Utimaco’s General Purpose HSMs

Utimaco’s General Purpose HSMs for securing your most sensitive assets

Based on more than 40 years of experience in hardware-based security, Utimaco has developed and optimized a family of general purpose HSMs, with models that address different levels of performance and physical security for use cases in enterprises, government, and public administration, and large infrastructures. The Utimaco’s general purpose HSMs fulfill various compliance and regulation mandates such as eIDAS, VS-NfD, FIPS, GDPR and KassenSichV.

Providing security for cryptographic use cases

For extensive business use cases, cryptography is becoming increasingly important in infrastructures and organizations across numerous industries. As a result, there are a range of new obligations and responsibilities associated with how these secrets are processed, stored, and used, in accordance with country-specific regulations.

General Purpose Hardware Security Modules (HSMs) have long fulfilled new market obligations and responsibilities while also being the most secure method for cryptographic use cases. To ensure the safety of business secrets, HSMs are physical devices that perform cryptographic operations such as key generation and storage, identities and database management, key exchange and encryption, and decryption.

Secure your organization’s most valuable assets

Secure key storage and cryptographic processing for common business applications. Root of trust for security and compliance of business applications. Utimaco Security Server adds the extra layer of security to an organization’s most valuable assets. Supporting a wide range of hardware platforms, it meets performance and security requirements of small enterprises all the way up to large crypto infrastructures.

Due to SecurityServer’s support of various cryptographic interfaces, it enables easy plug-and-play integration with common business applications for document and data encryption; document signing and code signing; issuing of certificates for company IDs, machines, or applications in a public key infrastructure (PKI); chip personalization, from key generation to key injection into passports, eID cards, printer, and many other devices; authentication of persons and devices; and many more.

Provide secure generation, storage, and usage of keys inside the tamper protected HSM
Provides high-quality true random number generation to ensure uniqueness of keys
SecurityServer features are included with no additional license fees
Configurable role-based access control and separation of functions
2-factor authentication with smart cards
“m of n” quorum authentication
Extensive remote administration and monitoring Efficient key management and HSM administration including firmware updates via remote access Automation of remote diagnosis via SNMP

Integrate with 3rd party applications

Vailable as a PCIe plug-in card or as a network-attached appliance - providing a flexible, integrated solution for numerous business applications.

Excellent Price-Performance Ratio

SecurityServer provides high performance of up to 40,000 RSA or 32,000 ECDSA signing operations for an attractive price and includes all necessary features and crypto algorithms.

Software simulator included

HSM Simulator with all SecurityServer functionalities. Fully functional runtime including all administration and configuration tools for evaluation and integration testing of SecurityServer prior to deployment in production

Security compliance mandates

Utimaco HSMs are FIPS 140-2 tested and certified. Common Criteria, PCI DSS, Deutsche Kreditwirtschaft, ISO-27001, HIPAA, eIDAS, GDPR, IT-Sicherheitsgesetz Certificate Policy of the Smart Metering PKI.

Deployment Options

on-premise or As A Service. Host the product directly on-site in your own network or data center. OR host by Utimaco certified datacenters and include everything from set-up to deployment to maintenance

Generation and Storage of Qualified Certificates for Electronic Signatures and Seals

UTIMACO’s CryptoServer CP5 is a Qualified Signature/ Seal Creation Device which is operated in the secure environment of a QTSP to provide users with a remote signing functionality. When used in combination with qualified certificates, the QSCD generates qualified electronic signatures or seals as defined in eIDAS. (QSigCD) and Qualified Seal Creation Device (QSealCD).

Depending on the technology and validation behind the signature, certain types of signatures are inherently more trustworthy than others, withstanding higher legal scrutiny. Therefore, for use cases requiring qualified trust services such as government agencies, public administration, and enterprises; the CryptoServer CP5 provides the highest levels of assurance and conformity for efficient signing transactions, as a part of an eIDAS-compliant solution.

