Utimaco Atalla

{{Infobox company

| name = Atalla

| type = Privately owned

| industry = Computer software
Enterprise software
Encryption / Cryptography
Hardware security modules
Internet security

| founded = {{start date and age|1973}}

| founder = Mohamed M. Atalla

| owner = Utimaco

| location_city = Campbell, California

| location_country = USA

| website = {{URL|hsm.utimaco.com}}

}}

Utimaco Atalla, founded as Atalla Technovation and formerly known as Atalla Corporation or HP Atalla, is a security vendor, active in the market segments of data security and cryptography.{{cite news |last1=Novinson |first1=Michael |title=Utimaco set to acquire Atalla |url=https://www.crn.com/news/security/300103886/utimaco-launches-payments-blitz-with-plan-to-buy-atalla-cryptography-key-unit.htm |access-date=13 May 2019 |publisher=CRN |date=23 February 2018}} Atalla provides government-grade end-to-end products in network security,{{cite book |last1=Albelooshi |first1=Bushra |last2=Damiani |first2=Ernesto |last3=Salah |first3=Khaled |last4=Martin |first4=Thomas |chapter=Securing Cryptographic Keys in the IaaS Cloud Model |title=2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC) |date=December 2015 |pages=397–401 |chapter-url=https://ieeexplore.ieee.org/document/7431439 |access-date=13 May 2019 |doi=10.1109/UCC.2015.64|isbn=978-0-7695-5697-0 |s2cid=15645480 }} and hardware security modules (HSMs) used in automated teller machines (ATMs) and Internet security. The company was founded by Egyptian engineer Mohamed M. Atalla in 1972. Atalla HSMs are the payment card industry's de facto standard,{{cite web |last1=Turajski |first1=Nathan |title=Stronger together – Voltage SecureData enabled with Atalla HSM protection |url=https://community.microfocus.com/t5/Security-Blog/Stronger-together-Voltage-SecureData-enabled-with-Atalla-HSM/ba-p/1629226 |website=Micro Focus |access-date=13 October 2019 |date=17 January 2018}} protecting 250{{nbsp}}million card transactions daily (more than {{#expr:0.25*365 round -1}}{{nbsp}}billion transactions annually) as of 2013, and securing the majority of the world's ATM transactions as of 2014.

Company history

= 1970s =

The company was originally founded in 1972,{{cite web |last1=Langford |first1=Susan |title=ATM Cash-out Attacks |url=https://h41382.www4.hpe.com/gfs-shared/20140318153228.pdf |website=Hewlett Packard Enterprise |publisher=Hewlett-Packard |year=2013 |access-date=21 August 2019}} initially as Atalla Technovation, before it was later called Atalla Corporation.{{cite web |title=The Economic Impacts of NIST's Data Encryption Standard (DES) Program |url=https://www.nist.gov/sites/default/files/documents/2017/05/09/report01-2.pdf |website=National Institute of Standards and Technology |publisher=United States Department of Commerce |date=October 2001 |access-date=21 August 2019 |url-status=dead |archive-url=https://web.archive.org/web/20170702025500/http://www.nist.gov/sites/default/files/documents/2017/05/09/report01-2.pdf |archive-date=2017-07-02}} The company was founded by Dr. Mohamed M. Atalla, the inventor of the MOSFET (metal–oxide–semiconductor field-effect transistor).{{cite web |last1=Rupp |first1=Martin |title=The Benefits of the Atalla Key Block |url=https://content.hsm.utimaco.com/blog/the-benefits-of-atalla-key-block |website=Utimaco |date=16 August 2019 |access-date=10 September 2019 |archive-date=17 October 2020 |archive-url=https://web.archive.org/web/20201017215047/https://content.hsm.utimaco.com/blog/the-benefits-of-atalla-key-block |url-status=dead }} In 1972, Atalla filed {{US patent|3938091}} for a remote PIN verification system, which utilized encryption techniques to assure telephone link security while entering personal ID information, which would be transmitted as encrypted data over telecommunications networks to a remote location for verification.

