Professional Documents
Culture Documents
AT1000 HSM 8.46 Release Notes CB960-9001T
AT1000 HSM 8.46 Release Notes CB960-9001T
Release Notes
Internet https://support.hsm.utimaco.com
E-mail hsm@utimaco.com
All Rights reserved No part of this documentation may be reproduced in any form (printing, photocopy or
according to any other process) without the written approval of Utimaco IS GmbH or be
processed, reproduced or distributed using electronic systems.
Utimaco IS GmbH reserves the right to modify or amend the documentation at any time
without prior notice. Utimaco IS GmbH assumes no liability for typographical errors and
damages incurred due to them.
All trademarks and registered trademarks are the property of their respective owners.
Product Description
Product Description 12
Atalla Hardware Security Module (HSM) is a payments hardware security module designed to protect
customer sensitive data, perform cardholder authentication, and manage the cryptographic keys used in
ecommerce retail payment transactions.
Atalla HSM provides superior hardware security to deliver maximum privacy, integrity and performance for
host applications. It supports cryptographic operations to perform PIN translation and verification, card
verification, card production and personalization, electronic funds interchange (EFTPOS, ATM), cash-card
reloading, EMV transaction processing, and key generation and injection.
Product models
There is one physical hardware model: Atalla Hardware Security Module AT1000.
Languages
International English
Product Features
This section provides information on the Atalla HSM AT1000 hardware and software features.
Hardware features
The Atalla HSM AT1000 includes the following hardware features.
High performance Atalla Cryptographic System The ACS provides industry leading cryptographic
(ACS) command performance. All cryptographic
command processing is performed within its
security boundary. For more information about the
ACS, see section 2 of the Atalla HSM AT1000
Installation and Operations Guide.
1U form factor The Atalla HSM AT1000 is 1.7 inches (4.3 cm) high.
It is based on the HPE Proliant DL360 Gen9, and
includes dual hard disk drives, dual power load
balancing supplies, dual locking front bezel, and
redundant cooling. See section 2 of the Atalla HSM
AT1000 Installation and Operations Guide.
Four Network Interface Connectors The Atalla HSM AT1000 supports connections to
two separate networks. The Active-Backup mode
of NIC bonding provides redundancy. For
configuration information, see section 4 of the
Atalla HSM AT1000 Installation and Operations
Guide.
Front panel display with keypad The Atalla HSM AT1000’s front panel display
provides status information. You can use the
display with keypad to assign the NIC1 network
settings. The keypad is protected behind the dual
locking bezel. For information on usage, see
section 3 of the Atalla HSM AT1000 Installation and
Operations Guide.
USB 3.0 port and USB device The USB port and USB device provide the ability to
install software updates and configuration files into
the Atalla HSM AT1000. The USB port is protected
behind the dual locking bezel. For information on
usage, see section 3 of the Atalla HSM AT1000
Installation and Operations Guide.
Software features
The Atalla HSM AT1000 includes the following software features.
AES and 3DES Master File Keys (MFK) The Atalla HSM AT1000 can be configured to
support both an AES and 3DES MFK. For
information on how to initialize the Atalla HSM
AT1000, see section 3 of the Atalla Secure
Configuration Assistant-3 User Guide, or section 3 of
the Atalla Secure Configuration Assistant for
Windows User Guide.
Categorized Event Reporting The Atalla HSM AT1000 maintains three separate
logs. The System Log records system events,
including startup, status and configuration events.
The Activity Log records connection events,
including when a connection opens and closes.
The Security Audit Log records all Security
Administrator transactions. For information on the
logs and how to configure the logging level, see
sections 1 and 4 of the Atalla HSM AT1000
Installation and Operations Guide.
HSM Health Monitoring The Atalla HSM AT1000 monitors the CPU busy
percentage of the ACS. When the specified percent
value is maintained for one minute, an event record
is created in the System Log. The ACS, hard disk
drives, power supplies, and fans are continuously
monitored. Any failure generates a record in the
System Log. For information on HSM health
monitoring, see section 2 of the Atalla HSM AT1000
Installation and Operations Guide.
Network Time Protocol The Network Time Protocol (NTP) can be used to
synchronize the system clock on the Atalla HSM
AT1000. For information on system time
synchronization, see section 4 of the Atalla HSM
AT1000 Installation and Operations Guide.
Atalla Key Block (AKB), PCI-HSM, and Variant key The Atalla HSM AT1000 comes preloaded with the
management methods Atalla Key Block, key management method,
switching methods takes approximately 4 minutes,
no additional software must be installed on the
Atalla HSM AT1000. For information on the
supported commands, see the Atalla HSM AT1000
Command Reference Manual. For information on
switching key management methods, see section 4
of the Atalla HSM AT1000 Installation and
Operations Guide.
