How to Develop a Certified Cloud Service (U23a)
This presentation is a joined case study between Bundesdruckerei & Deutsche Fiskal and PrimeKey. It will show how to design and implement a Common Criteria Certified Cloud Service for fiscalization. Also it will outline why Hardware Security Modules are not the first choice for a Trusted Cloud Infrastructure and how a a secure execution Hardware is the much better technology. Deutsche Fiskal and Bundesdruckerei subsidiary D-TRUST are the first cloud providers who offers a certified solution for implementing the German Cash Register Security Regulation (KassenSichV), with the use of PrimeKey SEE (secure execution hardware). Within this presentation we will outline – how the architecture of the cloud service was developed. – why classic hardware security modules fails and reach their limits. (performance, cost, Development process, certification) – which innovations are used in the area of security modules (PrimeKey SEE). – how the Common Criteria certification of the cloud service looks like.