Need to replace your current payment HSM
Try the Utimaco Atalla AT1000 - we help you migrate
The Utimaco Atalla Hardware Security Module (HSM) is a NextGen FIPS 140-2 L3 and FIPS 140-2 L4 (physical design) compliant and PCI PTS HSM v3 certified payment HSM designed to protect customer sensitive data, perform cardholder authentication, and manage the cryptographic keys used in ecommerce retail payment transactions.
The Utimaco Atalla AT1000 is a payment HSM that enables interbanking business. It provides superior hardware security to deliver maximum privacy, integrity and performance for host applications. It supports cryptographic operations to perform PIN translation and verification, card verification, card production and personalization, electronic funds interchange (EFTPOS, ATM), cash-card reloading, EMV transaction processing, and key generation and injection.
Atalla HSMs are used by global payment leaders and card brands to secure their payment ecosystem and achieve the highest level of compliance. The use cases vary by different industries and the ecosystem players like issuers, service providers, acquirers, processors, and payment networks. We play a crucial role in securing interbanking communication, user and card authentication, as well as focus on user data protection for both in-person (card present) and remote payments (online or card not present) transactions. Some of the use cases include:
3-D Secure v1 & v2 cryptography
Card / User Verification
Processing Transaction Data
Data Encryption / Decryption
Initialize Remote Payment Devices
PIN Translations and Authorization
Payment Card Verification, Production and Personalization
Electronic Funds Interchange (EFTPOS, ATM)
EMV Transaction Processing
Key Generation and Injection
ATM Remote Key Loading
Interbanking Clearing and Settlement
Alternative Payment Methods Including
Mobile and e-Wallets
Cloud Payment Standards
End-to-End Encryption (E2E) of credentials for Internet and Mobile Banking
The Utimaco Atalla AT1000 HSM is PCI PTS Certified for the most demanding application profile, focusing on physical security when used in controlled and uncontrolled environments like non-ISO certified data centers. It provides unrivaled protection for AES and other cryptographic keys safeguarding payment transactions. The HSM protects and manages encryption keys needed for payment processing within the tamper-resistant/responsive hardware device.
The Utimaco Atalla HSM AT1000 host commands are fully backward compatible with its previous generation models, incorporating more than three decades of expertise — enabling co-existence and easy migration.
Atalla Key Block
Atalla Key Block (AKB) is a key block format approved by the ANSI standards community to support interchange of symmetric keys in a secure manner and with key attributes included in the exchanged data. This key-wrap process, also commonly known as ANSI Key Block (AKB), was the first market-specified standard that binds the key with the intended attributes along with integrity to ensure that the cipher text hasn’t been modified.
Atalla AT1000 implements the unique flexible approach to HSM configuration and key management that enables a remote workflow-based model meeting the PCI Dual Control Requirement without the need to have all of the individual officers physically present. The remote management solution streamlines software and license upgrades, HSM security policy management, key loading, backup and restore.
Secure Configuration Assistant (SCA)
The Atalla Secure Configuration Assistant (SCA) is a versatile tablet-based tool that implements the remote and local management of the HSM intuitively. The SCA enables security administrators to easily configure commands, define parameters, calculate cryptograms, and inject cryptographic keys into Atalla HSMs in a trusted manner. An easy-to-use GUI with a natural event and decision flow is very convenient to navigate on wider tablet screens thereby improving security administrator user experience and productivity reducing risks of errors.
Robust Backup and Restore
Atalla HSMs implement robust backup/restore capability with a user configurable policy to specify “M of N” smartcards required for a restore following the dual control requirements. This functionality allows the HSM administrators to initialize multiple HSMs to a pre-configured known state without Admin Smartcards or key components.
Atalla HSMs enforce smartcard authentication using preoperatory digitally signed smartcards to allow secure administration of smartcards. The authentication uses Atalla Secure Keypad (ASK) a tamper-reactive device for security critical data entry such as key components and PINs.
Full multi-domain key and policy enforcement enables enterprises to create and manage up to 10 HSMs in a single 1U Hardware appliance. The domains cater to business needs while applying separate policy enforcements and MFKs to govern individuality of each HSM.
Atalla HSMs are designed for high performance ecosystems that just cannot afford any downtime and AT1000 is no different. Everything in the Atalla AT1000 is fully redundant including power supplies, hard drives, Network Interface Cards (NIC), etc. In AT1000 we also implemented NIC Teaming to protect HSMs from external failures.
Best Support for Banking Cryptosystem
Atalla AT1000 is designed to support all global card schemes like Visa, MasterCard, Amex, UnionPay, Diners and Discover. It also integrates with all major core banking applications and hardware vendors like ACI and HPE NonStop.
The HSMs are highly regulated by PCI, NIST ISO and ANSI. AT1000 is certified as a FIPS 140-2 Level 3 HSM and PCI PTS HSM v3 to allow the best in class security and governance.
By leveraging the Payment Emulator, organizations can emulate other Payment APIs in the industry to communicate with the Atalla API and NextGen RESTful interface to easily gain access to all Atalla features!
REST API Support
Utilize the REpresentational State Transfer Application Programming Interface (REST API) to communicate with the Atalla HSM. With
this flexible, stateless, easy to use and secure API, users can harness the unrivaled protection of an HSM in public, private and hybrid cloud environments. The REST API implementation also supports TLS, ACL, multiple domains and mutual authentication to further enhance security of the HSM.
With up to 10,000 TPS, the AT1000 is the fastest multi-core HSM on the market and can perform upgrades on the fly! That’s four times the power of our closest competitor! Software upgrades in under five minutes – performance is never impacted.