<img alt="" src="https://secure.weed6tape.com/193471.png" style="display:none;">
Download Factsheet

Primus E-Series HSM

The Primus E-Series HSMs are the ideal solution for small, cost sensitive system without sacrificing functionality nor usability. Often used to replace cumbersome PCI-e card HSMs it offers high performance at an outstanding price. It is available in three performance classes (E20/E60/E150) and an upgrade to the higher performance X-Series is always possible. Connecting the devices to existing systems is just as easy as commissioning. Easy to setup, configure and maintain, the E-Series can be optionally controlled with our remote access device Decanus.

Securosys-Primus-HSM-E-Series-Detail-Front-Right

Overview

APPLICATIONS

The devices of the E-Series are very versatile. Built as network appliances, they lack the disadvantages of PCIe-based solutions. They are not dependent on the software version of PCIe host systems and the host system itself, which cannot be virtualized. The E-Series is ideally suited to secure financial transactions such as EBICS, access to the cloud (CASB), key management in the PKI environment, or to protect blockchain systems.

Another important application is the storage of keys for document signing.

Keys for document signing must be securely stored for legally effective verification. The electronic seal has a high evidential value in Europe through the eIDAS Ordinance and in Switzerland through the Federal Act on the Electronic Signature (ZertES). (This solution is also available As-a-Service)

Read More on Document Signing

 

 

 

FEATURES

The devices generate and store encryption keys and manage the distribution of these keys. Besides key management, they also perform authentication and encryption tasks. Multiple Primus HSMs can be grouped together to support redundancy and load balancing. Each Primus HSM can also be partitioned for multiple users (multi-tenancy). Primus supports symmetric (AES, 3DES), asymmetric (RSA, ECC, Diffie-Hellman), and cryptographic hash algorithms (SHA-2, SHA-3). They can be seamlessly and easily integrated into any network environment.

The E-Series is available in various performance classes: E20, E60 and E150 (E20 und E60 devices are “Field-upgradeable). It can be configured via the serial port or over the network with our Decanus remote terminal.

E-Gesamtansicht_freigestellt

Primus E-Series Gallery

Business Advantage

Best Price/Performance
The Primus E-Series HSM offer the best price performance ratio for any general purpose HSM.
FIPS 140-2 Level 3 validated
Many applications require FIPS certified HSM, the E-Series delivers at an unbeatable price point.
Replacement for PCIe card HSM
Operate HSM as a network attached device. No compatibility issues between operating system version of the host device and the PCIe card HSM.
Fastest setup
Thanks to the setup wizard the E-Series HSM are quick to setup and configure, fast to integrate with many applications, and low cost in operation and maintenance.
Scalable Solution
A simple license update allows one to upgrade the E-Series from E20 to E60 and E150. Moreover, there is also the option to upgrade to the X-Series if your performance needs require it.
Swiss Made
All Securosys Primus HSM are developed and manufactured in Switzerland, free from contaminating influences.

API INTEGRATION OF YOUR CHOICE

Primus HSM offers a wide range of APIs for their integration. The APIs are either offered natively by the HSM or via a software layer. Securosys offers API providers (client API software / libraries) that are installed on the application server and ensure secure communication with the HSM and provide automatic failover and load balancing, optionally based on priority classes.


Clients are free to choose the API that best suits their requirements:

REST API
  • Best for complex architectures with different software stacks and languages 
  • Upgradable to Transaction Security Broker
  • External software module 
JCE/JCA
  • Best for Java integration 
  • Enhanced feature support: multi-authorization, cryptocurrency, key attestation, and other 

PKCS#11
  • Best for applications using PKCS#11 standard interface, e.g. OpenSSL, Apache, NGINX, PKI, KMS and many programming language libraries. 
Microsoft CNG
  • Best for Microsoft Windows operating systems 
  • Native integration for many applications using Cryptography Next Generation interface (CNG) 

