COMPLETE TRUST SERVICE
Secure data generation and injection into secure elements is at the heart of many connected systems such as Internet of Things, anticounterfeiting or traceability of goods. WISeKey presents VaultiTrust™, a unique comprehensive service to support the deployment of such systems. VaultiTrust takes advantage of WISeKey’s government grade security certified premises and end-to-end digital security management to, for instance, generate keys and efficiently install them into chips. A web portal complements the service by offering an easy way to configure, manage and track production.
TRUSTED DATA GENERATION
With VaultiTrust, the managed data can be static (same for a whole batch of chips), dynamic (unique per chip) or security related (keys and digital certificates). This is all configured through the web portal.
WISeKey operates FIPS 140-2 Level 3 certified Hardware Security Modules (HSM) to efficiently generate secure data. These HSM are located in a WISeKey Common Criteria EAL5+ and ISO27001 certified backed up data center. Upon customer’s specifications, the HSM can be dedicated or shared. WISeKey also offers a cryptography customization service whenever needed.
When used in Public Key Infrastructure (PKI), a certificate’s status can be verified from a Certificate Revocation List (CRL) or by using the Online Certificate Status Protocol (OCSP). VaultiTrust data generation and chip provisioning is designed to meet any customer’s project size thanks to a fully scalable system.
KEY FEATURES
- Highly secure Common Criteria EAL5+ and ISO27001 certified generation and production backed up environment.
- Supports any standard or proprietary, symmetric or asymmetric cryptography
- Secure web portal for configuration, management and tracking
- Scalable from pre-series to large volumes
- Fast and customizable service
- Static & dynamic FIPS140-2 Level 3 HSM based keys and data generation
- Trusted generation of any type of PKI certificates (X509, SCP11)
VAULTiTRUST DATA FLOW
CHIP PROVISIONING
WISeKey enhances the security and efficiency of any connected system by offering the provisioning of secure elements as a service. Once generated by WISeKey or its customers, personalization data are entered into VaultiTrust secure web portal. They can then be individually injected into the chips either at wafer level or in package. This is all managed in a Common Criteria EAL5+ and ISO27001 certified manufacturing environment. The secure web portal gives customers a way to completely configure and track their chips manufacturing.
PKI CERTIFICATE AUTHORITY
When applicable, VaultiTrust secure data generation fully supports the PKI certificate signature by a Certificate Authority (CA), allowing this PKI specific trust hierarchy. To make this flexible, WISeKey has defined various trust configurations involving various CA levels. As a trust partner, WISeKey can operate this CA. As a service, WISeKey can also help its customers to operate their own private CA and define their own PKI architecture.