Utimaco achieves world’s first eIDAS certification for HSM

23.10.18 08:54 AM By Brightsight

Delft, 23 October 2018: Brightsight is proud to announce that the world’s first Common Criteria (CC) EAL4+certified HSM according to eIDAS has been granted to Utimaco by the Dutch CC Scheme (NSCIB), based on a Brightsight security evaluation report.  Utimaco obtained the Common Criteria EAL4 AVA_VAN.5 approval for their Utimaco CryptoServer CP5 hardware security module according to eIDAS Protection Profile EN 419 221-5. A hardware security module (HSM) is a physical device that provides enhanced security for sensitive data. This type of device is used to generate and store cryptographic keys for critical functions such as encryption, decryption and authentication for the use of applications, identities and databases. eIDAS (electronic IDentities And Trust Services) seeks to enhance trust in electronic transactions in the EU’s internal market by providing a common foundation for secure electronic interaction between citizens, businesses and public authorities across borders in order to increase the effectiveness of public and private online services, electronic business and electronic commerce in the European Union. The regulation replaced the eSignatures Directive and any previous inconsistencies in Digital Signature law across Europe. It was adopted by the General Affairs Council in July 2014, with regulations for trust services coming into force on 1 July 2016. The mandatory mutual recognition of electronic identities (eIDs) applies since September 2018. eIDAS covers authentication, signature seals, registered delivery services and time stamps. “After the regulations for trust services came into force on 1 July 2016, we worked closely with Utimaco to get their HSM EAL4+ certified. It was their ambition to be the first to have an eIDAS certified HSM on the market and they achieved it. Immediately after receiving the certificate from NSCIB, Utimaco asked Brightsight to evaluate a delta version of this approved HSM to serve as a platform for all Signature Activation Modules (SAMs) for remote signing," says Dirk-Jan Out, CEO at Brightsight. “We congratulate Utimaco on this important achievement. We are grateful to have been selected by Utimaco as their security evaluation lab for HSM-related products.” Matthias Pankert, Senior Vice President at Utimaco IS GmbH, says: “Being the first to get an HSM certified according to an eIDAS PP, EAL4+ and AVA_VAN.5 made this a challenging certification. Brightsight’s structured approach was an important part of the recipe for success. Utimaco is pleased to be able to offer customers a certified HSM and matching simulator today.” Utimaco is a leading manufacturer of hardware security modules (HSMs) that provide the Root of Trust for all industries, from financial services and payment to the automotive industry, cloud services to the public sector. Brightsight, known for their knowledge and expertise, has over 35 years of experience in security evaluations of electronic payment devices as well as many other types of IT products. In addition to security evaluations, including site audits, Brightsight offers training courses and pre-evaluation services. Working closely with the developer, Brightsight aims to increase security assurance while reducing time to market and costs. Brightsight HQ is located in Delft, the Netherlands. Since 2017, Brightsight also has labs in Beijing and Barcelona.
For more information, please contact sales@brightsight.com