Test Utimaco's SecurityServer with our free simulator. Register here.

Deutschland HSM – For secure identity management


Specifically designed for identity management and issuance of ePassport and eID applications, Deutschland HSM is a hardware security module that provides security solutions for all the common components within ePassport or eID system infrastructures.

Click here to download product information

User Benefits

Deutschland HSM is tailor-made to meet the specific functional security demands of the global identity management markets for ePassport issuance, eID applications, border control, airlines and more.

Key features:

  • Tamper-responsive security solution for eID projects
  • ICAO-conformed PKI support
  • Based on FIPS 140-2 validated CryptoServer CS-Series platform

Commercial Benefits

Based on more than 25 years of experience in the development and manufacture of hardware security modules, we are able to provide the highest product quality and reliability, particularly in terms of tamper technology.

Secure investment:

  • Highest performance at a cost-effective price point
  • Out-of-the-box security solution
  • Long-term, easy performance upgrades


In compliance with strict eGovernment security requirements, Utimaco’s Deutschland HSM meets all your authentication, protection and certificate issuance needs, at all levels.
Key components:

  • CSCA and CVCA
  • DS and DV sub-CA
  • ePassport / eID chip personalization
  • ePassport IS / Border Control System


Deutschland HSM leverages a host of the most commonly used cryptographic algorithms, as well as additional algorithms upon request.

Key algorithms:

  • AES
  • Hash algorithms SHA-1, SHA-2 family, RIPEMD-160
  • Elliptic Curve (ECKA-DH, ECKA-EG)

No Trade-off in Identity Management

The eGov-Series is the ideal choice for safeguarding applications that are critical to identity or device infrastructures, upholding security standards to that of public authorities.


  • Based on FIPS 140-2 validated CryptoServer CS-Series platform
  • Physical random number generation in accordance with AIS 31, in close collaboration with the German Federal Office for Information Security (BSI)
  • Tamper-responsive
  • Active zeroization


  • Country Signing Certification Authority (CSCA) & Country Verifying Certificate Authority (CVCA)
  • Document Signer (DS)
  • Document Verifier (DV) sub-CA
  • ePassport / eID Chip Personalization
  • ePassport Inspection System

Specifications & Technical Data

Form Factor

  • Plug-in card for implementation in a standard server
  • Popular 19-inch network appliance allowing for a multitude of remote monitoring options

Tamper Resistance

  • Tamper-responsive
  • Tamper-resistant
  • Secure deletion upon mechanical, physical or chemical attacks
  • Active zeroization in case of temperature fluctuation or irregular energy supply, outside of defined limits
  • Manual deletion possible

Technical Data

LAN appliance:

  • Power supply: 90~264 V, 47~63 Hertz AC, 1 x 400 W
  • Power consumption: typically 54 W / 60 VA, maximum 60 W / 65 VA
  • MTBF: 110,000 hours at 25° C / 77° F (in acc. with MIL-HDBK-217)
  • Environmental temperature: +10° C to +40° C (+50° F to +104° F)
  • Remote monitoring options

PCI Plug-in card:

  • External Interfaces: PCI (32 bit, 33/66 MHz) 
2 serial V.24 interfaces
  • Environmental temperature: in operation: +10 C to +35 C / +50 F to +95 F; in warehouse: -10° C to +55° C / +14 F to +131 F
  • MTBF: 350,000 hours (in acc. with MIL-HDBK-217)