Utimaco Atalla

Last updated

Atalla
TypePrivately owned
Industry Computer software
Enterprise software
Encryption / Cryptography
Hardware security modules
Internet security
Founded1973;50 years ago (1973)
Founder Mohamed M. Atalla
Headquarters
Campbell, California
,
USA
Owner Utimaco
Website hsm.utimaco.com

Utimaco Atalla, founded as Atalla Technovation and formerly known as Atalla Corporation or HP Atalla, is a security vendor, active in the market segments of data security and cryptography. [1] Atalla provides government-grade end-to-end products in network security, [2] and hardware security modules (HSMs) used in automated teller machines (ATMs) and Internet security. The company was founded by Egyptian engineer Mohamed M. Atalla in 1972. [3] Atalla HSMs are the payment card industry's de facto standard, [4] protecting 250 million card transactions daily (more than 90 billion transactions annually) as of 2013, [5] and securing the majority of the world's ATM transactions as of 2014. [6]

Contents

Company history

1970s

The company was originally founded in 1972, [5] initially as Atalla Technovation, before it was later called Atalla Corporation. [7] The company was founded by Dr. Mohamed M. Atalla, the inventor of the MOSFET (metal–oxide–semiconductor field-effect transistor). [3] In 1972, Atalla filed U.S. Patent 3,938,091 for a remote PIN verification system, which utilized encryption techniques to assure telephone link security while entering personal ID information, which would be transmitted as encrypted data over telecommunications networks to a remote location for verification. [7]

He invented the first hardware security module (HSM), [6] dubbed the "Atalla Box", a security system which encrypted PIN and ATM messages, and protected offline devices with an un-guessable PIN-generating key. [8] He commercially released the "Atalla Box" in 1973. [8] The product was released as the Identikey. It was a card reader and customer identification system, providing a terminal with plastic card and PIN capabilities. The system was designed to let banks and thrift institutions switch to a plastic card environment from a passbook program. The Identikey system consisted of a card reader console, two customer PIN pads, intelligent controller and built-in electronic interface package. [9] The device consisted of two keypads, one for the customer and one for the teller. It allowed the customer to type in a secret code, which is transformed by the device, using a microprocessor, into another code for the teller. [10] The Identikey system connected directly into the ATM without hardware or software changes, and was designed for easy operation by the teller and customer. During a transaction, the customer's account number was read by the card reader. This process replaced manual entry and avoided possible key stroke errors. It allowed users to replace traditional customer verification methods such as signature verification and test questions with a secure PIN system. [9]

A key innovation of the Atalla Box was the key block, which is required to securely interchange symmetric keys or PINs with other actors of the banking industry. This secure interchange is performed using the Atalla Key Block (AKB) format, which lies at the root of all cryptographic block formats used within the Payment Card Industry Data Security Standard (PCI DSS) and American National Standards Institute (ANSI) standards. [3]

Fearful that Atalla would dominate the market, banks and credit card companies began working on an international standard. The work of Atalla led to the use of high security modules. [8] Its PIN verification process was similar to the later IBM 3624 system. [11] Atalla was an early competitor to IBM in the banking market, and was cited as an influence by IBM employees who worked on the Data Encryption Standard (DES). [7]

At the National Association of Mutual Savings Banks (NAMSB) conference in January 1976, Atalla announced an upgrade to its Identikey system, called the Interchange Identikey. It added the capabilities of processing online transactions and dealing with network security. Designed with the focus of taking bank transactions online, the Identikey system was extended to shared-facility operations. It was consistent and compatible with various switching networks, and was capable of resetting itself electronically to any one of 64,000 irreversible nonlinear algorithms as directed by card data information. The Interchange Identikey device was released in March 1976. It was one of the first products designed to deal with online transactions, along with Bunker Ramo Corporation products unveiled at the same NAMSB conference. [10] In 1979, Atalla introduced the first network security processor (NSP). [12] In recognition of his work on the PIN system of information security management, Atalla has been referred to as the "Father of the PIN" [13] [14] [15] and as a father of information security technology. [16]

1980spresent

It merged in 1987 with Tandem Computers, who were then acquired by Compaq in 1997. [17] The Atalla Box protected over 90% of all ATM networks in operation as of 1998, [18] and secured 85% of all ATM transactions worldwide as of 2006. [19] In 2001, HP acquired Compaq. [20] [21] In 2015, HP was divided into two companies, and the Atalla products were assigned to the newly formed Hewlett Packard Enterprise (HPE).

