CC eIDAS

Use your HSM as an eIDAS-compliant and CC-certified Qualified Signature Creation Device (QSCD)

  • Overview
  • Key Features
  • Description
  • Specifications
  • Resources
  • Platform Overview

About CC eIDAS

The CC eIDAS compliance version for CryptoServer General Purpose HSM supports Trust Service Providers (TSPs) in fulfilling policy and security requirements defined in various ETSI technical standards (ETSI EN 319 401, EN 319 411, EN 319 421). It can be used as a Qualified Signature and Qualified Seal Creation Device.

Supported Platform: CryptoServer General Purpose HSM

5G Protect

  • Key Features

  • Description

  • Specifications

Qualified Signature/ Seal Creation Device

Qualified Signature/ Seal Creation Device

CC eIDAS on CryptoServer is eIDAS-certified as both a Qualified Signature and Qualified Seal Creation Device (QSCD) and can be used as a standalone QSCD or as a part of a combined QSCD with remote signing solutions.

eIDAS Server Signing

eIDAS Server Signing

Ready for eIDAS Server Signing by utilizing an add-on product - the CryptoServer SDK – for development of a Signature Activation Module (SAM), running inside the certified boundary of the HSM.

Strong hardware protection

Strong hardware protection

A secure root of trust to store sensitive assets such as private keys and data and optionally managed as a “remote QSCD” by a qualified trust service provider (QTSP).

Fulfills Various Compliance Mandates

Fulfills Various Compliance Mandates

Common Criteria EAL4+ certified acc. to Protection Profile EN 419 221-5, point 23 and 32 of Article 2 of Regulation 910/2014, enables Server Signing acc. EN 419 241-2, and fulfills ETSI Policy and Security Requirements.

Free software simulator

Free software simulator

Test before deployment: The fully functional simulator allows integration testing by offering a fully functional runtime including administration and configuration management.

CC eIDAS enables eIDAS qualified signing, sealing and certificate issuing, supporting Trust Service Providers in fulfilling policy and security requirements defined in ETSI standards (EN 319 401, EN 319 411, EN 319 421).

With key authorization, it ensures eIDAS-compliant qualified signatures and remote signing, while also supporting certificate issuance, OCSP, and time stamping. It is Common Criteria-certified under eIDAS Protection Profile EN 419 221-5 “Cryptographic Module for Trust Services”.

image
Cryptographic Interfaces (APIs)

  • High security for regulated use cases

  • Efficient key management and HSM administration including firmware up-dates via remote access

  • Supported Cryptographic Algorithms

  • Support for various Application Interfaces (APIs)

  • Fulfills Various Security Compliance Mandates

High security for regulated use cases

  • Can be used for additional applications such as Timestamping and OCSP (Online Certificate Status Protocol)
  • Secure key storage and processing inside the hardened boundary of the HSM
  • High-quality true random number generator to ensure uniqueness of keys
  • Configurable role-based access control and separation of functions
  • 2-factor authentication with smartcards
  • “m of n” quorum authentication
  • Extensive remote management and monitoring
background-image
image

Efficient key management and HSM administration including firmware up-dates via remote access

  • Automation of remote diagnosis via Simple Network Management Protocol (SNMP)
  • Software Simulator Included
background-image
image

Supported Cryptographic Algorithms

  • RSA, ECDSA with NIST and Brainpool curves
  • ECDH with NIST and Brainpool curves
  • AES
  • CMAC, HMAC
  • SHA-2, SHA-3
  • Hash-based deterministic random number generator (DRG.4 acc. AIS 31)
  • True random number generator (PTG.2 acc. AIS 31)
  • Up to 3,000 RSA or 2,500 ECDSA signing operations
background-image
image

Support for various Application Interfaces (APIs)

  • PKCS #11
  • Cryptography Next Generation (CNG)
  • Key authorization API and tool
  • Utimaco‘s native Cryptographic eXtended services Interface (CXI)
background-image
image

Fulfills Various Security Compliance Mandates

  • Common Criteria EAL4+ certified according to Protection Profile EN 419 221-5 (further information is available on the Common Criteria Portal) as well as to point 23 and 32 of Article 2 of Regulation 910/2014 (eIDAS) (further information is available on the EU Trust Services Dashboard)
  • Server Signing acc. EN 419 241-2
  • ETSI Policy and Security Requirements (e. g. EN 319 401, EN 319 411, EN 319 421, C-ITS)
background-image
image
image

Resources

Datasheet CC eIDAS

The CC eIDAS compliance version for CryptoServer General Purpose HSM supports Trust Service Providers (TSPs) in fulfilling policy and security requirements defined in various ETSI technical standards (ETSI EN 319 401, EN 319 411, EN 319 421).

Download
CC eIDAS

The CC eIDAS compliance version for CryptoServer General Purpose HSM supports Trust Service Providers (TSPs) in fulfilling policy and security requirements defined in various ETSI technical standards (ETSI EN 319 401, EN 319 411, EN 319 421).

Download
Case Study Ministry Justice

Deploying Government-grade Hardware Security Modules to Ensure Data Protection and Data Privacy in Critical Applications Such as Border Control

Download
Dutch Ministry of Justice and Security

Deploying Government-grade Hardware Security Modules to Ensure Data Protection and Data Privacy in Critical Applications Such as Border Control

Download
Joint Solution Brief Cryptomathic

Cryptomathic provides secure server solutions to industries such as banking, government, technology, and cloud services.

Download
Cryptomathic: CryptoServer and Signer for Remote Qualified Electronic Signatures

Cryptomathic provides secure server solutions to industries such as banking, government, technology, and cloud services.

Download
Whitepaper Digital Decade

Take a deep dive into the background, outlook, and cybersecurity solutions for compliant and trusted digital processes

Download
eIDAS 2.0 and the Path to the Digital Decade

Take a deep dive into the background, outlook, and cybersecurity solutions for compliant and trusted digital processes

Download

Platform Overview

U Trust App

Cryptoserver General Purpose HSM

The CryptoServer General Purpose HSM is specifically designed for eIDAS-compliant and classified use cases. This makes it the perfect HSM for the public sector and entities requiring strict compliance, such as Trust Service Providers or critical infrastructure operators.

Know More

Ready to Secure Your Digital Future?

Know More

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.