CryptoServer CP5
eIDAS Compliant and CC-Certified Qualified Signature Creation Device (QSCD)

CC eIDAS

CC eIDAS for CryptoServer General Purpose HSMs

  • Specifically designed for eIDAS-compliant qualified signatures and seals, remote signing and the issuing of qualified certificates
  • Common Criteria-certified according to the eIDAS Protection Profile (PP) EN 419 221-5 “Cryptographic Module for Trust Services”
  • Supports Trust Service Providers (TSPs) in fulfilling policy and security requirements by deploying and maintaining HSMs to be used as qualified devices for electronic signature creation
  • Includes a software simulator for evaluation and integration testing

Product Type:

Firmware

Supported Platforms:

Delivery Time:

About 2-4 weeks
Key Benefits

Key Benefits

Icon

Qualified Signature/ Seal Creation Device (QSigCD & QSealCD)

CC eIDAS running on CryptoServer has received eIDAS certification as both a Qualified Signature and Qualified Seal Creation Device (QSCD) and can be used as a standalone QSCD or as a part of a combined QSCD with remote signing solutions.

Icon

Signature Activation Module (SAM) Ready for eIDAS Server Signing

By utilizing an add-on product from UTIMACO - the CryptoServer SDK - for development of a Signature Activation Module (SAM), running inside the certified boundary of the HSM.

Icon

Strong Hardware Protection of Sensitive Assets

A secure root of trust to store sensitive assets such as private keys and data and optionally be managed as a “remote QSCD” by a qualified trust service provider (QTSP).

Details

Details

CC eIDAS for CryptoServer General Purpose HSM – eIDAS Qualified Signing, Sealing and Certificate Issuing

CryptoServer CP5

 

CC eIDAS running on CryptoServer General Purpose HSM supports Trust Service Providers (TSPs) in fulfilling policy and security requirements defined in various technical standards (ETSI EN 319 401, EN 319 411, EN 319 421).

With key authorization functionalities, it is ideally suited for eIDAS-compliant qualified signature creation and remote signing. Other applications include (qualified) certificate issuance, OCSP (Online Certificate Status Protocol) and time stamping. This compliance version enables CryptoServer General Purpose HSM to be Common Criteria-certified according to the eIDAS Protection Profile (PP) EN 419 221-5 “Cryptographic Module for Trust Services”.

Deployed as a Qualified Signature/ Seal Creation Device operating in the secure environment of a QTSP it provides users with a remote signing func-tionality. When used in conjunction with qualified certificates, the QSCD gen-erates qualified electronic signatures or seals as defined in eIDAS. The eIDAS compliant Hardware Security Module provides the highest level of assurance and conformity for efficient signing transactions, as a part of an eIDAS-compliant solution.

For further customization, it can be extended with a Signature Activation Mod-ule (SAM) that runs within the certified HSM boundary and meets the require-ments of the EN 419 241-2 protection profile using the Software Development Kit. This combined solution enables Trust Service Providers to offer server signing for remote signatures and seals.

The included software simulator enables evaluation and testing of all CC eIDAS use cases for integration with business applications prior to produc-tion deployment.

Features

High security for regulated use cases

  • Can be used for additional applications such as Timestamping and OCSP (Online Certificate Status Protocol)
  • Secure key storage and processing inside the hardened boundary of the HSM
  • High-quality true random number generator to ensure uniqueness of keys
  • Configurable role-based access control and separation of functions
  • 2-factor authentication with smartcards
  • “m of n” quorum authentication
  • Extensive remote management and monitoring

Efficient key management and HSM administration including firmware up-dates via remote access

  • Automation of remote diagnosis via Simple Network Management Protocol (SNMP)
  • Software Simulator Included

HSM Simulator with all functionalities

  • Fully functional runtime including all administration and configura-tion tools
  • For evaluation and integration testing prior to deployment in production

Technical Specifications

Supported Cryptographic Algorithms

  • RSA, ECDSA with NIST and Brainpool curves
  • ECDH with NIST and Brainpool curves
  • AES
  • CMAC, HMAC
  • SHA-2, SHA-3
  • Hash-based deterministic random number generator (DRG.4 acc. AIS 31)
  • True random number generator (PTG.2 acc. AIS 31)
  • up to 3,000 RSA or 2,500 ECDSA signing operations     

Support for various Application Interfaces (APIs)

  • PKCS #11
  • Cryptography Next Generation (CNG)
  • Key authorization API and tool
  • Utimaco‘s comprehensive Cryptographic eXtended services Interface (CXI)

Fulfills Various Security Compliance Mandates

  • Common Criteria EAL4+ certified according to Protection Profile EN 419 221-5 (further information is available on the Common Criteria Portal) as well as to point 23 and 32 of Article 2 of Regulation 910/2014 (eIDAS) (further information is available on the EU Trust Services Dashboard)
  • Server Signing acc. EN 419 241-2
  • ETSI Policy and Security Requirements (e. g. EN 319 401, EN 319 411, EN 319 421, C-ITS)        

Fulfills Various Environmental Compliance Requirements

  • CE, FCC Class B
  • RoHS III, WEEE
  • UL, IEC/EN 60950-1, IEC/EN 62368-1
  • CB certificate
     

On-premise

Our on-premise options allow hosting the product directly on-site in your own network or data center.

  • LAN Appliance
  • PCIe Card

 

Related to this product

Add-ons

360 HSM Monitoring

Remote HSM Management and Monitoring

Find more details

Technologies

Technologies

Digital Signing

What is a Digital Signature?
Encryption

What is Data at Rest?
Public Key Infrastructure

What is Public Key Cryptography?
Encryption

What is Tokenization?
Zero Trust

What are the Core Principles of a Zero Trust Model?

Contact us

We look forward to answering your questions.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

      Your collection of download requests is empty. Visit our Downloads section and select from resources such as data sheets, white papers, webinar recordings and much more. 

      Downloads

       

      How can we help you futher?

      0