On September 7, 2016, HPE CEO Meg Whitman announced that the software assets of Hewlett Packard Enterprise, including Atalla, would be spun out and then merged with Micro Focus to create an independent company of which HP Enterprise shareholders would retain majority ownership. Micro Focus CEO Kevin Loosemore called the transaction "entirely consistent with our established acquisition strategy and our focus on efficient management of mature infrastructure products" and indicated that Micro Focus intended to "bring the core earnings margin for the mature assets in the deal - about 80 percent of the total - from 21 percent today to Micro Focus's existing 46 percent level within three years." [22] The merger concluded on September 1, 2017.

On 18 May 2018, Utimaco, a German producer of hardware security modules, announced its intent to acquire the Atalla HSM and ESKM (Enterprise Secure Key Manager) business lines from Micro Focus. [23] [24] The venture received United States regulatory clearance in October 2018. [25]

In February 2020, Ultimaco acquired GEOBRIDGE Corporation. GEOBRIDGE Corporation is a woman-owned technology company providing compliance services integration systems, development of key management programs, consultancy in the payments industry and architecture and implementation of cryptographic solutions. This acquisition will expand Utimaco 's key financial sector management portfolio. [26]

Product overview

Atalla is a multi-chip embedded cryptographic module, which consists of a hardware platform, a firmware secure loader, and firmware. The purpose of the module is to load Approved application programs, also referred to as personalities, securely. The firmware monitors the physical security of the cryptographic module. Verification that the module is approved can be observed.[ citation needed ]

The Atalla security policy addresses the hardware and the firmware secure loader. This approach creates a security platform able to load secure code. Once control passes from the loader, the module is no longer operating in FIPS mode. Note: that no personality will have access to the module's secret keys. [27] The cryptographic boundary of the ACS for the FIPS 140-2 Level 3 validation is the outer perimeter of the secure metal enclosure that encompasses all critical security components. [28]

Related Research Articles

<span class="mw-page-title-main">Automated teller machine</span> Electronic telecommunications device to perform financial transactions

An automated teller machine (ATM) is an electronic telecommunications device that enables customers of financial institutions to perform financial transactions, such as cash withdrawals, deposits, funds transfers, balance inquiries or account information inquiries, at any time and without the need for direct interaction with bank staff.

<span class="mw-page-title-main">Secure cryptoprocessor</span> Device used for encryption

A secure cryptoprocessor is a dedicated computer-on-a-chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance. Unlike cryptographic processors that output decrypted data onto a bus in a secure environment, a secure cryptoprocessor does not output decrypted data or decrypted program instructions in an environment where security cannot always be maintained.

<span class="mw-page-title-main">Personal identification number</span> PIN code

A personal identification number (PIN), or sometimes redundantly a PIN number or PIN code, is a numeric passcode used in the process of authenticating a user accessing a system.

Key management refers to management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.

<span class="mw-page-title-main">Internet security</span> Branch of computer security

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

The Federal Information Processing Standard Publication 140-2,, is a U.S. government computer security standard used to approve cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on May 25, 2001, and was last updated December 3, 2002.

The Microsoft Windows platform specific Cryptographic Application Programming Interface is an application programming interface included with Microsoft Windows operating systems that provides services to enable developers to secure Windows-based applications using cryptography. It is a set of dynamically linked libraries that provides an abstraction layer which isolates programmers from the code used to encrypt the data. The Crypto API was first introduced in Windows NT 4.0 and enhanced in subsequent versions.

Integrated Lights-Out, or iLO, is a proprietary embedded server management technology by Hewlett-Packard Enterprise which provides out-of-band management facilities. The physical connection is an Ethernet port that can be found on most ProLiant servers and microservers of the 300 and above series.

<span class="mw-page-title-main">Hardware security module</span> Physical computing device

A hardware security module (HSM) is a physical computing device that safeguards and manages secrets, performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. A hardware security module contains one or more secure cryptoprocessor chips.

<span class="mw-page-title-main">HP Labs</span> Exploratory and advanced research group for HP Inc.

HP Labs is the exploratory and advanced research group for HP Inc. HP Labs' headquarters is in Palo Alto, California and the group has research and development facilities in Bristol, UK. The development of programmable desktop calculators, inkjet printing, and 3D graphics are credited to HP Labs researchers.

In cryptography, a key ceremony is a ceremony held to generate or use a cryptographic key.

