Utimaco’s General Purpose HSMs
Utimaco’s General Purpose HSMs for securing your most sensitive assets
Based on more than 40 years of experience in hardware-based security, Utimaco has developed and optimized a family of general purpose HSMs, with models that address different levels of performance and physical security for use cases in enterprises, government, and public administration, and large infrastructures. The Utimaco’s general purpose HSMs fulfill various compliance and regulation mandates such as eIDAS, VS-NfD, FIPS, GDPR and KassenSichV.
Providing security for cryptographic use cases
For extensive business use cases, cryptography is becoming increasingly important in infrastructures and organizations across numerous industries. As a result, there are a range of new obligations and responsibilities associated with how these secrets are processed, stored, and used, in accordance with country-specific regulations.
General Purpose Hardware Security Modules (HSMs) have long fulfilled new market obligations and responsibilities while also being the most secure method for cryptographic use cases. To ensure the safety of business secrets, HSMs are physical devices that perform cryptographic operations such as key generation and storage, identities and database management, key exchange and encryption, and decryption.
Utimaco
Security Server
Secure your organization’s most valuable assets
Secure key storage and cryptographic processing for common business applications. Root of trust for security and compliance of business applications. Utimaco Security Server adds the extra layer of security to an organization’s most valuable assets. Supporting a wide range of hardware platforms, it meets performance and security requirements of small enterprises all the way up to large crypto infrastructures.
Due to SecurityServer’s support of various cryptographic interfaces, it enables easy plug-and-play integration with common business applications for document and data encryption; document signing and code signing; issuing of certificates for company IDs, machines, or applications in a public key infrastructure (PKI); chip personalization, from key generation to key injection into passports, eID cards, printer, and many other devices; authentication of persons and devices; and many more.
- Provide secure generation, storage, and usage of keys inside the tamper protected HSM
- Provides high-quality true random number generation to ensure uniqueness of keys
- SecurityServer features are included with no additional license fees
- Configurable role-based access control and separation of functions
- 2-factor authentication with smart cards
- “m of n” quorum authentication
- Extensive remote administration and monitoring Efficient key management and HSM administration including firmware updates via remote access Automation of remote diagnosis via SNMP
Integrate with 3rd party applications
Vailable as a PCIe plug-in card or as a network-attached appliance - providing a flexible, integrated solution for numerous business applications.
Excellent Price-Performance Ratio
SecurityServer provides high performance of up to 40,000 RSA or 32,000 ECDSA signing operations for an attractive price and includes all necessary features and crypto algorithms.
Software simulator included
HSM Simulator with all SecurityServer functionalities. Fully functional runtime including all administration and configuration tools for evaluation and integration testing of SecurityServer prior to deployment in production
Security compliance mandates
Utimaco HSMs are FIPS 140-2 tested and certified. Common Criteria, PCI DSS, Deutsche Kreditwirtschaft, ISO-27001, HIPAA, eIDAS, GDPR, IT-Sicherheitsgesetz Certificate Policy of the Smart Metering PKI.
Deployment Options
on-premise or As A Service. Host the product directly on-site in your own network or data center. OR host by Utimaco certified datacenters and include everything from set-up to deployment to maintenance
Utimaco CryptoServer CP5
The eIDAS Compliant and CC-Certified Qualified Signature Creation Device (QSCD)
Generation and Storage of Qualified Certificates for Electronic Signatures and Seals
UTIMACO’s CryptoServer CP5 is a Qualified Signature/ Seal Creation Device which is operated in the secure environment of a QTSP to provide users with a remote signing functionality. When used in combination with qualified certificates, the QSCD generates qualified electronic signatures or seals as defined in eIDAS. (QSigCD) and Qualified Seal Creation Device (QSealCD).
Depending on the technology and validation behind the signature, certain types of signatures are inherently more trustworthy than others, withstanding higher legal scrutiny. Therefore, for use cases requiring qualified trust services such as government agencies, public administration, and enterprises; the CryptoServer CP5 provides the highest levels of assurance and conformity for efficient signing transactions, as a part of an eIDAS-compliant solution.