Specifically designed for eIDAS-compliant qualified signatures and seals, remote signing and the issuing of qualified certificates
Common Criteria-certified according to the eIDAS Protection Profile (PP) EN 419 221-5 “Cryptographic Module for Trust Services"
Supports Trust Service Providers (TSPs) in fulfilling policy and security requirements by deploying and maintaining HSMs to be used as qualified devices for electronic signature creation
High-quality true random number generator to ensure uniqueness of keys
Configurable role-based access control and separation of functions
2-factor authentication with smartcards
“m of n” quorum authentication

Qualified Signature / Seal Creation Device

The CryptoServer CP5 has received eIDAS certification as both a Qualified Signature and Qualified Seal Creation Device (QSCD) and can be used as a standalone QSCD or as a part of a combined QSCD with remote signing solutions

Signature Activation Module (SAM) Ready for eIDAS Server Signing

By utilizing an add-on product from UTIMACO - the CryptoServer SDK - for development of a Signature Activation Module (SAM), running inside the certified boundary of the HSM

Strong Hardware Protection of Sensitive Assets

Rely on the highly secure root of trust that CryptoServer CP5 provides to securely store sensitive assets such as private keys and data. Available as a PCIe plug-in card or as a network-attached appliance

Security compliance mandates

Utimaco Hardware Security Modules is the first HSM in the market to have achieved CC-certified based on Protection Profile EN 419 221-5. The CryptoServer Se-Series Gen2 achieves conformity with eIDAS via a Common Criteria certification acc. EN 419221-5

Deployment Options

Our on-premise options allow hosting the product directly on-site in your own network or data center. LAN Appliance and PCIe Card

Remote management and monitoring

Efficient key management and HSM administration including firmware updates via remote access. Automation of remote diagnosis via Simple Network Management Protocol

Prove the existence and status of a document or data at a specific point in time

The proof that a document or electronic record existed, or an event occurred, at a specific point in time is crucial for traceability in and trustworthiness of numerous business applications. The UTIMACO TimestampServer ensures the tamper-proof creation and authenticity of timestamps for electronic contracts, the reception of offers on electronic tender platforms or the submission time of a bet to an online lottery game. The UTIMACO TimestampServer ensures that timestamped data is authentic for these and similar applications. It is able to verify at all times, whether or not the timestamped data matches the exact same
form at the point in time it was logged by the timestamp.

Regular re-creation of a current timestamp guarantees continuity of the audit trail. This enables long-term archiving – year after year, even after the expiration of older signature certificates. The TimestampServer is available as network appliance.

Secure generation, storage, and usage of keys inside the tamper-protected HSM
High-quality true random number generator to ensure uniqueness of keys
Configurable role-based access control and separation of functions
2-factor authentication with smartcards
“m of n” quorum authentication
Network Time Protocol (NTP) for synchronization with external time server
Integrated GPS receiver or DCF77 receiver as optional hardware extension

Secure key generation, storage, and usage

Timestamping keys are generated, stored, and used inside the tamper protected HSM throughout their whole life to effectively protect them from theft or misuse.

High security level

The integrated HSM is certified according to FIPS 140-2 Level 3 and meets the requirements of ETSI Technical Specifications TS 102 023 and TS 101 861.

Designed for continuous operation in datacenters

Redundant field-replaceable power supplies and fans ensure continuity of operations. Remote monitoring and management reduce the Total Cost of Ownership.

Security compliance mandates

Deployment Options

On-premise. Hosting the product directly on-site in your own network or data center (LAN Appliance). As a service u.trust Timestamping Service, eIDAS Compliant Solutions for the Digitization of Business Processes.

CryptoServer Cloud – The HSM as a Service

The UTIMACO CryptoServer Cloud is the Hardware Security Module as a Service that integrates seamlessly with Cloud Service Providers. It offers the same level of security as with an on-premise HSM. With CryptoServer cloud you also receive an Infrastructure as a service that protects all of your sensitive assets. UTIMACO takes care of the setup, hosting, and implementation of the HSM in the datacenter – while you maintain full (remote) control. CryptoServer Cloud includes a dedicated HSM for each customer, therefore an HSM is never shared with other customers.

CryptoServer Cloud integrates with all major Cloud Service Providers. This way, it fits perfectly into your existing cloud applications while still offering multiple migration possibilities. You can seamlessly migrate all sensitive data to another CSP– everything remains protected within the hardened environment of the FIPS 140-2 Level 3 certified Hardware Security Module. This is also ideal for all companies with a multi-cloud approach. CryptoServer Cloud is available in different appliances which vary in the signature creation performance: The CryptoServer Cloud Se500 generates up to 800 keys per second and the CryptoServer Cloud Se1500 can generate up to 1,100 keys per second. (Performance is measured in 2048-bit RSA keys per second).