He invented the first hardware security module (HSM),{{cite web |last1=Stiennon |first1=Richard |title=Key Management a Fast Growing Space |url=https://securitycurrent.com/key-management-a-fast-growing-space/ |website=SecurityCurrent |publisher=IT-Harvest |access-date=21 August 2019 |date=17 June 2014}} dubbed the "Atalla Box", a security system which encrypted PIN and ATM messages, and protected offline devices with an un-guessable PIN-generating key.{{cite book |last1=Bátiz-Lazo |first1=Bernardo |title=Cash and Dash: How ATMs and Computers Changed Banking |date=2018 |publisher=Oxford University Press |isbn=9780191085574 |pages=284 & 311 |url=https://books.google.com/books?id=rWhiDwAAQBAJ&pg=PA284}} He commercially released the "Atalla Box" in 1973. The product was released as the Identikey. It was a card reader and customer identification system, providing a terminal with plastic card and PIN capabilities. The system was designed to let banks and thrift institutions switch to a plastic card environment from a passbook program. The Identikey system consisted of a card reader console, two customer PIN pads, intelligent controller and built-in electronic interface package.{{cite journal |title=ID System Designed as NCR 270 Upgrade |journal=Computerworld |date=13 February 1978 |volume=12 |issue=7 |page=49 |url=https://books.google.com/books?id=fB-Te8d5hO8C&pg=PA49 |publisher=IDG Enterprise}} The device consisted of two keypads, one for the customer and one for the teller. It allowed the customer to type in a secret code, which is transformed by the device, using a microprocessor, into another code for the teller.{{cite journal |title=Four Products for On-Line Transactions Unveiled |journal=Computerworld |date=26 January 1976 |volume=10 |issue=4 |page=3 |url=https://books.google.com/books?id=3u9H-xL4sZAC&pg=PA3 |publisher=IDG Enterprise}} The Identikey system connected directly into the ATM without hardware or software changes, and was designed for easy operation by the teller and customer. During a transaction, the customer's account number was read by the card reader. This process replaced manual entry and avoided possible key stroke errors. It allowed users to replace traditional customer verification methods such as signature verification and test questions with a secure PIN system.

A key innovation of the Atalla Box was the key block, which is required to securely interchange symmetric keys or PINs with other actors of the banking industry. This secure interchange is performed using the Atalla Key Block (AKB) format, which lies at the root of all cryptographic block formats used within the Payment Card Industry Data Security Standard (PCI DSS) and American National Standards Institute (ANSI) standards.

Fearful that Atalla would dominate the market, banks and credit card companies began working on an international standard. The work of Atalla led to the use of high security modules. Its PIN verification process was similar to the later IBM 3624 system.{{cite journal |last1=Konheim |first1=Alan G. |title=Automated teller machines: their history and authentication protocols |journal=Journal of Cryptographic Engineering |date=1 April 2016 |volume=6 |issue=1 |pages=1–29 |doi=10.1007/s13389-015-0104-3 |s2cid=1706990 |url=https://slideheaven.com/automated-teller-machines-their-history-and-authentication-protocols.html |issn=2190-8516}} Atalla was an early competitor to IBM in the banking market, and was cited as an influence by IBM employees who worked on the Data Encryption Standard (DES).