- Specifically designed for eIDAS-compliant qualified signatures and seals, remote signing and the issuing of qualified certificates
- Common Criteria-certified according to the eIDAS Protection Profile (PP) EN 419 221-5 “Cryptographic Module for Trust Services"
- Supports Trust Service Providers (TSPs) in fulfilling policy and security requirements by deploying and maintaining HSMs to be used as qualified devices for electronic signature creation
- High-quality true random number generator to ensure uniqueness of keys
- Configurable role-based access control and separation of functions
- 2-factor authentication with smartcards
- “m of n” quorum authentication
Qualified Signature / Seal Creation Device
The CryptoServer CP5 has received eIDAS certification as both a Qualified Signature and Qualified Seal Creation Device (QSCD) and can be used as a standalone QSCD or as a part of a combined QSCD with remote signing solutions
Signature Activation Module (SAM) Ready for eIDAS Server Signing
By utilizing an add-on product from UTIMACO - the CryptoServer SDK - for development of a Signature Activation Module (SAM), running inside the certified boundary of the HSM
Strong Hardware Protection of Sensitive Assets
Rely on the highly secure root of trust that CryptoServer CP5 provides to securely store sensitive assets such as private keys and data. Available as a PCIe plug-in card or as a network-attached appliance
Security compliance mandates
Utimaco Hardware Security Modules is the first HSM in the market to have achieved CC-certified based on Protection Profile EN 419 221-5. The CryptoServer Se-Series Gen2 achieves conformity with eIDAS via a Common Criteria certification acc. EN 419221-5
Deployment Options
Our on-premise options allow hosting the product directly on-site in your own network or data center. LAN Appliance and PCIe Card
Remote management and monitoring
Efficient key management and HSM administration including firmware updates via remote access. Automation of remote diagnosis via Simple Network Management Protocol
Utimaco Timestamp Server
Reliable proof of the existence and the status of documents and electronic records at a specific point in time
Prove the existence and status of a document or data at a specific point in time
The proof that a document or electronic record existed, or an event occurred, at a specific point in time is crucial for traceability in and trustworthiness of numerous business applications. The UTIMACO TimestampServer ensures the tamper-proof creation and authenticity of timestamps for electronic contracts, the reception of offers on electronic tender platforms or the submission time of a bet to an online lottery game. The UTIMACO TimestampServer ensures that timestamped data is authentic for these and similar applications. It is able to verify at all times, whether or not the timestamped data matches the exact same
form at the point in time it was logged by the timestamp.
Regular re-creation of a current timestamp guarantees continuity of the audit trail. This enables long-term archiving – year after year, even after the expiration of older signature certificates. The TimestampServer is available as network appliance.
- Secure generation, storage, and usage of keys inside the tamper-protected HSM
- High-quality true random number generator to ensure uniqueness of keys
- Configurable role-based access control and separation of functions
- 2-factor authentication with smartcards
- “m of n” quorum authentication
- Network Time Protocol (NTP) for synchronization with external time server
- Integrated GPS receiver or DCF77 receiver as optional hardware extension
Secure key generation, storage, and usage
Timestamping keys are generated, stored, and used inside the tamper protected HSM throughout their whole life to effectively protect them from theft or misuse.
High security level
The integrated HSM is certified according to FIPS 140-2 Level 3 and meets the requirements of ETSI Technical Specifications TS 102 023 and TS 101 861.
Designed for continuous operation in datacenters
Redundant field-replaceable power supplies and fans ensure continuity of operations. Remote monitoring and management reduce the Total Cost of Ownership.
Security compliance mandates
Utimaco HSMs are FIPS 140-2 tested and certified. Common Criteria, PCI DSS, Deutsche Kreditwirtschaft, ISO-27001, HIPAA, eIDAS, GDPR, IT-Sicherheitsgesetz Certificate Policy of the Smart Metering PKI.
Deployment Options
On-premise. Hosting the product directly on-site in your own network or data center (LAN Appliance). As a service u.trust Timestamping Service, eIDAS Compliant Solutions for the Digitization of Business Processes.
Utimaco CryptoServer Cloud
HSM as a Service – hosted by UTIMACO in a secure, certified datacenter
CryptoServer Cloud – The HSM as a Service
The UTIMACO CryptoServer Cloud is the Hardware Security Module as a Service that integrates seamlessly with Cloud Service Providers. It offers the same level of security as with an on-premise HSM. With CryptoServer cloud you also receive an Infrastructure as a service that protects all of your sensitive assets. UTIMACO takes care of the setup, hosting, and implementation of the HSM in the datacenter – while you maintain full (remote) control. CryptoServer Cloud includes a dedicated HSM for each customer, therefore an HSM is never shared with other customers.
CryptoServer Cloud integrates with all major Cloud Service Providers. This way, it fits perfectly into your existing cloud applications while still offering multiple migration possibilities. You can seamlessly migrate all sensitive data to another CSP– everything remains protected within the hardened environment of the FIPS 140-2 Level 3 certified Hardware Security Module. This is also ideal for all companies with a multi-cloud approach. CryptoServer Cloud is available in different appliances which vary in the signature creation performance: The CryptoServer Cloud Se500 generates up to 800 keys per second and the CryptoServer Cloud Se1500 can generate up to 1,100 keys per second. (Performance is measured in 2048-bit RSA keys per second).
