General Purpose HSM
- Utimaco
- Cyber Security
Utimaco General Purpose HSMs for Trusted Security
With over 40 years of expertise in hardware-based security, Utimaco offers a versatile range of General Purpose HSMs tailored for enterprise, government, and critical infrastructure needs. These HSMs deliver various levels of performance and physical protection, while meeting global compliance standards such as eIDAS, VS-NfD, FIPS, GDPR, and KassenSichV.
Trusted Protection for Cryptographic Operations
Cryptography is vital for modern organizations across industries, with increasing demands for secure key handling and data protection. Utimaco’s General Purpose HSMs serve as the industry’s most secure method for managing cryptographic operations supporting key generation, secure storage, encryption/decryption, and identity management. while meeting evolving regulatory requirements.
Utimaco
Security Server
Protect Your Most Critical Digital Assets
Utimaco SecurityServer delivers secure key storage and cryptographic processing for vital business applications, acting as a root of trust for enterprise security and compliance. Designed to support diverse hardware environments, it scales from small businesses to complex crypto infrastructures. With support for standard cryptographic interfaces, SecurityServer integrates seamlessly with applications for data encryption, document and code signing, certificate issuance in PKI, device authentication, and more ensuring robust protection across every layer.
- Secure generation, storage, and use of keys within tamper-resistant HSM
- True random number generation for high-entropy, unique cryptographic keys
- Full feature set included—no additional licensing fees required
- Role-based access control with clear separation of duties
- Smart card-enabled two-factor authentication
- “m of n” quorum-based user authentication for enhanced security
- Remote monitoring, firmware updates, and HSM administration via SNMP
- Automated remote diagnostics for operational efficiency
Seamless 3rd-Party Integration
Available as a PCIe card or network appliance, SecurityServer integrates easily into various business environments for flexible deployment and compatibility with external applications.
High Performance, Great Value
Delivers up to 40,000 RSA or 32,000 ECDSA signings per second, with full crypto support offering excellent performance at a competitive price point.
Built-In Software Simulator
A fully functional HSM simulator with all tools included for testing, configuration, and evaluation before production deployment simplifying integration and planning.
Meets Global Compliance Standards
Certified for FIPS 140-2, PCI DSS, Common Criteria, eIDAS, GDPR, HIPAA, and more. supporting industry-specific and regional compliance requirements.
Flexible Deployment Models
Deploy on-premises in your network or choose HSM as a Service via Utimaco-certified datacenters complete with setup, maintenance, and full operational support.
Utimaco CryptoServer CP5
The eIDAS Compliant and CC-Certified Qualified Signature Creation Device (QSCD)
eIDAS-Compliant Qualified Signature & Seal Generation
Utimaco’s CryptoServer CP5 is a Qualified Signature and Seal Creation Device (QSigCD/QSealCD), enabling remote signing through a secure, QTSP-operated environment. Designed for use with qualified certificates, it ensures legally binding electronic signatures and seals in line with eIDAS requirements. Ideal for trust-critical sectors such as government, public administration, and regulated enterprises, the CP5 delivers top-tier compliance, security, and reliability for qualified electronic transactions.
- Purpose-built for eIDAS-qualified remote signatures, seals, and certificate issuance
- Common Criteria-certified to EN 419 221-5 Protection Profile
- Enables Trust Service Providers (TSPs) to meet strict regulatory and policy standards
- High-entropy true random number generation for secure key creation
- Role-based access control with enforced separation of duties
- Strong two-factor authentication using smart cards
- Supports “m of n” quorum-based authentication for critical operations
Qualified Signature & Seal Creation Device
CryptoServer CP5 is eIDAS-certified as a Qualified Signature and Seal Creation Device (QSCD). It can be deployed as a standalone QSCD or integrated into remote signing solutions for secure and compliant digital signatures.
eIDAS-Ready Server Signing with SAM
Support for Signature Activation Module (SAM) development is enabled via the UTIMACO CryptoServer SDK, allowing secure signing operations to run within the certified HSM boundary, meeting eIDAS server signing requirements.
Trusted Protection for Sensitive Assets
CryptoServer CP5 offers robust hardware-level protection for critical assets like private keys and sensitive data. Available as a PCIe card or LAN appliance, it serves as a highly secure root of trust.
Unmatched Compliance Certifications
Utimaco is the first to deliver a Common Criteria-certified HSM based on EN 419 221-5. The CryptoServer Se-Series Gen2 ensures full eIDAS compliance, supporting regulatory needs across industries.
Flexible Deployment Options
Choose from on-premise deployment via PCIe card or LAN-based appliance. Securely host the solution within your own network or data center to maintain full operational control.
Remote Management & Monitoring
Benefit from streamlined HSM administration with remote firmware updates, key management, and automated diagnostics via SNMP (Simple Network Management Protocol) for efficient, centralized control.
Utimaco Timestamp Server
Reliable proof of the existence and the status of documents and electronic records at a specific point in time
Prove Document Integrity at Any Moment in Time
For many digital processes, confirming that a document or record existed at a precise time is essential for trust, traceability, and legal compliance. Utimaco TimestampServer guarantees tamper-proof, verifiable timestamps for applications like electronic contracts, bid submissions, or time-sensitive online transactions. It ensures that the timestamped data remains unaltered and authentic, preserving evidentiary value even after signature certificates expire. Continuous timestamp generation enables long-term archival and auditability. Available as a secure, network-ready appliance.