At the National Association of Mutual Savings Banks (NAMSB) conference in January 1976, Atalla announced an upgrade to its Identikey system, called the Interchange Identikey. It added the capabilities of processing online transactions and dealing with network security. Designed with the focus of taking bank transactions online, the Identikey system was extended to shared-facility operations. It was consistent and compatible with various switching networks, and was capable of resetting itself electronically to any one of 64,000 irreversible nonlinear algorithms as directed by card data information. The Interchange Identikey device was released in March 1976. It was one of the first products designed to deal with online transactions, along with Bunker Ramo Corporation products unveiled at the same NAMSB conference. In 1979, Atalla introduced the first network security processor (NSP).{{cite web |last1=Burkey |first1=Darren |title=Data Security Overview |url=http://www.gtug.de/HotSpot2018/download/Presentation/C108-Burkey.pdf |publisher=Micro Focus |date=May 2018 |access-date=21 August 2019}} In recognition of his work on the PIN system of information security management, Atalla has been referred to as the "Father of the PIN"{{cite web|title=Martin M. (John) Atalla|url=http://www.purdue.edu/uns/html3month/hondocs03/03.ATALLA.html|website=Purdue University|year=2003|access-date=2 October 2013}}{{cite news |title=Security guru tackles Net: Father of PIN 'unretires' to launch TriStrata |url=https://www.bizjournals.com/sanfrancisco/stories/1999/05/03/story3.html |access-date=23 July 2019 |work=The Business Journals |publisher=American City Business Journals |date=May 2, 1999}}{{cite news |title=Purdue Schools of Engineering honor 10 distinguished alumni |url=https://www.newspapers.com/newspage/265046278/ |work=Journal & Courier |date=May 5, 2002 |page=33}} and as a father of information security technology.{{cite news |last1=Allen |first1=Frederick E. |title=Honoring The Creators Of The Computerized World |url=https://www.forbes.com/2009/05/04/computer-inventors-induction-leadership-citizenship-halloffame.html |access-date=7 October 2019 |work=Forbes |date=May 4, 2009}}

= 1980s{{ndash}}present =

It merged in 1987 with Tandem Computers, who were then acquired by Compaq in 1997.{{cite news |last1=Chandrasekaran |first1=Rajiv |title=Compaq to acquire Tandem Computers |url=https://www.washingtonpost.com/archive/business/1997/06/24/compaq-to-acquire-tandem-computers/cd378caa-c887-4181-bb03-f9e6f04d411e/?noredirect=on |newspaper=The Washington Post |date=24 June 1997}} The Atalla Box protected over 90% of all ATM networks in operation as of 1998,{{cite journal |last1=Hamscher |first1=Walter |last2=MacWillson |first2=Alastair |last3=Turner |first3=Paul |title=Electronic Business without Fear : The Tristrata Security Architecture |publisher=Price Waterhouse |date=1998 |website=Semantic Scholar |s2cid=18375242 |url=http://pdfs.semanticscholar.org/6628/269799be00f3f97c15bf1aea2488afbe6c0a.pdf |archive-url=https://web.archive.org/web/20190225173603/http://pdfs.semanticscholar.org/6628/269799be00f3f97c15bf1aea2488afbe6c0a.pdf |url-status=dead |archive-date=2019-02-25 |access-date=7 October 2019}} and secured 85% of all ATM transactions worldwide as of 2006.{{cite web |title=Portfolio Overview for Payment & GP HSMs |url=https://hsm.utimaco.com/wp-content/uploads/2018/12/20181206-Utimaco-webinar-Vision-for-Atalla-Portfolio-Overview-Payment-GP-HSMs.pdf |website=Utimaco |access-date=22 July 2019 |archive-date=21 July 2021 |archive-url=https://web.archive.org/web/20210721060737/https://hsm.utimaco.com/wp-content/uploads/2018/12/20181206-Utimaco-webinar-Vision-for-Atalla-Portfolio-Overview-Payment-GP-HSMs.pdf |url-status=dead }} In 2001, HP acquired Compaq.{{Cite web|last=Wright|first=Rob|date=2011-09-08|title=The HP-Compaq Merger: Partners Reflect 10 Years Later|url=https://www.crn.com/news/mobility/231601009/the-hp-compaq-merger-partners-reflect-10-years-later.htm|access-date=2021-12-14|website=CRN}}{{Cite web|last=Gold|first=Miriam|date=2002-02-08|title=HP/Compaq - Acquisition timeline|url=https://www.computerworld.com/article/2792680/hp-compaq---acquisition-timeline.html|access-date=2021-12-14|website=Computerworld|language=en}} In 2015, HP was divided into two companies, and the Atalla products were assigned to the newly formed Hewlett Packard Enterprise (HPE).

