HSM for electronic seal

In the area of HSM (Hardware Security Module) devices, we offer the following modules:

• Utimaco CryptoServer CP5 – dedicated to electronic seal
• Utimaco SecurityServer Se Gen2 – dedicated to general applications

CryptoServer CP5 and Se Gen2 are scalable network HSM security modules, which can be integrated easily into many security infrastructure applications.

Through the API (PKCS#11, CSP, CNG, CXI), the HSM Utimaco modules provide hardware protection for critical security applications such as public key infrastructure (PKI), databases, application servers and web servers. Both models have fully redundant power supply and cooling. The operability in high availability, scalability and remote management make the offered devices an ideal solution for e-business.

For electronic seal, the security of CP5 modules is confirmed by Protection Profile EN 419221-5 and eIDAS compliance certificates. CP5 is present on the EU list of qualified devices as a qualified signature creation device and a qualified seal creation device (https://esignature.ec.europa.eu/efda/notification-tool/#/screen/browse/list/QSCD_SSCD).

Infrastructure for electronic seal

We propose a solution based on the UTIMACO HSM device and Szafir SDK programming components for building the infrastructure for electronic seal management. The solution includes:

• qualified electronic seal certificate,
• HSM Utimaco CP5 cryptographic module installed at the customer's site to store private keys and to generate seals and authorisation of time-stamping requests,
• Szafir SDK programming components, allowing the integration of electronic seal generation and time stamping functionality with customer's systems that ensure communication with HSM devices via PKCS#11,
• qualified time stamps, guaranteeing the reliable existence of documents with an electronic seal.

The use of HSM devices within the infrastructure offers the following advantages:

• security of UTIMACO CryptoServer CP5 HSM modules confirmed by the Common Criteria certificate in accordance with the EAL4 AVA_VAN.5 standard and Protection Profile EN 419221-5,
• compliance with eIDAS requirements. HSM UTIMACO CryptoServer CP5 is present on the EU list of qualified devices as a qualified signature creation device and a qualified seal creation device (https://esignature.ec.europa.eu/efda/notification-tool/#/screen/browse/list/QSCD_SSCD),
• ability to work in FIPS compatibility mode – SecurityServer Se Gen2
• securing and isolating sensitive cryptographic operations and assigning keys to critical applications in the organisation,
• reducing compliance costs (one network module for many applications),
• all cryptographic algorithms supported by the device included in the product price,
• the customer is the one to decide on the number of keys generated in HSM,
• scalability of the solution depending on needs and the ability to add other HSM modules,
• ensuring high availability and protection in the event of failure – for two HSMs kept in two independent customer data centres,
• smooth failover and load balancing across several HSM devices,
• simplified cryptographic key management,
• option of remote administration of HSM devices,
• ability to monitor the operation of HSM devices, among others, via SNMPv3 protocol,
• dedicated software simulator and HSM devices for potential solution evaluation and testing.

The offered UTIMACO CryptoServer CP5 HSM devices are characterised by the following performance:

Basic technical parameters of UTIMACO CryptoServer CP5 LAN HSM devices: