Cryptosec Banking
Network Cryptographic Server for Banking, Fintech, and Methods of Payment

Cryptosec Banking

Available as: Hardware on-premise

For a simplified migration, Cryptosec Banking incorporates a command set that is compatible with the major HSM vendors.

Delivery time about 2-4 weeks
  • All banking functions and algorithms included, no hidden additional costs
  • Used by financial institutions around the world
  • Quick and easy integration with any financial application
  • High availability and load balancing through external balancer
  • Complies with ANSI, ISO and PCI/DSS standards
  • PCI PTS HSM v3.0 certified
Key Benefits

Key Benefits


A simplified, time-saving migration, with no need to rewrite your applications

With commands and APIs similar to the major HSM providers, Cryptosec Banking makes the migration from other HSM vendors extremely easy. There will be no need to recreate any command set or rewrite any existing applications.


Exceptionally fast delivery time

Inventory-wise, we have a healthy supply chain, and we are prepared to deliver NOW. Forget long waiting times - you will have your HSM within weeks.


Immediate access to a full suite of commands at a convenient price and no extra charges for the customized ones

You will get access to all commands needed for the cryptographic banking use cases and encryption needs straightaway, at a fraction of the cost. All needed functions and commands are included by default.



​​​​​​​Cryptosec Banking is a PCI PTS 3.0 certified, cryptographic module used in Banking and Fintech. Designed to protect transactions processed on different channels of payment (ATMs, TPVs/POS, mobile banking, etc.), and with different types of credit and debit cards, it is a device that meets all the requirements and standards defined by the PCI Consortium. 


  • Can be easily integrated into any bank environment, against existing  implementations and is operable where other HSM vendors have been used.

  • EMV commands available for smartcard, contactless, and mobile transactions.

  • New standard functions covered by maintenance contract without additional future charges.

  • Possibility of adding additional features on demand.

  • Maximum security of transactions, more protection, and keys custody (Tamper Responsive).

  • Smart card reader, which provides load security of master keys of external origin.

  • Access interface with API REALSEC through TCP/IP socket or safe socket; easy to use and with a set of commands to perform all the functions and banking cryptographic operations.

  • Capacity to serve up to 2,000 simultaneous requests.

  • Monitoring through SNMP protocol.

  • Secure access for remote console for HSM administration, monitoring and supervision.

Banking commands and functions

Support payment cards:

  • PIN verification functions and smartcard for VISA and MasterCard.

  • EMV 3.X and 4.X transactions and messaging, including scripts of encryption and digital signatures: DAC and DN, ARQC and ARPC functions and PIN change.

  • Integration with all major types of authorization of payments and applications software.

PIN code functions:

  • Generation, translation and verification.

  • PIN-offset calculation.

  • PIN codes export.

  • Blind envelopes printing.

  • Calculation and verification of validation codes (CVV/CVC, dCVV/CVC3, CSC, etc.).

EMV functions:

  • Encryption and signature script.

  • PIN change.

  • DAC and IDN calculation and validation.

  • ARQC verification and ARPC generation.

Other features included:

  • Generation and verification of keys to wallet and transport applications.

  • Management of Toll Motorway.

  • Message security: MAC generation and validation using the algorithm defined by the ANSI X9.9 Financial Institution Message Authentication standard.

  • RSA key generation: signature and verification of data with RSA public key up to 4,096-bit

  • MK (Master Key) storage on smart cards (ISO 7816).

  • Keyblock support, PCI-certified

Supported algorithms

Symmetric key encryption:

  • DES, TDES2 and TDES3

  • AES and AES-GCM with key length 128, 192, 256 bits

Asymmetric key encryption:

  • RSA with key length from 512 to 4,096 bits

Hash functions:

  • MD5 - SHA-1 and SHA-2

Key authentication:


  • Key generation through a random number generator according to SP800-90A, SP800-90B, SP800-90C

Key Derivation Algorithms:



Our on-premise options allow hosting the product directly on-site in your own network or data center.

  • LAN Appliance


Contact us

We look forward to answering your questions.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

      Your collection of download requests is empty. Visit our Downloads section and select from resources such as data sheets, white papers, webinar recordings and much more.