Supports most Ax160 HSM version 1.60, 1.61, 1.62, The vast majority of commands which are
and 2.30 commands. available in versions 1.60, 1.61, 1.62 and 2.30 of the
Atalla Ax160 HSM are supported in the Atalla HSM
AT1000.
Most of the printing commands in version 2.30 of
the Atalla Ax160 HSM are supported in the Atalla
Key Block version 8.34 and above.
For information on the supported commands refer
to the Atalla HSM AT1000 Command Reference
Manual.
All non-customer specific premium value
commands and options from the Atalla Ax160
HSM v2.30 and v1.60 are included in the Atalla
HSM AT1000 v8.00 and newer, they no longer
require a separate license.
https:/ support.hsm.utimaco.com
Refer to the Atalla HSM AT1000 Read Me First card for download instructions.
3. Follow the steps 5 through 13 which are specified in “Send configuration files from the USB device to
the HSM” which is located in section 3 of the Atalla HSM AT1000 Installation and Operations Guide.
Compatibility/interoperability
Required products
The Atalla HSM AT1000 requires these Atalla products. For more information on these products, see the
Secure Configuration Assistant-3 User Guide or the Secure Configuration Assistant for Windows User Guide.
Product Version
Compatible products
The Atalla HSM AT1000 is compatible with these Atalla products.
Product Version
NSPDIAG T5860AAF
New command
3AA - Proprietary Key Derivation. This is a customer specific command.
Command 11B now supports a Key Exchange Key compatible with INTERPAY key derivation.
Commands 136 and 139 - support for AKBv3 has been improved.
Customer specific commands 13E, 183, 18D, and 38D have been modified.
Command 185 now supports all security levels for SCP02 and SCP03.
Command 357 no longer checks specific values for the dCVV2 service code.
System software
Support for 802.1Q has been added. The config.prm file now contains these two new keywords:
VLAN_1, and VLAN_2. Refer to section 4, Software configuration in the Atalla HSM AT1000 Installation
and Operations Guide for more information.
The manufacturing process for the AT1000 HSM v2 now sets the system clock to Universal
Coordinated Time (UTC).
The Atalla HSM AT1000 does not support the following Atalla Ax160 HSM features.
Security Administrator V2.0 smart cards Security Administrator V3.0 smart cards are
required.
Shareholder smart cards Backup Operator V3.0 smart cards are used to
backup and restore the HSM.
Reading configuration files from the USB device at At startup the HSM does not read configuration
startup. files from the USB device. Configuration files
must be transferred to the HSM via the front
panel menu, or sent to the HSM via version 3.0 of
the SCA-3 and the Remote Management Unit.
There are multiple ways to obtain the software version in your Atalla HSM AT1000:
<1101#> or <1100#>
The response from the Atalla HSM AT1000 will be its software version.
Power on the HSM, wait approximately 3 minutes, and then observe the front panel status screens.
View the HSM’s system log, it contains a record with the response to the command <1101#>.
When a SCA-3 or SCA-W is communicating with the HSM, you can tap the HSM status icon located in the
upper left corner of the screen.
This product includes code licensed under the GNU General Public License, the GNU Lesser General Public
License, and/or certain other open source licenses. A complete machine readable copy of the source code
corresponding to such code, is available upon request.
This offer is valid to anyone in receipt of this information and shall expire three years following the date of
the final distribution of this product version by Utimaco.
freertos (9.0.0)
python (2.7)
smartmontools (6.2)
ipmitools (1.8.13)
openipmi (2.0.19)
cavium-cnnic-pci-driver (1.0)
uboot (2013.070.24)
rsyslog (7.4.7)
centos-os (7.2)
License Link:
net-snmp (5.7.3)
lcdproc (0.5.7)
openssl (1.0.1j)
openssl (1.0.2d)
E-mail: support@utimaco.com
AMERICAS
+1 844-UTIMACO (+1 844-884-6226)
EMEA
+49 800-627-3081
APAC
+81 800-919-1301
Error messages
Detailed questions
24-hour support
24-hour emergency support is available to those customers who have valid service contracts. Use this
service for product and system emergencies that occur after normal working hours or on weekends and
U.S. holidays. Questions about product installation and setup are supported during normal working hours.
For 24-hour emergency support call one of the toll-free phone numbers listed above. Select Option 4 for
Atalla Support to open a critical support ticket.
Download portal
You can obtain software/documentation from: https://support.hsm.utimaco.com.