On September 7, 2016, HPE CEO Meg Whitman announced that the software assets of Hewlett Packard Enterprise, including Atalla, would be spun out and then merged with Micro Focus to create an independent company of which HP Enterprise shareholders would retain majority ownership. Micro Focus CEO Kevin Loosemore called the transaction "entirely consistent with our established acquisition strategy and our focus on efficient management of mature infrastructure products" and indicated that Micro Focus intended to "bring the core earnings margin for the mature assets in the deal - about 80 percent of the total - from 21 percent today to Micro Focus's existing 46 percent level within three years."{{cite web |url=https://www.reuters.com/article/us-hpenterprise-software-microfocus-idUSKCN11D2EU |title=HP Enterprise strikes $8.8 billion deal with Micro Focus for software assets |work=Reuters |date=8 September 2016 |last1=Sandle |first1=Paul |last2=Baker |first2=Liana B. |access-date=2016-09-13}} The merger concluded on September 1, 2017.

On 18 May 2018, Utimaco, a German producer of hardware security modules, announced its intent to acquire the Atalla HSM and ESKM (Enterprise Secure Key Manager) business lines from Micro Focus.{{Cite news|url=https://hsm.utimaco.com/de/news/utimaco-beabsichtigt-atalla-von-micro-focus-zu-uebernehmen/|title=Utimaco beabsichtigt, Atalla von Micro Focus zu übernehmen - Utimaco HSM|work=Utimaco HSM|access-date=2018-06-25|language=de-DE}}{{Cite web |title=Utimaco Announces Intent to Acquire Atalla from Micro Focus - Utimaco |url=https://www.utimaco.com/current-topics/press-releases/utimaco-announces-intent-acquire-atalla-micro-focus |archive-url=https://web.archive.org/web/20220115053901/https://www.utimaco.com/current-topics/press-releases/utimaco-announces-intent-acquire-atalla-micro-focus |archive-date=2022-01-15 |access-date=2022-01-14 |website=www.utimaco.com|date=18 May 2018 }} The venture received United States regulatory clearance in October 2018.{{cite news |title=Utimaco Cleared to Complete Acquisition of Atalla |url=https://www.mobilepaymentstoday.com/news/utimaco-set-to-acquire-atalla/ |publisher=Mobile Payments Today |date=23 October 2018}}

Product overview

Atalla is a multi-chip embedded cryptographic module, which consists of a hardware platform, a firmware secure loader, and firmware. The purpose of the module is to load Approved application programs, also referred to as personalities, securely. The firmware monitors the physical security of the cryptographic module. Verification that the module is approved can be observed.{{citation needed|date=March 2022}}

The Atalla security policy addresses the hardware and the firmware secure loader. This approach creates a security platform able to load secure code. Once control passes from the loader, the module is no longer operating in FIPS mode. Note: that no personality will have access to the module's secret keys.{{cite news |title=Hewlett-Packard – Atalla Security Products: Atalla Cryptographic Subsystem (ACS) Security Policy |url=https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1441.pdf |volume=1 |publisher=National Institute of Standards and Technology |date=28 October 2010}} The cryptographic boundary of the ACS for the FIPS 140-2 Level 3 validation is the outer perimeter of the secure metal enclosure that encompasses all critical security components.{{cite journal |last1=Computer Security Resource Center |title=FIPS 140-2 Security Requirements for Cryptographic Modules |url=https://csrc.nist.gov/publications/detail/fips/140/2/final |publisher=National Institute of Standards and Technology |access-date=13 May 2019|date=2002-12-03 |doi=10.6028/NIST.FIPS.140-2 |citeseerx=10.1.1.21.574 }}