<span class="mw-page-title-main">Security of automated teller machines</span>

Automated teller machines (ATMs) are targets for fraud, robberies and other security breaches. In the past, the main purpose of ATMs was to deliver cash in the form of banknotes, and to debit a corresponding bank account. However, ATMs are becoming more complicated and they now serve numerous functions, thus becoming a high priority target for robbers and hackers.

The IBM 4764 Cryptographic Coprocessor is a secure cryptoprocessor that performs cryptographic operations used by application programs and by communications such as SSL private key transactions associated with SSL digital certificates.

The Micro Focus Enterprise Security Products business is part of the software business of Micro Focus. HP Enterprise Security Products was built from acquired companies Fortify Software, ArcSight, and TippingPoint and Atalla, which HP bought in 2010 and 2011. HPE has since sold TippingPoint and has announced the intention to divest the entire HP Enterprise Software business unit by spinning it out and merging it with Micro Focus. The merge concluded on September 1, 2017.

<span class="mw-page-title-main">Mohamed M. Atalla</span> Egyptian engineer, physicist, cryptographer, inventor and entrepreneur

Mohamed M. Atalla was an Egyptian-American engineer, physicist, cryptographer, inventor and entrepreneur. He was a semiconductor pioneer who made important contributions to modern electronics. He is best known for inventing the MOSFET in 1959, which along with Atalla's earlier surface passivation and thermal oxidation processes, revolutionized the electronics industry. He is also known as the founder of the data security company Atalla Corporation, founded in 1972. He received the Stuart Ballantine Medal and was inducted into the National Inventors Hall of Fame for his important contributions to semiconductor technology as well as data security.

The IBM 4765 PCIe Cryptographic Coprocessor is a hardware security module (HSM) that includes a secure cryptoprocessor implemented on a high-security, tamper resistant, programmable PCIe board. Specialized cryptographic electronics, microprocessor, memory, and random number generator housed within a tamper-responding environment provide a highly secure subsystem in which data processing and cryptography can be performed.

The IBM 4767 PCIe Cryptographic Coprocessor is a hardware security module (HSM) that includes a secure cryptoprocessor implemented on a high-security, tamper resistant, programmable PCIe board. Specialized cryptographic electronics, microprocessor, memory, and random number generator housed within a tamper-responding environment provide a highly secure subsystem in which data processing and cryptography can be performed. Sensitive key material is never exposed outside the physical secure boundary in a clear format.

The IBM 4768 PCIe Cryptographic Coprocessor is a hardware security module (HSM) that includes a secure cryptoprocessor implemented on a high-security, tamper resistant, programmable PCIe board. Specialized cryptographic electronics, microprocessor, memory, and random number generator housed within a tamper-responding environment provide a highly secure subsystem in which data processing and cryptography can be performed. Sensitive key material is never exposed outside the physical secure boundary in a clear format.

The IBM 4769 PCIe Cryptographic Coprocessor is a hardware security module (HSM) that includes a secure cryptoprocessor implemented on a high-security, tamper resistant, programmable PCIe board. Specialized cryptographic electronics, microprocessor, memory, and random number generator housed within a tamper-responding environment provide a highly secure subsystem in which data processing and cryptography can be performed. Sensitive key material is never exposed outside the physical secure boundary in a clear format.

The Four Corners model, often referred to as the Four Party Scheme is the most used card scheme in card payment systems worldwide. This model was introduced in the 1990s. It is a user-friendly card payment system based on an interbank clearing system and economic model established on multilateral interchange fees (MIF) paid between banks or other payment institutions.

