VINCI Autoroutes Keeps France’s Roads Moving with Quick, Seamless, and Secure Payments System
Read this case study to learn how nShield HSMs helped a transportation infrastructure leader secure its PKI, protect its cryptographic keys, and achieve PCI DSS certification.
Customer Profile
VINCI Autoroutes is a global leader in mobility infrastructure and is committed to achieving and sharing sustainable growth with regions and communities. VINCI Autoroutes operates toll-road motorways as a concession holder to the French government and a partner to local authorities.
VINCI Autoroutes serves 10 regions in France, 45 administrative departments, 14 major cities, over 100 towns with a population of more than 10,000, and thousands of rural communities located near its motorway network under concession, which measures 4,443 km. By linking regions together and fostering new uses for motorways, VINCI Autoroutes contributes to the development of clean, connected, and safe mobility, itself a catalyst of economic and social cohesion.
Business need
- Protect personal and payment data of toll-road motorway
- Maintain trust in VINCI Autoroutes’ payment system
Technology need
- Upgrade legacy PKI to help meet PCI DSS requirements
Solution
- Entrust nShield HSMs
- Entrust nShield Security World architecture
- Microsoft Active Directory Certificate Services
Results
- Seamless transition from legacy to new PKI
- Increased digital security • PCI DSS certification
Business Challenge
When collecting road tolls, no one wants a traffic jam. It is therefore essential to address the challenges of managing high- volume transactions, seamless revenue collection, and responsive customer service, all at the same time. Stopping at toll booths can prove to be a bit of a nuisance, scrabbling for loose change or a debit or credit card. This can be avoided with Télépéage.
A Télépéage toll tag device can be purchased and fitted to a car, allowing drivers to use French toll roads without the need to physically stop and pay at the barrier. Instead, it automatically allows your vehicle through at the designated lanes. The tag is the payment method for the tolls so everything is charged to a card via the tag. But what about security? The Télépéage toll devices are associated with bank accounts and personally identifiable information (PII), so to ensure digital security and user trust in the overall system, that sensitive information must be protected.
Technical Challenge
VINCI Autoroutes needed to upgrade its systems to maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS V2 and soon V3), General Data Protection Regulation (GDPR), and other EU regulations. The IT staff were also keen to put in place a robust system that would not only address today’s cybersecurity threats but also protect them from future evolving threats. In this specific case, the technical challenge was to upgrade its public key infrastructure (PKI) and its existing hardware security module (HSM) estate to help meet security best practices and the new regulatory demands.
Solution
VINCI Autoroutes has been using Entrust nShield HSMs as a high-assurance root of trust for its PKI with great results for more than 10 years. So, there was no question in their minds regarding which HSM they would choose for the upgrade. Entrust nShield HSMs are among the highest-performing, most secure, and easy-to-integrate HSM solutions available, facilitating regulatory compliance and delivering the highest levels of data and application security for enterprise, financial, and government organizations. The unique Security World key management architecture provides strong, granular controls over access and usage of keys.
The new system uses Microsoft Active Directory Certificate Services to issue, manage, and validate the digital identities used to bind the Télépéage toll tags, bank account details, and PII to their corresponding private keys. All the information is stored in an Oracle database. The validity of each issued certificate depends on the protection of the certificate authority key issuing the identities. The nShield HSMs protect these certificate authority keys as well as the master key used to protect the database encryption key stored in the Oracle Wallet.
Security World Architecture
The nShield Security World architecture supports a specialized key management framework that spans the entire nShield family of general-purpose hardware security modules (HSMs). Whether deploying high-performance, shareable, network-attached HSM appliances, host-embedded HSM cards, or USB- attached portable HSMs, the Security World architecture provides a unified administrator and user experience and guaranteed interoperability whether the customer deploys one or hundreds of devices.
Through nShield Security World, users can easily establish a logical security boundary for managing groups of HSMs. By leveraging this architecture, security teams can realize the following advantages:
- Enhanced security
- Enhanced operational efficiency
- Increased resilience
- System flexibility and scalability
Results
VINCI Autoroutes has been able to update its legacy system, increasing its robustness and level of digital security, keeping the motorways of France moving – safely and securely. In addition, the upgraded technology provided by Entrust helped VINCI Autoroutes receive its PCI DSS certification, the set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment.
Related Products & Services
Entrust nShield HSMs
FIPS-certified, tamper-resistant devices for secure cryptographic processing, key generation and protection, encryption, key management, and more.
Entrust PKI
Meet the demands for encryption everywhere. Trust your business with on-premises and managed PKI solutions from the world’s leading PKI provider.
Microsoft Active Directory Certificate Services
Entrust offers numerous proven integrations with Microsoft through our strategic and technology partnership.
Fill out the form to have one of our experts contact you to discuss how our solutions can serve you.