The professional development kit for HSM solutions
- A professional development kit for Utimaco SecurityServer and PaymentServer HSMs
- Full customizability ensuring complete flexibility
- For SecurityServer and PaymentServer HSMs
The professional development kit for customized HSM solutions
UTIMACO’s CryptoServer SDK provides a professional development environment for the purpose of implementing firmware extensions for SecurityServer and PaymentServer built on CryptoServer Se Gen2- and CryptoServer CSe-series.
Although widely used cryptographic APIs such as PKCS #11 or JCE support a wide range of cryptographic algorithms and mechanisms, their use may be limited or not possible in certain use cases. For example, chip personalization and key injection often involves multiple cryptographic operations. Starting with the generation of unique keys or derivation of such keys from a secret master key using device-specific information which includes assembling these keys and additional information into a well-defined personalization record to finally encrypting this record under a transport key.
Implementing such a sequence of operations using industry-standard cryptographic APIs results in multiple function calls may return intermediate and sensitive results outside the HSM, and in the worst-case scenario, failure due to the required key derivation function not being supported by the standardized cryptographic API.
Similar challenges often arise with processing payment transactions because standardized cryptographic APIs do not provide all operations required for PIN verification or re-encryption of transaction data (like decryption with one key and encryption with another key as atomic operation). All operations, from key generation to transport encryption, can be implemented as a custom atomic operation inside the HSM, which solves these issues,ensuring the highest possible performance at all times.
CryptoServer SDK enables creation of customized applications, such as proprietary algorithms, key derivation functions or complex protocols as firmware modules that run within the tamper-proof environment of SecurityServer and PaymentServer HSMs. Standard programming languages and integration with common development environments and tool chains are supported. Beginning with sample code, project files, make files and comprehensive documentation of HSM base firmware that can be invoked, increased efficiency and can be expected.
- Allows full control over firmware functionality with manufacturer-independent development
- No review or approval by Utimaco required
- Provides a choice of either proprietary interface or PKCS #11 Vendor Defined Mechanism for application integration
Easy to use
- The CryptoServer SDK uses standard programming languages and popular development environments
- Provides sample code for firmware modules and host-side applications, including project files and make files
- Provides an HSM simulator for testing and debugging of new firmware in Windows or Linux development environment
- Developer training available
- Support provided on developer level via phone and email
Full Support of CryptoServer HSM Models
- CryptoServer Se-Series Gen 2
- CryptoServer CSe-Series
- Support of hardware acceleration
Supports Various Cryptographic Algorithms
- RSA, DSA, ECDSA with NIST and Brainpool curves, EdDSA
- DH, ECDH with NIST, Brainpool and Montgomery curves
- AES, Triple-DES, DES
- MAC, CMAC, HMAC
- SHA-1, SHA-2, SHA-3, RIPEMD
- Hash-based deterministic random number generator
- True random number generator
- Reduced price for HSMs in development environments
- No additional license fees for runtime environments
- No additional costs for each delivered application
- All supported cryptographic algorithms are included
Utimaco’s general purpose HSM utilizes tamper-responsive technology to secure cryptographic key infrastructures, making it ideally suited for applications and market segments with high physical security requirements.
The Utimaco PaymentServer is a Payment Card Industry (PCI), PIN translation, card personalization and issuance, for various payment card schemes programs.