows widely used algorithms like DES, SHA1 and Xor for key derivations.

Defines audit schemes like PCI DSS, PCI P2PE which mandates the use of HSMs

eIDAS

National schemes

DK (Germany)

CB (France)

By Governments and Industry Initiatives

Regulated Payment Market


Comprehensive offering

Supporting our customers every step of the way

Integration

Support

Certification

Assistance

+

HSM SDK

++ +Tiered

Maintenance


Hardware Security Module

A robust and flexible hardware platform

Robust, proven Hardware platform

Hardware Security Modules are designed and manufactured in Germany

LAN Appliance assembled in Germany and the US

FIPS 140-2 certified HSM, Level 3 Overall / up to Level 4 for Physical Security

PCI PTS HSM v2 certified

Single platform: Applications run on all HSM architectures

Extended product lifecycle, typically 7+ years

Hard- and firmware architecture design allows for maximum performance when executing custom algorithms


Software Development Kit

Making it easy to develop your own custom firmware

Software backward compatibility over 10+ years

Multiple options for developing custom firmware

C based Programming SDK

Lua based Scripting language

Software simulator for convenient debugging and testing

Multiple firmware applications can coexist on a single HSM


Integration support

Dedicated support capability for custom firmware development

Assistance to migration from legacy / competitive HW platforms

CryptoServer SDK training / CryptoScript SDK training

Not for resale Hardware HSM evaluation units

Free evaluation support

Multiple Professional Services options

Remote integration support

Outsource your custom firmware development to Utimaco


Assistance to certification

Accompanying our customers throughout the certification process

Utimaco works with leading evaluation labs across the world

Penumbra – FIPS

Brightsight – Common Criteria

SRC – PCI and eIDAS

We manage the entire certification process on your behalf

Full Project Management

Leveraging our existing certifications to fast track certification of our customers’ own firmware (“Delta” certification)

3 out of 5 devices in the market that are usable in uncontrolled environments for PCI HSM are based on the CryptoServer CSe

Documentation and implementation support


Tiered Maintenance

Choice of Maintenance & Support options

Per Unit cost

Fixed annual fee

Multi year maintenance discount available

Premium maintenance and support with advanced replacement for RMA


HSM, SDK, CryptoScript, integration process, certification process

Easy to work with

Flexible: One technology platform for GP and Payment and Customized firmware

Open to project way of working, experienced Professional Services team

We have a complete offering to support the change of your business

Enable, innovate, support


Public Payment Program – source code ships with the CryptoServer SDK

The basis for your payment business logic running inside a HSM

Many functions for transaction security and authorization, key management implemented

PCI HSM certified version

TR31 support

Based on the CSe series

Certified for uncontrolled environments

Product Offerings

Utimaco Offering: Payment Program


Utimaco IS GmbH

Germanusstraße 4

52080 Aachen

Germany

Tel +49 241 1696 200

Fax +49 241 1696 199

Email [email protected]

Utimaco Inc.

Suite 150

910 E Hamilton Ave

Campbell, CA 95008

United States of America

Tel +1 844 884 6226

Email [email protected]

Thanks for your attention

mailto:[email protected]

mailto:[email protected]

Date post:	03-Jul-2018
Category:	Documents
Upload:	buidan
View:	225 times
Download:	1 times

Utimaco HSMs Product Portfolio · Simulator 2007 eID „Deutschland“ HSM 2010 ... 2015 Office in...

Documents