Atalla AT1000

E-Book

Reasons to Migrate
to a Utimaco Atalla AT1000 Today,
and Not Tomorrow

Atalla AT1000

Since we announced the End-of-Sale
and End-of-Support for Ax160,
many of our customers have already
converted to the Utimaco Atalla AT1000
Hardware Security Module (HSM).

It is fully backward compatible with your
current HSM versions and is certified with
PCI-PTS v3 and FIPS 140-2 Level 3.

We realize our customers have varied
requirements, challenges, and timelines,
but regardless of where you are in the process,
it just makes sense to move to AT1000 sooner,
rather than later!

2

Reducing Barriers
for a Successful Migration

Offered in Variant and Keyblock Modes

If you are already using our HSMs
in keyblock mode, fantastic!
However, our AT1000 will satisfy the new
2019 audit requirements. What’s more,
AT1000 is completely transparent
for your applications and requires no
changes. In cases where application
vendors are still running in variant
mode, the AT1000 can accommodate,
easily converting keys to keyblocks when
the time is right.
Additionally, we have worked with our
customers’ software vendors to get them up
and running in keyblocks mode and we can help you to do the
same.

3

Reducing Barriers
for a Successful Migration

Flip the Switch in 3 Easy Steps

Depending on your level of comfort, our Professional Services
team is always here to guide you!

1 ) F irst, decide if AT1000 will fully replace legacy HSMs
or operate in a mixed environment. The sooner you
start the upgrade, the more flexibility you have for the
implementation – phased approach and/or testing
environments.

4

2 ) N ext, we help you transfer MFK components.
Some customers have the information readily accessible
and can transfer manually. In other circumstances,
we can perform a card-to-card migration or
create a new MFK.

3 ) F inally, we generate a report outlining the cryptographic
functionality enabled on existing Ax160 HSMs and map it
to your new AT1000 HSMs.

5

Secure and Flexible
Feature Set

Performance and Licensing

Depending on your level of comfort, our Professional
Services team is always here to guide you!
We never know what the future holds, especially in the
technology sector. That’s why the AT1000 is a singular piece
of hardware that scales with your business requirements.
You no longer need to hypothesize between which models
will sustain you for years to come.

6

Our in-field upgradable performance allows you
to choose what you consume now, with the built-in flexibility to
upgrade to what you need later without any downtime or reboots!

Additionally, enjoy our entire out-of-the-box command set,
no additional licensing required! This includes security
exposure commands, as well as all documented premium
commands within our library.

We want your experience with our security to be effortless and
accessible. For those looking for uncommon or regional use
cases, we are happy to accommodate custom requests.

Ringing in at 10,000 TPS, we are proud to provide you with
the fastest payment HSM on the market with feature upgrades
that are 10 times faster than before!

To maximize on this investment, the AT1000 can be segmented
into 10 different partitions. Many customers have started to adopt
this capability to consolidate multiple payment applications onto
one HSM, as well as isolate access, security policies and separate
administrative access per partition.

7

Secure and Flexible
Feature Set

Secure Configuration Assistant

Say goodbye to traditional tablets! Now delivered on a
FIPS 140-2 Level 3 certified USB form factor, our new SCA-W
implements the well-regarded SCA-3 onto a user-friendly
application form that runs on your own company managed
Microsoft Windows computer.

This package also includes the Atalla Secure Keypad (ASK);
which works as a secure key loading device –
implementing key loading and PIN operations
in a compliant, tamper-responsive form factor.

Experience a more convenient, 0123
productive and secure way to 4567
 configure commands 8 9AB
 define parameters CDEF
 calculate cryptograms X   OK
 inject cryptographic keys
 and monitor audit logging

using remote syslog and
SNMP alerts.

8

The Atalla SCA-W can be directly or remotely connected
to an Atalla HSM; delivering true remote management in a
one-of-a-kind transactional model that allows Security
Administrators to be geographically separate. No other HSM in
the market provides a way to load master and lower level keys
from separate locations, at separate times.
As you continue to explore new deployment models and progress
into the cloud, this remote management capability coupled
with the speed, flexibility and partitioning power of the AT1000
will ensure you are better prepared.

9

Unmatched Security
with a Long-Standing History

Performance and Licensing

The Utimaco Atalla AT1000 provides superior hardware security
to deliver maximum privacy, integrity and performance for host
applications. Our invention, Key Block structure is the Payment Card
Industry’s de facto standard for over 20 years and our customers
are using it to make their HSM infrastructure more secure than ever.
Here are a few other AT1000 security-based enhancements:

Compliance-Driven
Tamper-responsive with the ability to act
in response to side-channel attacks with FIPS 140-2 L3,
and FIPS 140-2 L4 (physical). AT1000 is PCI PTS HSM v3 certified
for both controlled and uncontrolled environments, decreasing
PCI scope and auditor analysis.

Robust Backup and Restore
To offset the vulnerabilities associated with backing up an HSM,
the AT1000 requires the participation of two or more parties.
It also limits the amount of times a restore can take place
and expiring backups, recording each date and time as matter
of record.

10

Redundancy and Failover
Thoughtfully crafted with the “worst case scenario” in mind,
Utimaco believes it’s the small details that make the difference.
Each HSM comes with Dual RAID1 hard drives and 4 NICs
with NIC Bonding support for failover to ensure the HSM
never goes down and the AT1000 always remains reliable.

