Utimaco CryptoServer CP5
The eIDAS regulation established a common framework for secure electronic signature services, which has greatly facilitated the use of modern collaborative tools in the EU.
According to eIDAS, cryptographic keys must be stored on a qualified signature creation device, and a qualified trust service provider (QTSP) is required to provide electronic signature services.
UTIMACO’s CryptoServer CP5 is a secure signature/seal generation device that operates in a secure QTSP environment, allowing users to also sign remotely. The device generates qualified electronic signatures or seals as defined by eIDAS. (QSigCD / QSealCD). Relevant security certificates certify compliance with the requirements for this type of application.
The CryptoServer CP5 has many options to customize the device according to customer requirements. An example is the SAM module, which operates inside the certified HSM area and according to the requirements of the EN 419 241-2 security profile. There is also the CryptoServer SDK developer toolkit and a software simulator, which allows you to test the integration of all CryptoServer CP5 use cases with business applications before implementing them in production.
Important features of the solution:
- software simulator for easier integration and testing
- two-factor authentication using smart cards (also “m among n” quorum mechanism)
- remote access and management
- attractive price/feature ratio
- access through typical software interfaces (PKCS#11 and MS CNG) and through the manufacturer’s own contact allowing full use of the device’s potential
- high quality random number generator
- available as a PCI card or network device
Datasheet
Performance
Performance is measured in transactions/signatures per second (TPS)
RSA performance | model Se12 | model Se52 | model Se500 | model Se1500 |
---|---|---|---|---|
CryptoServer PCIe | 16 - 2048 bit 2 - 4096 bit | 80 - 2048 bit 11 - 4096 bit | 640 - 2048 bit 100 - 4096 bit | 900 - 2048 bit 160 - 4096 bit |
CryptoServer Network | 16 - 2048 bit 2 - 4096 bit | 75 - 2048 bit 11 - 4096 bit | 56- 2048 bit 100 - 4096 bit | 750 - 2048 bit 150 - 4096 bit |
Note: performance may depend on the operating system, applications, local network structure and other factors.
Supported cryptographic algorithms | |
---|---|
Symmetric algorithms | AES, CMAC, HMAC |
Asymmetric algorithms | RSA, ECDSA with NIST and Brainpool curves, ECDH with NIST and Brainpool curves |
HASH algorithms | SHA2-Family, SHA3 |
Technical specification | |
---|---|
Physical characteristics | Network Apliance: 19'' 1U ( 446mm x 533,4mm x 44mm) PCIe card: 18,6mm x 111,15mm x 167,65 mm |
Supported OS* | Microsoft, Linux |
API | PKCS#11, Cryptography Next Generation (CNG), Cryptographic eXtended services Interface (CXI) |
Certifications &Compliances | CC (Common Criteria) UL, IEC/EN 60950-1, IEC/EN 62368-1, CB certificate, RoHS III, WEEE, CE, FCC Class B |