|
|
|
|
Utimaco ← CSe
Secure server with HSM
CryptoServer LAN, also known as SafeGuard CryptoServer LAN, is a
cryptographically secured internet protocol (IP) server for
local area networks (LAN), developed around 2012 by the German company
Utimaco.
The device features a Hardware Security Module (HSM) and was typically
used by (local) governments for securing extremely sensitive data traffic
in multi-site environments.
|
The device is housed in a 2U 19" tamper-evident
rackmount enclosure that measures
510 x 440 x 88 mm and weights 14.7 kg.
Data traffic via the Internet Protocol (IP) is secured by means of a
4th generation Hardware Security Module (HSM) in the form of
a PCIe card fitted inside the unit.
The HSM holds a cryptographic engine, a key generator and battery backed
CMOS memory that holds cryptographic keys and passwords.
The device has two individually wired hot-swappable power supply units (PSU),
to avoid down-time in case one of the PSUs fails.
|
|
|
The unit can be expanded with a variety of plug-in units and has full support
for IPv4, whilst support for IPv6 was added later.
The HSM is fully certified to FIPS 140-2 level 3 and 4.
It contains a variety of encryption algorithms, including Triple-DES and
AES, and hashing, signing and data verification algorithms like RSA,
ECDSA and DSA. In addition, it offers random number generation.
CryptoServer LAN was approved by several goverments for processing
privacy-sensitive data.
The device shown here was used for more than 10 years by the Dutch Government
for securing data traffic related to national identity papers such as
ID cards and passports. It was succeeded in 2013 by CryptoServer LAN V3,
in 2014 by CryptoServer LAN V4 and in 2022 by the completely redesigned
CryptoServer LAN V5,
which has improved security and uses less rack space (1U).
|
The unit is housed in a robust metal 2U 19" rackmount enclosure that measures
510 × 440 × 88 mm and weights 14.7 kg. The interior can be accessed by removing
8 screws from the sides of the top panel, and sliding off the panel towards the
rear. This reveals the interior as shown above.
The device is built around a
high-performance Intel-based PC platform
with dual Ethernet ports, VGA graphics, PS-2 interfaces and several USB ports.
Some of these ports are routed to the front panel.
The boot software is installed on a miniature SSD drive
that is installed directly into one of the SATA connectors on the motherboard.
The motherboard is installed into a backplace that has several types of
expansion slots, including PCIe. One of these PCIe slots, in the
upper rear corner, is occupied by an expansion card with
an Utimaco SafeWare CryptoServer CSe Hardware Security Module (HSM).
It is responsible for key generation and for encryption and decryption of the data.
|
 |
Hardware Security Module (HSM)
|
 |
 |
In the CryptoServer LAN, a 4th generation Hardware Security Module (HSM) is
responsible for generating unique keys and for encryption and decryption of the
data that passes through the two ethernet interfaces on the motherboard.
The HSM is a universal component that can be used for a variety of applications,
such as harddisc encryption and secure networking. It is an in-house development
of Utimaco that contains a special cryptographic processor with
a variety of public and proprietary algorithms.
➤ More information
|
|
|
Device CryptoServer LAN Purpose Inter-site LAN protection Model Mayflower-IDX/i3-2100T-1 Manufacturer Utimaco SafeWare Country Germany Year 2012-2013 Encryption 4th generation proprietary Hardware Security Module (HSM) Memory 2GB PS-2 2 USB 4 Ethernet 2 Video VGA, SVGA, XGA (on 15-pin DE15) Power Mains 100-240V AC / 47-63 Hz / 2 × 8A Dimensions 510 × 440 × 88 mm Weight 14.7 kg
|
|
|
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Saturday 18 March 2023. Last changed: Tuesday, 06 June 2023 - 18:33 CET.
|
 |
|
|
|