Sleek New Design
Rack-mountable and physically fortified – now in a smaller 1U
hardware package. Offering added security with dual-locking
bezel and Medeco pick-resistant locks, with front panel display for
easy deployment. Field upgradable performance provided, with
no hardware replacement required. More energy efficient with
enhanced battery life and voltage monitoring is included for life.

Secure and Authenticated Communication Channel
Whitelist who can talk to the HSM and protect the
communication over TLS 1.2 authenticated tunnel without
any performance impact.

11

EMEA Americas APAC

Utimaco IS GmbH Utimaco Inc. Utimaco IS Pte Limited
Germanusstraße 4
52080 Aachen, 900 E Hamilton Ave., 50 Raffles Place,
Germany Suite 400 Level 19,
Campbell, CA 95008, Singapore Land Tower,
+49 241 1696 200 USA Singapore 048623
[email protected]
+1 844 UTIMACO +65 6631 2758

[email protected] [email protected]

For more information about Utimaco HSM products, please visit:

hsm.utimaco.com

© Utimaco IS GmbH 02/20

Utimaco® is a trademark of Utimaco GmbH. All other named Trademarks are Trademarks of the particular copyright holder.
All rights reserved. Specifications are subject to change without notice.

Redundancy and Failover

Thoughtfully crafted with the “worst case
scenario” in mind, Utimaco believes it’s the
small details that make the difference. Each
HSM comes with Dual RAID1 hard drives and
4 NICs with NIC Bonding support for failover
to ensure the HSM never goes down and the
AT1000 always remains reliable.

Sleek New Design

Rack-mountable and physically
fortified – now in a smaller 1U
hardware package. Offering added security with dual-locking
bezel and Medeco pick-resistant locks, with front panel display for
easy deployment. Field upgradable performance provided, with
no hardware replacement required. More energy efficient with
enhanced battery life and voltage monitoring is included for life.

Secure and Authenticated
Communication Channel

Whitelist who can talk to the HSM and protect
the communication over TLS 1.2 authenticated
tunnel without any performance impact.

13

EMEA Americas APAC

Utimaco IS GmbH Utimaco Inc. Utimaco IS Pte Limited
Germanusstraße 4
52080 Aachen, 900 E Hamilton Ave., 50 Raffles Place,
Germany Suite 400 Level 19,
Campbell, CA 95008, Singapore Land Tower,
+49 241 1696 200 USA Singapore 048623
[email protected]
+1 844 UTIMACO +65 6631 2758

[email protected] [email protected]

For more information about Utimaco HSM products, please visit:

hsm.utimaco.com

© Utimaco IS GmbH 02/20

Utimaco® is a trademark of Utimaco GmbH. All other named Trademarks are Trademarks of the particular copyright holder.
All rights reserved. Specifications are subject to change without notice.

The Atalla SCA-W can be
directly or remotely connected
to an Atalla HSM; delivering
true remote management in
a one-of-a-kind transactional
model that allows Security
Administrators to be
geographically separate.

AT1000 is the only HSM on the market that
provides a way to load master and lower level
keys from separate locations, at separate times.

15

Unmatched Security
with a Long-Standing History

Physical and Logical Security

The Utimaco Atalla AT1000 provides superior hardware security
to deliver maximum privacy, integrity and performance for host
applications. Our invention, Key Block Structure has been the Payment
Card Industry’s de facto standard for over 20 years and our customers
are using it to make their HSM infrastructure more secure than ever.
Here are a few other AT1000 security-based enhancements:

Compliance-Driven

Tamper-responsive with the ability to act
in response to side-channel attacks with FIPS
140-2 L3, and FIPS 140-2 L4 (physical). AT1000
is PCI PTS HSM v3 certified for both controlled
and uncontrolled environments, decreasing
PCI scope and auditor analysis.

Robust Backup and Restore

To offset the vulnerabilities associated with
backing up an HSM, the AT1000 requires the
participation of two or more parties. It also
limits the amount of times a restore and expiring
backups can take place, recording each date
and time as matter of record.

16

Redundancy and Failover

Thoughtfully crafted with the “worst case
scenario” in mind, Utimaco believes it’s the small
details that make the difference. Each HSM
comes with Dual RAID1 hard drives and 4 NICs
with NIC Bonding support for failover to ensure
the HSM never goes down and the AT1000
always remains reliable.

Sleek New Design

Rack-mountable and physically
fortified – now in a smaller 1U
hardware package. Offering added security with dual-locking bezel
and Medeco pick-resistant locks, with front panel display for easy
deployment. Field upgradeable performance provided, with no
hardware replacement required. More energy efficient with enhanced
battery life and voltage monitoring is included for life.

Secure and Authenticated
Communication Channel

Whitelist who can talk to the HSM and protect
the communication over TLS 1.2 authenticated
tunnel without any performance impact.

17

EMEA Americas APAC

Utimaco IS GmbH Utimaco Inc. Utimaco IS Pte Limited
Germanusstraße 4
52080 Aachen, 900 E Hamilton Ave., 50 Raffles Place,
Germany Suite 400 Level 19,
Campbell, CA 95008, Singapore Land Tower,
+49 241 1696 200 USA Singapore 048623
[email protected]
+1 844 UTIMACO +65 6631 2758

[email protected] [email protected]

For more information about Utimaco HSM products, please visit:

hsm.utimaco.com

© Utimaco IS GmbH 03/20

Utimaco® is a trademark of Utimaco GmbH. All other named Trademarks are Trademarks of the particular copyright holder.
All rights reserved. Specifications are subject to change without notice.