UKO security and compliance

Data encryption

UKO uses a hardware security module (HSM) to generate key material that you manage and perform cryptographic operations. . Built on FIPS 140-2 Level 4-certified HSMs, UKO offers the highest security level for cloud-based HSMs and stores cryptographic key material without exposing keys outside of a cryptographic boundary.

Access to the service takes place over HTTPS, and internal communication uses the Transport Layer Security (TLS) 1.2 and 1.3 protocol to encrypt data in transit.

Common Criteria EAL4 certified

The Hardware Security Modules (HSM) supported by UKO are:

• IBM 4768 or the Crypto Express 6S (CEX6S)
• IBM 4769 or the Crypto Express 7S (CEX7S)
• IBM 4770 or the Crypto Express 8S (CEX8S)

All CEX6S, CEX7S, and CEX8S are Common Criteria EAL4 certified to meet the security requirements defined by the Common Criteria for Information Technology Security Evaluation.

Common Criteria is an international standard (ISO/IEC 15408) to assess the security of computer security products. Common Criteria provides assurance that the process of specification, implementation, and evaluation of a computer security product is complied with the standards and requirements defined.

FIPS 140-2 Level 4

The Federal Information Processing Standard (FIPS) Publication 140-2 is a US government computer security standard that is used to approve cryptographic modules.

FIPS 140-2 defines four levels of security, including FIPS 140-2 Level 1, 2, 3, and 4. FIPS 140-2 Level 4 is the highest level of security. At this security level, the physical security mechanisms provide a complete envelope of protection around the cryptographic module with the intent of detecting and responding to all unauthorized attempts at physical access. Penetration of the cryptographic module enclosure from any direction has a high probability of being detected, resulting in the immediate zeroization of all plain text critical security parameters (CSPs).