HSM as a Service – hosted by UTIMACO in a secure, certified datacenter
Secure key generation and storage in a FIPS 140-2 Level 3 certified tamper-protected HSM
Works with all major cloud service providers
Provides high-quality true random number generation to ensure uniqueness of keys
Scalable and adaptable, in line with business requirements
Fulfills various security compliance mandates
Secure remote access

No set-up, maintenance, or implementation efforts

Instead of having yet another hardware device to maintain, the CryptoServer Cloud is a solution that combines HSM service, maintenance, and hosting. It also transfers Capex into Opex, providing more flexibility and efficiency, and reducing management overhead.

A secure vault in the cloud

The CryptoServer Cloud is a highly secure, FIPS 140-2 Level 3 certified HSM hosted in a secure, certified datacenter. The service may be administered remotely from any location without deploying any hardware or managing any software.

Fully independent from Cloud Service Provider

CryptoServer Cloud works with all major Cloud Service Providers. The HSM is not bound to a specific vendor – therefore, perfect for multi-cloud environments

Security compliance mandates

Deployment Options

Our As-a-service options are hosted by UTIMACO in certified datacenters and include everything from set-up to deployment to maintenance.

Security Server simulator

The Utimaco SecurityServer simulator facilitates evaluation, development and integration testing without purchase, delivery or installation of hardware. It is currently available for Windows and Linux operating systems

Adding Quantum-Resistance for a Crypto Infrastructure

Utimaco Q-safe adds the extra layer of quantum-safe security to digital processes such as document signing or code signing, issuing of PQC or hybrid certificates for public key infrastructures (PKI), or key injection and chip personalization by executing quantum-safe crypto algorithms within the secure boundaries of the HSM.

The algorithms used by Q-safe are amongst the finalists of the ongoing NIST standardization process. Some of them have recently been endorsed by BSI (Federal Office for Information Security, Germany). These algorithms are the building blocks for quantum-safe infrastructures and for hybrid crypto schemes that will be deployed in a transition phase to defend against the threat to traditional asymmetric cryptography posed by the emergence of quantum computing.

Because the Q-safe firmware module is retrofittable, it can be easily added to the SecurityServer Se series HSM firmware. It is also available as a simulator extension, which makes evaluation and integration testing of Q-safe with business applications simple.

Firmware extension module for installation on SecurityServer Se and SecurityServer CSe series HSMs
Applies quantum-resistance to a crypto infrastructure
Includes a Software simulator for evaluation and integration testing
Supports PQC algorithms recommended by NIST & BSI: CRYSTALS-KYBER, CRYSTALS-Dilithium, XMSS, XMSS-MT, and HSS
Secure backup and restore functionality. Available for stateful schemes

Post Quantum Cryptography (PQC) Algorithms

PQC algorithms for signature creation and key encapsulation can be applied to an existing cryptographic infrastructure.

Evaluation of a Cryptographic Infrastructure

Prepare for future challenges by using the Q-safe simulator and evaluating the performance and usability of quantum-resistant algorithms within crypto infrastructure

Retrofittable Firmware Module

Q-safe enables an additional layer of PQC security as an in-field upgrade for SecurityServer general-purpose HSMs.

Easy integration

Application integration using PKCS #11 “Vendor Defined Mechanisms”. Firmware module for in-field upgrade on your installed base of SecurityServer Se series HSMs. Library for upgrade of SecurityServer simulators, for evaluation, development, and integration testing

Support for various cryptographic algorithms

Digital signature algorithms CRYSTALS-Dilithium, HSS, XMSS and XMSS-MT. Key encapsulation algorithm CRYSTALS-KYBER

Deployment Options

Host the product directly on-site in your own network or data center (Firmware Extension). Our as-a-service options are hosted by Utimaco in certified datacenters and include everything from set-up to deployment to maintenance.

Try Utimaco Q-safe HSM Simulator.

Get in touch with Bulwark Technologies to Try Q-safe simulator which allows you to test the readiness of your infrastructure for post quantum cryptography.

Download Corporate Brochure

Utimaco General Purpose HSM's

Product Demo

Utimaco General Purpose Hardware Security Module

Schedule a demo now with Bulwark Technologies and experience the full portfolio of Utimaco HSM’s for General Purpose.

Schedule a FREE Demo

"*" indicates required fields

Name*

Company Name*

Business Email*

Mobile Number*

Message

This field is for validation purposes and should be left unchanged.

Utimaco’s General Purpose HSMs