Click for homepage
Utimaco
  
← CSe
  
CryptoServer LAN   V2
Secure server with HSM

CryptoServer LAN, also known as SafeGuard CryptoServer LAN, is a cryptographically secured internet protocol (IP) server for local area networks (LAN), developed around 2012 by the German company Utimaco. The device features a Hardware Security Module (HSM) and was typically used by (local) governments for securing extremely sensitive data traffic in multi-site environments.

The device is housed in a 2U 19" tamper-evident rackmount enclosure that measures 510 x 440 x 88 mm and weights 14.7 kg. Data traffic via the Internet Protocol (IP) is secured by means of a 4th generation Hardware Security Module (HSM) in the form of a PCIe card fitted inside the unit. The HSM holds a cryptographic engine, a key generator and battery backed CMOS memory that holds cryptographic keys and passwords.

The device has two individually wired hot-swappable power supply units (PSU), to avoid down-time in case one of the PSUs fails.
  
Utimaco CryptoServer LAN

The unit can be expanded with a variety of plug-in units and has full support for IPv4, whilst support for IPv6 was added later. The HSM is fully certified to FIPS 140-2 level 3 and 4. It contains a variety of encryption algorithms, including Triple-DES and AES, and hashing, signing and data verification algorithms like RSA, ECDSA and DSA. In addition, it offers random number generation.

CryptoServer LAN was approved by several goverments for processing privacy-sensitive data. The device shown here was used for more than 10 years by the Dutch Government for securing data traffic related to national identity papers such as ID cards and passports. It was succeeded in 2013 by CryptoServer LAN V3, in 2014 by CryptoServer LAN V4 and in 2022 by the completely redesigned CryptoServer LAN V5, which has improved security and uses less rack space (1U).

Utimaco CryptoServer LAN
Front panel
Rear panel
Control panel
Access door
Power start switch (right) and MUTE button for cancelling alarm
HSM (top) and interface card (bottom)
Tamper-evident seal
A
×
A
1 / 8
Utimaco CryptoServer LAN
A
2 / 8
Front panel
A
3 / 8
Rear panel
A
4 / 8
Control panel
A
5 / 8
Access door
A
6 / 8
Power start switch (right) and MUTE button for cancelling alarm
A
7 / 8
HSM (top) and interface card (bottom)
A
8 / 8
Tamper-evident seal

Click to see more

Interior
The unit is housed in a robust metal 2U 19" rackmount enclosure that measures 510 × 440 × 88 mm and weights 14.7 kg. The interior can be accessed by removing 8 screws from the sides of the top panel, and sliding off the panel towards the rear. This reveals the interior as shown above.

The device is built around a high-performance Intel-based PC platform with dual Ethernet ports, VGA graphics, PS-2 interfaces and several USB ports. Some of these ports are routed to the front panel. The boot software is installed on a miniature SSD drive that is installed directly into one of the SATA connectors on the motherboard. The motherboard is installed into a backplace that has several types of expansion slots, including PCIe. One of these PCIe slots, in the upper rear corner, is occupied by an expansion card with an Utimaco SafeWare CryptoServer CSe Hardware Security Module (HSM). It is responsible for key generation and for encryption and decryption of the data.

Hardware Security Module (HSM)
In the CryptoServer LAN, a 4th generation Hardware Security Module (HSM) is responsible for generating unique keys and for encryption and decryption of the data that passes through the two ethernet interfaces on the motherboard.

The HSM is a universal component that can be used for a variety of applications, such as harddisc encryption and secure networking. It is an in-house development of Utimaco that contains a special cryptographic processor with a variety of public and proprietary algorithms.

 More information

  
PCIe card with Hardware Security Module (HSM)

Interior
Motherboard and backplane
SSD drive installed directly in SATA socket
Transcend SSD drive
BIOS ROM
PCIe card with HSM installed in the upper slot
PCIe card with Hardware Security Module (HSM)
HSM - bottom side
B
×
B
1 / 8
Interior
B
2 / 8
Motherboard and backplane
B
3 / 8
SSD drive installed directly in SATA socket
B
4 / 8
Transcend SSD drive
B
5 / 8
BIOS ROM
B
6 / 8
PCIe card with HSM installed in the upper slot
B
7 / 8
PCIe card with Hardware Security Module (HSM)
B
8 / 8
HSM - bottom side

Specifications
  • Device
    CryptoServer LAN
  • Purpose
    Inter-site LAN protection
  • Model
    Mayflower-IDX/i3-2100T-1
  • Manufacturer
    Utimaco SafeWare
  • Country
    Germany
  • Year
    2012-2013
  • Encryption
    4th generation proprietary Hardware Security Module (HSM)
  • Memory
    2GB
  • PS-2
    2
  • USB
    4
  • Ethernet
    2
  • Video
    VGA, SVGA, XGA (on 15-pin DE15)
  • Power
    Mains 100-240V AC / 47-63 Hz / 2 × 8A
  • Dimensions
    510 × 440 × 88 mm
  • Weight
    14.7 kg
Documentation
  1. CryptoServer CSe-Series, non-proprietary security policy
    2012-0009. Utimaco, 31 March 2021. Version 2.1.3.

  2. CryptoServer LAN V2 and V3 technical specifications
    Utimaco, undated. pp. 5-6.
References
  1. Anonymous, Utimaco CryptoServer LAN - THANKS !
    Crypto Museum, February 2023.

  2. Stephan Augsten, Utimaco SafeGuard CryptoServer LAN V4
    Security Insider, 13 August 2012.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
Crypto Museum. Created: Saturday 18 March 2023. Last changed: Tuesday, 06 June 2023 - 18:33 CET.
Click for homepage