References

  1. Novinson, Michael (23 February 2018). "Utimaco set to acquire Atalla". CRN. Retrieved 13 May 2019.
  2. Albelooshi, Bushra; Damiani, Ernesto; Salah, Khaled; Martin, Thomas (December 2015). "Securing Cryptographic Keys in the IaaS Cloud Model". 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC). pp. 397–401. doi:10.1109/UCC.2015.64. ISBN   978-0-7695-5697-0. S2CID   15645480 . Retrieved 13 May 2019.
  3. 1 2 3 Rupp, Martin (16 August 2019). "The Benefits of the Atalla Key Block". Utimaco . Archived from the original on 17 October 2020. Retrieved 10 September 2019.
  4. Turajski, Nathan (17 January 2018). "Stronger together – Voltage SecureData enabled with Atalla HSM protection". Micro Focus . Retrieved 13 October 2019.
  5. 1 2 Langford, Susan (2013). "ATM Cash-out Attacks" (PDF). Hewlett Packard Enterprise . Hewlett-Packard . Retrieved 21 August 2019.
  6. 1 2 Stiennon, Richard (17 June 2014). "Key Management a Fast Growing Space". SecurityCurrent. IT-Harvest. Retrieved 21 August 2019.
  7. 1 2 3 "The Economic Impacts of NIST's Data Encryption Standard (DES) Program" (PDF). National Institute of Standards and Technology . United States Department of Commerce. October 2001. Archived from the original (PDF) on 2 July 2017. Retrieved 21 August 2019.
  8. 1 2 3 Bátiz-Lazo, Bernardo (2018). Cash and Dash: How ATMs and Computers Changed Banking. Oxford University Press. pp. 284 & 311. ISBN   9780191085574.
  9. 1 2 "ID System Designed as NCR 270 Upgrade". Computerworld . IDG Enterprise. 12 (7): 49. 13 February 1978.
  10. 1 2 "Four Products for On-Line Transactions Unveiled". Computerworld . IDG Enterprise. 10 (4): 3. 26 January 1976.
  11. Konheim, Alan G. (1 April 2016). "Automated teller machines: their history and authentication protocols". Journal of Cryptographic Engineering. 6 (1): 1–29. doi:10.1007/s13389-015-0104-3. ISSN   2190-8516. S2CID   1706990.
  12. Burkey, Darren (May 2018). "Data Security Overview" (PDF). Micro Focus . Retrieved 21 August 2019.
  13. "Martin M. (John) Atalla". Purdue University . 2003. Retrieved 2 October 2013.
  14. "Security guru tackles Net: Father of PIN 'unretires' to launch TriStrata". The Business Journals . American City Business Journals. 2 May 1999. Retrieved 23 July 2019.
  15. "Purdue Schools of Engineering honor 10 distinguished alumni". Journal & Courier . 5 May 2002. p. 33.
  16. Allen, Frederick E. (4 May 2009). "Honoring The Creators Of The Computerized World". Forbes . Retrieved 7 October 2019.
  17. Chandrasekaran, Rajiv (24 June 1997). "Compaq to acquire Tandem Computers". The Washington Post.
  18. Hamscher, Walter; MacWillson, Alastair; Turner, Paul (1998). "Electronic Business without Fear : The Tristrata Security Architecture" (PDF). Semantic Scholar . Price Waterhouse. S2CID   18375242. Archived from the original (PDF) on 25 February 2019. Retrieved 7 October 2019.
  19. "Portfolio Overview for Payment & GP HSMs" (PDF). Utimaco . Archived from the original (PDF) on 21 July 2021. Retrieved 22 July 2019.
  20. Wright, Rob (8 September 2011). "The HP-Compaq Merger: Partners Reflect 10 Years Later". CRN. Retrieved 14 December 2021.
  21. Gold, Miriam (8 February 2002). "HP/Compaq - Acquisition timeline". Computerworld. Retrieved 14 December 2021.
  22. Sandle, Paul; Baker, Liana B. (8 September 2016). "HP Enterprise strikes $8.8 billion deal with Micro Focus for software assets". Reuters. Retrieved 13 September 2016.
  23. "Utimaco beabsichtigt, Atalla von Micro Focus zu übernehmen - Utimaco HSM". Utimaco HSM (in German). Retrieved 25 June 2018.
  24. "Utimaco Announces Intent to Acquire Atalla from Micro Focus - Utimaco". www.utimaco.com. 18 May 2018. Archived from the original on 15 January 2022. Retrieved 14 January 2022.
  25. "Utimaco Cleared to Complete Acquisition of Atalla". Mobile Payments Today. 23 October 2018.
  26. "Utimaco to Expand Portfolio in Key Management by Acquiring GEOBRIDGE Corporation". businesswire. 24 February 2020. Retrieved 4 June 2020.
  27. "Hewlett-Packard – Atalla Security Products: Atalla Cryptographic Subsystem (ACS) Security Policy" (PDF). No. Vol. 1. National Institute of Standards and Technology. 28 October 2010.
  28. Computer Security Resource Center (3 December 2002). "FIPS 140-2 Security Requirements for Cryptographic Modules". National Institute of Standards and Technology. CiteSeerX   10.1.1.21.574 . doi:10.6028/NIST.FIPS.140-2 . Retrieved 13 May 2019.{{cite journal}}: Cite journal requires |journal= (help)
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.