- Secure key handling inside tamper-resistant HSM
- True random number generation for unique cryptographic operations
- Role-based access control with clear duty separation
- Two-factor authentication using smart cards
- “m of n” quorum-based access for high-trust environments
- NTP synchronization with external time servers
- Optional GPS or DCF77 time signal receiver for precise timekeeping
Secure Key Lifecycle Management
Keys are generated, stored, and used entirely within the tamper-resistant HSM, ensuring end-to-end protection against theft, misuse, or unauthorized access.
Certified High-Security Standards
Built on FIPS 140-2 Level 3 certified HSMs and compliant with ETSI TS 102 023 & TS 101 861 standards for trusted cryptographic operations.
Designed for 24/7 Data Center Use
Redundant power supplies and fans ensure high availability. Remote monitoring and control features minimize downtime and reduce total operational costs.
Compliant with Global Standards
Meets FIPS 140-2, Common Criteria, PCI DSS, ISO 27001, HIPAA, eIDAS, GDPR, and other regulatory mandates—ensuring industry-wide trust and compliance.
Versatile Deployment Options
Deploy on-premise via LAN appliances or choose Utimaco’s u.trust Timestamping Service offering eIDAS-compliant, scalable, and fully managed service delivery.
Utimaco CryptoServer Cloud
HSM as a Service – hosted by UTIMACO in a secure, certified datacenter
CryptoServer Cloud – Dedicated HSM as a Service
Utimaco’s CryptoServer Cloud delivers HSM-as-a-Service with the same strong security guarantees as on-premises HSMs—without the complexity of setup and maintenance. Hosted in a certified, secure data center by Utimaco, each customer receives a dedicated, FIPS 140-2 Level 3 certified HSM for full control and isolation. Seamlessly integrate with all major cloud service providers, making it ideal for hybrid or multi-cloud environments. Easily migrate sensitive workloads across platforms while maintaining the integrity and security of cryptographic operations.
CryptoServer Cloud is available in scalable performance variants:
Se500: Up to 800 RSA 2048-bit key generations/second
Se1500: Up to 1,100 RSA 2048-bit key generations/second
- Hosted HSM service in secure, certified data centers
- FIPS 140-2 Level 3 certified tamper-proof hardware
- Compatible with all major cloud providers
- High-quality true random number generation
- Fully scalable and adaptable to business needs
- Compliant with industry and regional security standards
- Full remote management and secure access
Zero Setup or Maintenance Hassle
CryptoServer Cloud eliminates hardware overhead with a fully managed HSM-as-a-Service. Shift from CapEx to OpEx and streamline security operations with built-in flexibility.
Secure Cloud-Based Vault
Hosted in a certified data center, the FIPS 140-2 Level 3 HSM offers robust protection. Administer remotely without deploying any hardware or software.
Vendor-Agnostic Multi-Cloud Ready
CryptoServer Cloud integrates seamlessly across all major cloud providers, ensuring flexibility and independence in hybrid and multi-cloud environments.
Meets Global Compliance Standards
Certified for FIPS 140-2, PCI DSS, Common Criteria, ISO 27001, HIPAA, eIDAS, GDPR, and more—ensuring regulatory trust across industries.
Hosted Deployment by Utimaco
Delivered as a service from Utimaco-certified data centers, including setup, hosting, monitoring, and maintenance fully managed and ready to use.
Built-In Software Simulator
Evaluate and test the Utimaco SecurityServer using the included simulator available for Windows and Linux, with full runtime and admin tools.
Utimaco Q-safe
Quantum-Resistance for a Crypto Infrastructure
Add Quantum-Safe Security to Your Crypto Infrastructure
Utimaco Q-safe enhances your existing crypto systems with quantum-resistant capabilities—enabling secure document signing, code signing, PKI certificate issuance, key injection, and chip personalization using post-quantum cryptography (PQC). Built to safeguard against emerging quantum threats, Q-safe executes trusted PQC algorithms within the secure environment of Utimaco’s HSMs.
The module supports leading NIST-finalist and BSI-recommended algorithms such as CRYSTALS-KYBER, CRYSTALS-Dilithium, XMSS, and HSS. Q-safe is available as a firmware upgrade for SecurityServer Se and CSe HSMs and includes a software simulator for easy evaluation and integration.
- Quantum-resistance add-on for SecurityServer Se & CSe HSMs
- Supports NIST & BSI-recognized PQC algorithms: KYBER, Dilithium, XMSS, XMSS-MT, HSS
- Ideal for hybrid cryptographic schemes during post-quantum transition
- Software simulator included for seamless integration testing
- Secure backup and restore features for stateful schemes
- Simple retrofitting without hardware replacement
Post-Quantum Ready Algorithms
Integrate PQC signature and key encapsulation algorithms like CRYSTALS-Dilithium and KYBER into existing crypto infrastructure for next-gen, quantum-resistant protection.
Cryptographic Readiness Evaluation
Use the Q-safe simulator to assess the usability and performance of PQC algorithms within your current infrastructure and plan future-proof deployments.
Firmware-Based PQC Upgrade
Add PQC support to existing SecurityServer HSMs with a retrofittable firmware module enabling enhanced security without hardware replacement.
Seamless Application Integration
Supports PKCS #11 “Vendor Defined Mechanisms” for easy integration. Compatible with SecurityServer Se series HSMs and simulator libraries for testing.
Support for Leading Algorithms
Includes CRYSTALS-Dilithium, HSS, XMSS, XMSS-MT for signatures and CRYSTALS-KYBER for key encapsulation covering widely recognized PQC standards.
Flexible Deployment Options
Deploy on-premise via firmware extension or opt for Utimaco’s hosted service covering installation, setup, and full operational maintenance.