- HSM as a Service – hosted by UTIMACO in a secure, certified datacenter
- Secure key generation and storage in a FIPS 140-2 Level 3 certified tamper-protected HSM
- Works with all major cloud service providers
- Provides high-quality true random number generation to ensure uniqueness of keys
- Scalable and adaptable, in line with business requirements
- Fulfills various security compliance mandates
- Secure remote access
No set-up, maintenance, or implementation efforts
Instead of having yet another hardware device to maintain, the CryptoServer Cloud is a solution that combines HSM service, maintenance, and hosting. It also transfers Capex into Opex, providing more flexibility and efficiency, and reducing management overhead.
A secure vault in the cloud
The CryptoServer Cloud is a highly secure, FIPS 140-2 Level 3 certified HSM hosted in a secure, certified datacenter. The service may be administered remotely from any location without deploying any hardware or managing any software.
Fully independent from Cloud Service Provider
CryptoServer Cloud works with all major Cloud Service Providers. The HSM is not bound to a specific vendor – therefore, perfect for multi-cloud environments
Security compliance mandates
Utimaco HSMs are FIPS 140-2 tested and certified. Common Criteria, PCI DSS, Deutsche Kreditwirtschaft, ISO-27001, HIPAA, eIDAS, GDPR, IT-Sicherheitsgesetz Certificate Policy of the Smart Metering PKI.
Deployment Options
Our As-a-service options are hosted by UTIMACO in certified datacenters and include everything from set-up to deployment to maintenance.
Security Server simulator
The Utimaco SecurityServer simulator facilitates evaluation, development and integration testing without purchase, delivery or installation of hardware. It is currently available for Windows and Linux operating systems
Utimaco Q-safe
Quantum-Resistance for a Crypto Infrastructure
Adding Quantum-Resistance for a Crypto Infrastructure
Utimaco Q-safe adds the extra layer of quantum-safe security to digital processes such as document signing or code signing, issuing of PQC or hybrid certificates for public key infrastructures (PKI), or key injection and chip personalization by executing quantum-safe crypto algorithms within the secure boundaries of the HSM.
The algorithms used by Q-safe are amongst the finalists of the ongoing NIST standardization process. Some of them have recently been endorsed by BSI (Federal Office for Information Security, Germany). These algorithms are the building blocks for quantum-safe infrastructures and for hybrid crypto schemes that will be deployed in a transition phase to defend against the threat to traditional asymmetric cryptography posed by the emergence of quantum computing.
Because the Q-safe firmware module is retrofittable, it can be easily added to the SecurityServer Se series HSM firmware. It is also available as a simulator extension, which makes evaluation and integration testing of Q-safe with business applications simple.
- Firmware extension module for installation on SecurityServer Se and SecurityServer CSe series HSMs
- Applies quantum-resistance to a crypto infrastructure
- Includes a Software simulator for evaluation and integration testing
- Supports PQC algorithms recommended by NIST & BSI: CRYSTALS-KYBER, CRYSTALS-Dilithium, XMSS, XMSS-MT, and HSS
- Secure backup and restore functionality. Available for stateful schemes
Post Quantum Cryptography (PQC) Algorithms
PQC algorithms for signature creation and key encapsulation can be applied to an existing cryptographic infrastructure.
Evaluation of a Cryptographic Infrastructure
Prepare for future challenges by using the Q-safe simulator and evaluating the performance and usability of quantum-resistant algorithms within crypto infrastructure
Retrofittable Firmware Module
Q-safe enables an additional layer of PQC security as an in-field upgrade for SecurityServer general-purpose HSMs.
Easy integration
Application integration using PKCS #11 “Vendor Defined Mechanisms”. Firmware module for in-field upgrade on your installed base of SecurityServer Se series HSMs. Library for upgrade of SecurityServer simulators, for evaluation, development, and integration testing
Support for various cryptographic algorithms
Digital signature algorithms CRYSTALS-Dilithium, HSS, XMSS and XMSS-MT. Key encapsulation algorithm CRYSTALS-KYBER
Deployment Options
Host the product directly on-site in your own network or data center (Firmware Extension). Our as-a-service options are hosted by Utimaco in certified datacenters and include everything from set-up to deployment to maintenance.
Try Utimaco Q-safe HSM Simulator.
Get in touch with Bulwark Technologies to Try Q-safe simulator which allows you to test the readiness of your infrastructure for post quantum cryptography.
Download Corporate Brochure
Utimaco General Purpose HSM's
Product Demo
Utimaco General Purpose Hardware Security Module
Schedule a demo now with Bulwark Technologies and experience the full portfolio of Utimaco HSM’s for General Purpose.
Schedule a FREE Demo
"*" indicates required fields