Need to replace your current payment HSM
Try the Utimaco Atalla AT1000 - we help you migrate
Atalla AT1000
The Utimaco Atalla Hardware Security Module (HSM) is a NextGen FIPS 140-2 L3 and FIPS 140-2 L4 (physical design) compliant and PCI PTS HSM v3 certified payment HSM designed to protect customer sensitive data, perform cardholder authentication, and manage the cryptographic keys used in ecommerce retail payment transactions.
The Utimaco Atalla AT1000 is a payment HSM that enables interbanking business. It provides superior hardware security to deliver maximum privacy, integrity and performance for host applications. It supports cryptographic operations to perform PIN translation and verification, card verification, card production and personalization, electronic funds interchange (EFTPOS, ATM), cash-card reloading, EMV transaction processing, and key generation and injection.
Product Highlights
Atalla HSMs are used by global payment leaders and card brands to secure their payment ecosystem and achieve the highest level of compliance. The use cases vary by different industries and the ecosystem players like issuers, service providers, acquirers, processors, and payment networks. We play a crucial role in securing interbanking communication, user and card authentication, as well as focus on user data protection for both in-person (card present) and remote payments (online or card not present) transactions. Some of the use cases include:
-
PIN Processing
-
3-D Secure v1 & v2 cryptography
-
Card / User Verification
-
ATM Interchange
-
Data Integrity
-
Processing Transaction Data
-
Data Encryption / Decryption
-
Initialize Remote Payment Devices
-
PIN Translations and Authorization
-
Payment Card Verification, Production and Personalization
-
Electronic Funds Interchange (EFTPOS, ATM)
-
AS2805 Host-to-Host
-
Cash-Card Reloading
-
EMV Transaction Processing
-
Key Generation and Injection
-
ATM Remote Key Loading
-
Interbanking Clearing and Settlement
-
Card Issuance
-
Alternative Payment Methods Including
-
Mobile and e-Wallets
-
Contactless
-
Cloud Payment Standards
-
End-to-End Encryption (E2E) of credentials for Internet and Mobile Banking
The Utimaco Atalla AT1000 HSM is PCI PTS Certified for the most demanding application profile, focusing on physical security when used in controlled and uncontrolled environments like non-ISO certified data centers. It provides unrivaled protection for AES and other cryptographic keys safeguarding payment transactions. The HSM protects and manages encryption keys needed for payment processing within the tamper-resistant/responsive hardware device.
The Utimaco Atalla HSM AT1000 host commands are fully backward compatible with its previous generation models, incorporating more than three decades of expertise — enabling co-existence and easy migration.
Key Benefits
Atalla Key Block
Atalla Key Block (AKB) is a key block format approved by the ANSI standards community to support interchange of symmetric keys in a secure manner and with key attributes included in the exchanged data. This key-wrap process, also commonly known as ANSI Key Block (AKB), was the first market-specified standard that binds the key with the intended attributes along with integrity to ensure that the cipher text hasn’t been modified.
Remote Management
Atalla AT1000 implements the unique flexible approach to HSM configuration and key management that enables a remote workflow-based model meeting the PCI Dual Control Requirement without the need to have all of the individual officers physically present. The remote management solution streamlines software and license upgrades, HSM security policy management, key loading, backup and restore.
Secure Configuration Assistant (SCA)
The Atalla Secure Configuration Assistant (SCA) is a versatile tablet-based tool that implements the remote and local management of the HSM intuitively. The SCA enables security administrators to easily configure commands, define parameters, calculate cryptograms, and inject cryptographic keys into Atalla HSMs in a trusted manner. An easy-to-use GUI with a natural event and decision flow is very convenient to navigate on wider tablet screens thereby improving security administrator user experience and productivity reducing risks of errors.
Robust Backup and Restore
Atalla HSMs implement robust backup/restore capability with a user configurable policy to specify “M of N” smartcards required for a restore following the dual control requirements. This functionality allows the HSM administrators to initialize multiple HSMs to a pre-configured known state without Admin Smartcards or key components.
SmartCard Authentication
Atalla HSMs enforce smartcard authentication using preoperatory digitally signed smartcards to allow secure administration of smartcards. The authentication uses Atalla Secure Keypad (ASK) a tamper-reactive device for security critical data entry such as key components and PINs.
Multi-Domain Support
Full multi-domain key and policy enforcement enables enterprises to create and manage up to 10 HSMs in a single 1U Hardware appliance. The domains cater to business needs while applying separate policy enforcements and MFKs to govern individuality of each HSM.
Redundant Hardware
Atalla HSMs are designed for high performance ecosystems that just cannot afford any downtime and AT1000 is no different. Everything in the Atalla AT1000 is fully redundant including power supplies, hard drives, Network Interface Cards (NIC), etc. In AT1000 we also implemented NIC Teaming to protect HSMs from external failures.
Best Support for Banking Cryptosystem
Atalla AT1000 is designed to support all global card schemes like Visa, MasterCard, Amex, UnionPay, Diners and Discover. It also integrates with all major core banking applications and hardware vendors like ACI and HPE NonStop.
Regulatory Compliance
The HSMs are highly regulated by PCI, NIST ISO and ANSI. AT1000 is certified as a FIPS 140-2 Level 3 HSM and PCI PTS HSM v3 to allow the best in class security and governance.
Payment Emulator
By leveraging the Payment Emulator, organizations can emulate other Payment APIs in the industry to communicate with the Atalla API and NextGen RESTful interface to easily gain access to all Atalla features!
REST API Support
Utilize the REpresentational State Transfer Application Programming Interface (REST API) to communicate with the Atalla HSM. With
this flexible, stateless, easy to use and secure API, users can harness the unrivaled protection of an HSM in public, private and hybrid cloud environments. The REST API implementation also supports TLS, ACL, multiple domains and mutual authentication to further enhance security of the HSM.
Unrivaled Speed
With up to 10,000 TPS, the AT1000 is the fastest multi-core HSM on the market and can perform upgrades on the fly! That’s four times the power of our closest competitor! Software upgrades in under five minutes – performance is never impacted.