Technical
specification

Security Architecture

  • Multilevel security architecture
  • Internal hardware supervision for error-free operations

Encryption / Authentication

  • 128/192/256-Bit AES with GCM-, CTR-, ECB-, CBC-, MAC-mode
  • Camellia, 3DES (legacy), ChaCha20-Poly1305, ECIES
  • RSA 1024-8192, DSA 1024-8192
  • ECDSA 224-521, GF(P) arbitrary curves (NIST, Brainpool,...)
  • ED25519, Curve25519
  • Diffie-Hellman 1024-4096, ECDH
  • SHA-2/SHA-3 (224-512), SHA-1, RIPEMD-160, Keccak
  • HMAC, CMAC, GMAC, Poly1305
  • Upgradeable to quantum computer-resistant algorithms

Key Generation

  • Two hardware true random number generators (TRNG)
  • NIST SP800-90 compatible random number generator

Key Management

  • Key capacity: up to 6 GB
  • Up to 50 partitions @ 120 MB capacity

Operation

  • Number of client connections not restricted
  • Unlimited number of backups

Anti Tampering Mechanisms

  • Several sensors to detect unauthorized access
  • Active destruction of key material and sensitive data on tamper
  • Transport and multi-year storage tamper protection by digital seal

Attestation and Audit Features

  • Cryptographic evidence of audit relevant parameters (keys, configuration, hardware, states, logs, time-stamping) 

Identity Based Authentication

  • Multiple security officers (m out of n)
  • Identification based on Smartcard and PIN, using Decanus remote, or through virtual Smartcard

Software Integration

  • JCE/JCA Provider
  • PKCS#11 provider, OpenSSL, Apache, Nginx, P11-Kit,
  • Microsoft CNG / KSP
  • REST (TSB module) 

Networking

  • IPv4/IPv6
  • Interface bonding (LACP or active/backup)

  • Monitoring and log streaming (SNMPv2, syslog/TSL)

  • Active clustering of multiple units for load-balancing and fail-over

Device Management

  • Local configuration (GUI console)
  • Remote configuration (Decanus Terminal)
  • Local and remote firmware update
  • Secure log and audit
  • Enhanced diagnostic functions

Performance (transactions per second)

  RSA 4096 ECC 256 ECC 521 AES 256
E150 200 1500 300 600
E60 60 700 120 600
E20 20 350 60 200

Power

  • Power supply:
    • 100 ... 240 V AC, 50 ... 60 Hz
  • Power dissipation: 30 W (typ) ... 50 W (max)
  • Backup lithium battery:
    Lithium Thionyl Chloride 0.65g Li, IEC 60086-4, UL 1642, 3.6V

Interfaces

  • 4 Ethernet RJ-45-ports with 1 Gbit/s (rear)
  • 1 RS-232 management port (rear)
  • 1 USB management port (rear)

Controls

  • Console interface
  • 4 LEDs for system and interface status (multicolored)
  • Optional Decanus Remote Control Terminal

Environmental Test Specifications

  • EMV/EMC: EN 55022, EN 55024, FCC Part 15 Class B
  • Safety: IEC 62386-1

Specifications

  • Temperature ranges (IEC 60068-2-1 Ad, IEC 60068-2-2 Bd): storage -25...+70 °C; operation 0...+40 °C (recommended +1...+30°C)
  • Humidity (IEC 60068-2-78 Cab): 40 °C, 93% RH, non-condensing
  • MTBF (RIAC-HDBU-217Plus) at tamb=25 °C: 80  000 h
  • Dimensions (w×h×d) 417 x 44 x 365 mm (1U 19" EIA standard rack)
  • Weight 5,8 kg

Certification

  • FIPS140-2 Level 3
  • CC EN 419221-5 eIDAS protection profile
  • CE, FCC, UL

 

Didn't find what you were looking for?

Please find here our products overview or solutions overview page.

Contact us

Contact us if you want to know more about our products and offering.

Hinterlassen Sie uns Ihre Nachricht hier