Stories and Papers

Use cases Solution briefs Papers Whitepapers


GDPR Database Encryption

Encrypting your database and storing the keys on an HSM is the best way to protect your data. Even if the database is stolen, the thieves will not be able to access the data because the encryption keys cannot be taken from the HSM. There are three options for encrypting your database: Transparent Data Encryption (TDE), a database encryption proxy or encryption of data sets in the processing application. Our white paper explains which of these methods is most suitable in a variety of scenarios.

Methods for GDPR complying database encryption


Hardware is the key to information security

Networks have evolved to carry information with varying degrees of sensitivity, and they need to be protected on several levels. On the technical level, purely software-based solutions are not enough. Trusted hardware components are equally essential.

Why we need HSMs


How to transform a VPN into a fully protected network

VPN and fiber optic networks are not per se inherently secure. Hence, a company sharing its business between two or more office locations has to allocate extra resources to protect its IT network. For this security measure and the protection of sensitive company data, two complementary devices are required: Layer-2 encryptors and hardware security modules.

Centurion Network encryptor for VPN


Security in payment transactions thanks to HSM from Securosys

The previous system for payment transactions in Switzerland, SIC 3, will be deactivated: As of July 2017, the successor version SIC4 will go into operation. This is secured with the Primus HSM S500 from Securosys. It will process transactions in the amount of up to 480 billion Francs per day. What were the requirements for the system, which factors contributed to its success, and how does Securosys now stand?

The success story of the Primus HSM S500


Quantum Computers - A Threat For PKI?

What are the prerequisites for a secure PKI today? Will quantum computers make PKIs obsolete in the future? Could blockchain provide a solution? The speakers attended such questions at a SIGS event. Another question also discussed was when quantum computers would be ready for production at all.

Quantum Computers - A Threat For PKI?

Use cases

Network encryptors: essential for the protection of sensitive customer data

FLYNT bank uses network encryptors and a cluster of Securosys Primus HSMs for its IT security. The company hence has to protect highly sensitive customer information. In his keynote speech, Stefan Thiel specified the security requirements for FLYNT’s IT security architecture and how he had proceeded in the evaluation of the network encryptor.

Keynote at the launch of Centurion network encryptor

Solution briefs

Securing Microsoft PKI Deployment based on Microsoft Active Directory Certificate Services (AD CS)

The Microsoft (MS) Server package already contains a PKI. With that PKI  a Certificate Authority  (CA) can be established. The trust of the entire system and validity of each issued certificate depends upon the protection of the CA key issuing the identities.Therefore, Microsoft best practices recommend storing private keys on a HSM.

Microsoft PKI with Primus HSM – Solution Brief (pdf)


How to attack a provenly secure algorithm and harden it thereafter

Why do encryption algorithms, even if recognized as highly secure by the cryptographic community, show unexpected weaknesses? How does information need to be encrypted and corresponding algorithms modified, assuming that attackers are able to exploit side channels using high-precision measurement tools? A research team from Securosys and the University of Applied Science (HSR) in Rapperswil, Switzerland, worked on exactly these topics in a project supported by the Federal Commission for Technology and Innovation (CTI). The findings of this project are available now. In their report, the researchers from the Institute of Microelectronics and Embedded Systems (IMES) and Securosys show, how an elliptic-curve-based (ECC) algorithm is successfully attacked at first, and how slight modifications lead to robustness against side-channel attacks.

On Power-Analysis Resistant Hardware Implementations of ECC-based Cryptosystems

Roman Willi, Paul Zbinden (IMES HSR) and Andreas Curiger (Securosys).

Project supported by the Federal Commission for Technology and Innovation (CTI).

Probably the most efficient architecture for ECC-based authentication

The digital signature is an effective method to protect information from modifications by fraudsters. However, the more sophisticated the attacks of cybercriminals get, the more complex authentication algorithms have to be decommissioned. This additional complexity increases execution time and requires additional computing resources. In a project, In collaboration with the University of Applied Science (HSR) in Rapperswil, Switzerland, Securosys has investigated ways to protect information in the future. The researchers of the Institute for Microelectronics and Embedded Systems (IMES) have developed, among other, a computing architecture, which, to the best of their knowledge, is most effective for calculating ECC-based algorithms, which are often used in connection with digital signatures.

Flexible FPGA-Based Architectures for Curve Point Multiplication over GF (p)
Dorian Amiet, Paul Zbinden (IMES HSR) and Andreas Curiger (Securosys).
Project supported by the Federal Commission for Technology and Innovation (CTI).


Securing Oracle with Primus HSM

Protecting an Oracle environment requires a Securosys Primus HSM together with a supporting library implementing the standard interfaces such as Microsoft Cryptographic Service Provider (MS CNG), Java JCE and PKCS#11. Data are encrypted and decrypted using Transparent Data Encryption (TDE). The installation and benefits of this solution are described by Marcel Suter of our partner firm libC Technologies SA in a solution brief.