Fact sheet
TrustWay Proteccio
innovation power in
security technology
TrustWay Proteccio is a new cost-effective,
i n d u s t r y c o m p l i a n t , ra c k- m o u n t a b l e ,
network-attached hardware security module
from Atos that delivers reliable future-proof
cryptographic services.
`` Superior design combining a cryptographic
core and a protected application environment
`` Strong cryptography reflected in the
certifications it has achieved
Varied fields of use
TrustWay Proteccio meets all key market
demands when it comes to seamlessly add
hardware key protection and security to mission
critical systems such as:
`` Public Key Infrastructures
`` Certificate Authority servers
`` Time Stamping servers
`` Easy implementation in critical security and
regulatory environments like digital signature,
Service-Oriented Architecture and database
encryption.
`` Database encryption
`` SOA architectures
`` Web applications
Secure hardware key
management and
cryptographic operations
TrustWay Proteccio is designed to ensure the
integrity and security of clients’ cryptographic
operations by safeguarding their encryption
and digital signing keys on a tamper-resistant
appliance.
Easy programmability within
TrustWay Proteccio secure
boundaries
One of the outstanding innovations of TrustWay
Proteccio relies on the deployment of custom
applications that are integrated then securely
executed in the appliance.
Thus, TrustWay Proteccio provides a single
security appliance for the combination of a
standard application server platform and a
dedicated hardware security module.
TrustWay Proteccio code signing capability
ensures the integrity of the application in a trusted
OEM appliance.
Scalability and manageability
Eight independently managed cryptographic
virtual HSMs are made available for cost-effective
operational flexibility.
TrustWay Proteccio is easily installed via a local
Ethernet/IP connection. Applications access
the device using standard PKCS#11 queries
transmitted by RPC as if TrustWay Proteccio was
one of the server’s local resources.
Several TrustWay Proteccios can be used in
parallel to offer high-availability services in
a redundant architecture for mission-critical
applications.
TrustWay Proteccio
The administration and security configuration
of TrustWay Proteccio is carried out using a Java
application with a simple, user-friendly graphical
interface.
TrustWay Proteccio innovation
power in security technology
TrustWay Proteccio key benefits
Tamper-protected hardware
Strong two-factor authentication with smart
cards
M of N multi-person authentication
Easy porting of custom application in a
protected environment
Signed code to guarantee code integrity and
to prevent unauthorized code execution
Up to 8 cryptographic virtual HSMs
independently managed
Separation of duties with two-factor
authentication and dual control
Secure RPC link by SSL
Field technical assistance
Module E/S
FLASH
NOR
RJ45
RJ45
RAM
CRYPTO
RESET
USB
PCIe
USB
USB
Module
KEYBOARD
Secured
by TrustWay
USB
SCREEN
I2C
SMART CARD
EEPROM
µSD
T° SENSOR
SATA HDD
VGA
TrustWay Proteccio Architecture
Features
`` 2U Full length 19” Rack mountable
Algorithms & key management
`` Asymmetric encryption: RSA 512 to 4096 OAEP mode
`` Dimensions: 482 x 350 x 88 mm
`` Symmetric encryption: AES 128 to 256, 3DES
`` Operating temperature: 0° to 45°C
`` Digital Signing: RSA PSS, PKCS v1.5, ECDSA
`` Storage temperature: 0° to 65°C
`` Hash: MD5, SHA1, SHA 256, SHA 384, SHA 512
`` Humidity non-condensing: 10 to 90%
`` Supported named curves: ANSI, NIST, ANSSI and all curves up to 521 bits
including Brainpool curves
`` Power requirement: 100-240 VAC 50-60 HZ
Interfaces
`` Host connectivity: RPC
Certifications (in-progress)
`` Common Criteria EAL 4+ compliant with CWA 14167-2
`` 2 x 10/100/1000 Base T Ethernet ports
`` FIPS 140-2 Level 3
`` 4 x USB2 ports
`` CE (EN 55022 class A, EN55024, EN 60950, IEC950, UL1950)
`` 1 x VGA port
`` FCC part 15 class A
`` Embedded smart card reader and keyboard
`` RoHS compliant
Compatibility
`` LCD screen 2 x 16 digits
`` Reset button on front panel
APIs
`` PKCS#11
`` TrustWay Crypto PCI and TrustWay box
Available models & performances
`` TrustWay Proteccio EL : 40 TPS RSA 2048
`` OpenSSL
`` TrustWay Proteccio HR : 300 TPS RSA 2048
`` Java Computing Environment (JCE)
`` OEM Development Pack
Administration
`` Cryptographic profiles definition
`` Secure updates of embedded software
For more information:
http://www.bull.com/network-security
atos.net
All trademarks are the property of their respective owners. Atos, the Atos logo, bull atos technologies are registered trademarks of Atos. Atos reserves the right to modify this
document at any time without notice. Some offerings or parts of offerings described in this document may not be available locally. Please contact your local Atos office for
information regarding the offerings available in your country. This document does not represent a contractual commitment. - April 2015. © 2015 Atos
This brochure is printed on paper combining 40% eco-certified fibers from sustainable forests management and 60% recycled fibers in line with current environment standards (ISO 14001).
F-TrustWay Proteccio-en7
`` Load balacing capability