Trusted Verification of HSM keys and timestamps

Key Attestation significantly reduces the costs of public certificate key ceremony and key distribution and massively increases scale of digital identity applications.

Digital identity applications in need of qualified certificates and signatures must have the certificate keys issued in a trusted way. The way to do it currently is to have their  key ceremony procedures audited and the audit approved by the certification authority. The identity keys then need to be distributed securely. All of this is costly and unscalable, and requires trust, that the audited process is applied consistently on all newly generated keys.

The new SECUROSYS Key Attestation feature provides cryptographic verification of the key and its attributes with a chain of trust originating from our root certificate. This allows to automate the key ceremony audit process, and to issue trusted digital identity keys at virtually limitless scale. 

How it works

Each Primus HSM is equipped with a CC EAL4+ certified keystore, protecting a factory installed root certificate and root key. The device then creates its own intermediary (device) key and its certificate is signed by the root key. The intermediary key is then used to sign attestation and timestamp key created for each partition. The attestation key is used to verify the key origin (i.e. that a new key has been generated on the particular HSM) and key attributes. The timestamp key is used for generating qualified signatures or for the applications of time-based key attributes.

This way, the digital identity applications can automatically generate identities for users or devices, and verify qualified signatures with those identities without a necessity to employ additional procedures or external authorities while guaranteeing their origin and hardware protection and at a virtually zero marginal costs and a limitless scale needed for IoT and personal identity applications.

 

The root certificate is available at our website and its hash at our support portal, allowing any user to verify and audit the chain of certificates.

Benefits

Simple Integration
  • Verification of origin of root keys and certificates with no overhead
  • Identity and signature keys are never exposed outside of HSM
  • Conducting qualified signatures for digital identities with limitless scale
Application Performance and Reliability
  • Hardware accelerated digital signing, up to 4000 RSA 2048-bit signings per second
  • Handle larger key sizes without severe performance penalty
  • High availability and redundancy

ABOUT SECUROSYS HSM SERIES

Scalable and flexible solutions

GET A QUOTE

Get more information on our key attestation solution.

Hardware Security for the Software Challenges of Tomorrow

Get more information on our key attestation solution.

Hardware Security for the Software Challenges of Tomorrow