Utimaco Hardware Security Modules (HSMs)

A Hardware Security Module is a device to generate, store and manage cryptographic keys safely. The functions of an HSM include key generation, encryption & decryption, authentication and signing operations. An HSM secures numerous applications and transactions, keeping digital identities, critical infrastructures and high value data assets safe. The physical device offers high computing power to perform crypto operations and provides different levels of tamper-resistance.while maintaining compliance with security and privacy regulations.

Utimaco offers two series of FIPS (Federal Information Processing Standards) 140-2 certified HSMs.

• The FIPS 140-2 Level 3 certified Se-Series Gen2 is an ideal device for commercial deployments.
• The FIPS 140-2 Level 4 (physical security) certified CSe-Series is an optimum solution for untrusted and hostile environments or highly critical infrastructures, e.g. for governmental applications.

The FIPS certification, issued by the National Institute of Standards and Technology (NIST), first of all serves as a proof of high quality products. In addition, it helps to meet the most stringent compliance requirements, regardless of your organization’s industry and field of activity. The successful evaluation of Utimaco HSMs builds and strengthens trust in our products. Partners and customers can be certain that they can rely on the most secure HSM solutions of the very highest quality.

Utimaco HSMs come equipped with an AIS 31 DRG.4 and PTG.2 class hardware-based random number generator (RNG). This RNG ensures that cryptographic keys and random nonce values will be of the highest possible cryptographic quality.
Modular firmware architecture allows for high flexibility regarding functional and cryptographic modules that can be added.

Multi-tenancy features with isolated key slots make the CryptoServer platform ideal for cost effective “as a Service” environments. A single device can serve multiple applications and store keys of numerous tenants securely.

A highly configurable role-based access control (C-RBAC) helps to put the most complex security policies into practice. C-RBAC can enforce a “segregation of duty” whenever and wherever required.

Multiple authentication mechanisms are available off the shelf for any roles a user can configure on a CryptoServer HSM. Starting from simple PIN-based authentication, it goes all the way up to strong two-factor authentication (2FA). This leaves you free to choose the most appropriate authentication mechanism for covering the company’s security needs.

Native support of load balancing and failover helps maximizing redundancy and meeting demanding availability requirements.

The HSM supports secure internal key storage or key storage as encrypted key files outside of the HSM.

Local or remote administration of the HSM is available. Secure and easy remote management, available for both Windows and Linux platforms, ensures efficient administration and monitoring of CryptoServer clusters.

In conclusion, the Utimaco HSM is the ideal platform to help you meet the most demanding security and functional requirements.

Note: CryptoServer refers to the Utimaco HSM hardware, whereas SecurityServer is the Utimaco HSM software.

 Hardware Security Modules are at the core of Utimaco’s day-to-day business. Utimaco is a world-leading manufacturer and specialized vendor of HSMs. With a long history of more than thirty years in the field, there are numerous unique and solid technical features associated with the Utimaco CryptoServer HSM platform. These make it an ideal choice for securing cryptographic keys, business-critical digital infrastructures and data assets. It goes without saying that Utimaco HSMs comply with the most demanding security requirements to fulfill their purpose as a Root of Trust. They offer easy role-based administration, scalability, low total cost of ownership and come with a comprehensive package of services and training. For regulatory compliance, FIPS-validated and Common Criteria-certified products are most suitable. To ensure speed of implementation in custom projects and product innovation for system integrators, Utimaco also offers a fully-fledged CryptoServer Software Development Kit (SDK).