Primus HSM S500

The Primus S500 Hardware Security Module is an exclusive version with a restricted feature set for the Swiss Interbank Clearing operated by SIX-SIC. 

The Primus HSM S500 is an exclusive version with a restricted feature set for the Swiss Interbank Clearing operated by SIX-SIC. It generates encryption keys, stores these keys, and manages the distribution of these keys. Besides key management, it can also perform authentication and encryption tasks.

Multiple Primus S500 HSMs can be grouped together for redundancy and load balancing controlled by the application program. Primus supports symmetric (AES, Camellia), asymmetric (RSA, Diffie-Hellman), and hashing (SHA-2, SHA-3) cryptographic algorithms. High entropy encryption keys are generated in separate hardware true random number generation (TRNG) modules based on different physical noise mechanisms.

The Primus HSM also contains an ultra secure vault implemented inside a dedicated security chip. Due to its dynamic architecture, the Primus HSM is quantum computer ready. Should quantum computers make any of the supported algorithms to become obsolete then an algorithm that is quantum computer safe may be installed through a software/firmware upgrade.

The Primus S500 HSM is an exclusive version with a restricted feature set for the Swiss Interbank Clearing operated by SIX-SIC.

Security Features

Military grade security architecture

  • Multi-barrier software and hardware architecture with supervision mechanisms

Encryption/Authentication

  • 128-bit and 256-bit AES with GCM, CTR, ECB, CBC, MAC modes
  • Camellia
  • RSA 2048, 3072, 4096, 8192
  • Diffie-Hellman
  • SHA-2 (256 - 512), SHA-3
  • Upgradeable to quantum computer safe algorithms

Key Generation

  • Two high entropy hardware true random number generators

Key Management

  • Key capacity: 250 Mbyte
  • Ultra-secure vault for long term keys and certificates

Anti Tampering Mechanisms

  • Several sensors to detect unauthorized access
  • Enabled to destroy all key material and sensitive data
  • Transport & multi-year storage tamper protection

Firmware

  • Local firmware update

Security Roles

  • Multiple security officers (2 out of m)
  • Identification based on Smartcard and PIN

Networking Features

Internet Protocol (IPv4, IPv6)

Software Integration

  • JCE/JCA Provider

Network Management

  • Enhanced test functions
  • Event agent
  • Configuration, monitoring and logging
  • Firmware updating

Load Balancing/Fail Over

  • Multiple units may be connected to provide load balancing

Performance

  • RSA (Securosys S500)
  • 400 RSA-3072 per second
  • 200 RSA-4096 per second

Controls

  • 3 slots for Securosys Security Smartcards
  • 4 LEDs for system and interface status (multicolored)
  • 1 Liquid Crystal Display for management information
  • Panel for menu navigation and to trigger Built in Test Equipment (BiTE) and emergency erasure

Interfaces

  • 4 Ethernet RJ-45 ports 1 Gbit/s (rear)
  • 1 RS-232 management port (front)
  • 1 USB management port (front)

Power

  • Two redundant power supplies, hot pluggable, choice:
    • 100...240 V AC, 50...60 Hz
    • 36…75 V DC
  • Power consumption: 75W
  • Ultra capacitors for data retention

Safety Conformity (target)

  • IEC 60950
  • RoHS compliant

Electromagnetic Compatibility (EMC) (target)

  • Radiation measured according to EN 55022
  • Immunity: EN 55024

Environmental Test Specifications (target)

  • Temperature ranges (IEC 60068-2-1 Ad, IEC 60068-2-2 Bd): storage -25...+70 °C; operation 0...+45 °C
  • Humidity (IEC 60068-2-78 Cab): 40 °C, 93% RH, non-condensing, 10 days; 8 days in operation

Reliability (target)

  • MTBF (RIAC-HDBU-217Plus) at tamb = 25 °C: 100 000 h

Dimensions (w × h × d)

  • 400 x 88 x 367 mm (fits 2U 19” EIA standard rack)

Please find here a detailed factsheet about Primus HSM S500


Securosys-not-found-help

 

Not found what you were looking for?

Customers were also interested in our Primus X-Series or Solutions page -  go to Main Menu