PCi-card-replacement-network-HSM

The E-Series of our Primus HSM is the ideal network HSM for PCi-cards. It offers high performance at an outstanding price. Connecting the devices to existing systems is just as easy as commissioning. They can be used as substitutes for PCIe cards and are available in different performance classes (E20/E60/E150). Easy to setup, configure and maintain, the E-Series can be optionally controlled with our remote access device Decanus.

  • Primus Hardware Security Module (HSM) E-Series, front view
  • Primus Hardware Security Module (HSM) E-Series
  • Securosys Primus Hardware Security Module (HSM) E-Series, rear

The E-Series is available in various performance classes: E20, E60 and E150 (number corresponds to RSA-4096 signatures per second). It can be configured via the serial port or over the network with our Decanus remote terminal.

Applications

The devices of the E-Series are very versatile. Built as network appliances, they lack the disadvantages of PCIe-based solutions like software dependance of PCIe host systems and the host system itself, which cannot be virtualized. The E-Series is ideally suited to secure financial transactions such as EBICS and PCI, access to the cloud (CASB), key management in the PKI environment, or to protect blockchain systems.

Functions

The devices generate encryption keys, store and manage the distribution of these keys. Besides key management, they also perform authentication and encryption tasks. Multiple Primus HSM can be grouped together to support redundancy and load balancing. Each Primus HSM can also be partitioned for multiple users (multi-tenancy). Primus supports symmetric (AES, 3DES), asymmetric (RSA, ECC, Diffie-Hellman), and hashing (SHA-2, SHA-3) cryptographic algorithms. They can be seamlessly and easily integrated into any network environment.


 
  • Market-leading price-performance ratio
  • HSM Network Appliance as a replacement for PCIe cards
  • Simple setup, configuration, and maintenance
  • Tamper protection during transport, storage, and operation
  • Scalable and flexible partitionable to your needs
  • Designed, developed, and manufactured in Switzerland

Security Features

Security architecture
  • Multilevel security architecture
  • Intern hardware supervision for error-free operations
Encryption/Authentication
  • 128- and 256-bit AES (GCM, CTR, ECB, CBC, MAC modes)
  • Camellia, 3DES
  • RSA 1024, 2048, 3072, 4096, 8192
  • ECDSA 256-521, GF(P) arbitrary curves
  • DSA 256-8192
  • Diffie-Hellman 1024, 2048, 4096
  • SHA-2 (256 - 512), SHA-3, SHA-1
  • Upgradeable to quantum computer-resistant algorithms
Key Generation
  • Two hardware true random number generators (TRNG)
  • SP800-90 compatible random number generator
Key Management
  • Key capacity: up to 6 GB
  • Ultra-secure vault for long term keys and certificates (CC EAL 4+ certified root key store)
  • Up to 50 partitions @ 120 MB capacity
Operation
  • Unlimited number of backups
  • Number of client connections not restricted
Anti Tampering Mechanisms
  • Several sensors to detect unauthorized access
  • Active destruction of key material and sensitive data on tamper
  • Transport and multi-year storage tamper protection by digital seal
Firmware
  • Local firmware update on device or optionally on Decanus remote
Identity based authentication
  • Multiple security officers (2 out of m)
  • Identification based on Smartcard and PIN, using Decanus remote, or through virtual Smartcard

Networking Features

Software integration
  • JCE/JCA Provider
  • PKCS#11, OpenSSL
  • MS CNG
Network Management
  • IPv4/IPv6
  • Enhanced test functions
  • Event agent
Device Management
  • Configuration, monitoring and logging (syslog, SNMP V2)
  • Integrated logging
  • Firmware update 

Technical Data

Performance (per second, concurrent)
  RSA 4096 ECC 256 ECC 521 AES (Mbit)
E150 150 400 150 >180
E60 60 400 60 >180
E20 20 400 20 > 60

 

 

 

 
 

 

Power
  • Power supply:
    • 100 ... 240 V AC, 50 ... 60 Hz
  • Power dissipation: 30 W (typ) ... 50 W (max)
  • Backup lithium battery
Interfaces
  • 4 ethernet RJ-45-ports with1 Gbit/s (rear)
  • RS-232 management port (rear)
  • 1 USB management port (rear)
Controls
  • Console interface
  • 4 LEDs for system and interface status (multicolored)
  • Optional remote control Decanus
Environmental Test Specifications (target)
  • EMV/EMC: EN 55022, EN 55024, FCC Part 15 Class B
  • Safety: IEC 60950
Specifications
  • Temperature ranges (IEC 60068-2-1 Ad, IEC 60068-2-2 Bd): storage -25...+70 °C; operation 0...+40 °C
  • Humidity (IEC 60068-2-78 Cab): 40 °C, 93% RH, non-condensing
  • MTBF (RIAC-HDBU-217Plus) at tamb=25 °C: 80  000 h
  • Dimensions (w×h×d) 417 x 44 x 365 mm (fits 1HE 19" EIA standard rack)
  • Weight 5,8 kg
Certification
  • FIPS140-2 Level 3 (in evaluation)
  • CC EAL 4+ certified root key storage
  • CE, FCC, UL

Please find here a detailed fact sheet about Primus HSM E-Series


Securosys-not-found-help

Not found what you were looking for?

Customers were also interested in our Decanus page or Solutions page -  go to Main Menu