Utimaco HSM re-certification according to eIDAS Protection Profile EN 419 221-5
For the second time, Utimaco obtains the Common Criteria EAL4+-certification according to eIDAS Protection Profile EN 419 221-5
2018, 2023, 2028 – Utimaco, a leading manufacturer of Hardware Security Modules (HSM), received the Common Criteria (CC) EAL4+ re-certification for its CryptoServer CP5 HSM based on the eIDAS Protection Profile EN 419 221-5. The Utimaco CP5 was introduced in October 2018.
Utimaco CryptoServer CP5 – the eIDAS HSM
Back in 2018, the CryptoServer CP5 was the first HSM in the market with a CC certification based on this protection profile, making it a future-proof choice for eIDAS trust services. These included local and remote electronic signing and sealing, issuing of certificates, website authentication and timestamping. For application development and regression testing, Utimaco offers a dedicated CryptoServer CP5 HSM simulator to prospects and customers.
eIDAS Protection Profile EN 419 221-5 “Cryptographic Module for Trust Services”
The German hardware security specialist was engaged with and contributed to the creation of the security requirements and protection profiles within the Technical Committee 224, Working Group 17 of the European Committee for Standardization (CEN).
Protection profiles (PP) according to the Common Criteria certification scheme define the requirements for information technology security functions. The eIDAS Protection Profile EN 419 221-5 was certified by an accredited evaluation laboratory in late 2017 and approved by the EU member states earlier this year. With this Protection Profile, CEN standardizes security requirements for cryptographic modules being used as Qualified Signature Creation Device (QSCD) according to the eIDAS regulation.
Utimaco certification
In December 2023, Utimaco has just renewed the certification for their eIDAS flagship CryptoServer CP5. This results in new certification documents that can be downloaded here:
a) The NSCIB NSCIB-CC-2300142-01 certificate
b) The Security Target Lite for CryptoServer Se-Series Gen2 CP5
c) The certification report for the CryptoServer CP5
The eIDAS HSM user cases
The principal aim of the eIDAS regulation is to facilitate a true digital single market in Europe. The related services for electronic identification and trust services lend themselves to a variety of use cases. These include
- Qualified Electronic Seals for businesses to prove the origin and integrity of data and documents issued by them,
- strong website authentication and qualified certificates for sealing communications based on the new PSD2 regulation for the banking and financial services industry,
- electronic signatures created either locally by the signatory, or remotely by a Trust Service Provider (TSP) on behalf of the signatory. In the latter case, this involves a Signature Activation Module (SAM) supported by a Hardware Security Module to build a Qualified Signature Creation Device for server signing.
Tailored eIDAS solutions
ESYSCO is an Utimaco reseller and systems integrator since 2008. With the CryptoServer CP5, we’re offering a wide range of eIDAS compliant products and services:
- On-prem and cloud based Qualified Electronic Sealing
- Digital Signing technologies for large and global organizations
- Custom development for Utimaco HSMs