Primus E-Series HSM | Affordable, Certified Key Protection

Acquiring an HSM solution that maintains stringent security standards while staying within budget can be challenging. HSMs are crucial for safeguarding sensitive cryptographic keys and performing critical security functions, but they often come with a significantly high price tag. Finding the right balance between the need for robust security and cost-efficiency is key.

Solution

Primus E-Series HSMs offer an optimal solution for moderate scale HSM requirements where cost sensitivity is paramount. Primus E-Series HSMs do not compromise in regards of performance capabilities, functionality or usability. The Primus E-Series HSM is built as network appliance level and can serve as a cost-effective alternative to traditional PCI-e card HSMs, without the need and headache of additional surrounding hardware and software operation causing additional points of failure and costs.

Primus E-Series HSMS are available in three performance classes and are capable of in-field upgrades to the next performance level without the need to acquire a higher performance level device.

E-Series HSMs offer integration via different, fully documented API’s (PKCS#11, CNG, Java, REST) and offer multi-tenant configurations for up to 50 partitions. Primus HSMs integrate effortlessly into any network environment, ensuring secure access for diverse applications in parallel.

Primus HSMs support a wide range of cryptographic algorithms, including symmetric (like AES and 3DES), asymmetric (like RSA), cryptographic hash algorithms (like SHA-2, SHA-3), or PQC, ensuring robust security for diverse encryption needs.

Functioning as network-attached devices, it eliminates compatibility issues commonly associated with PCIe card HSMs. This versatility enables effortless integration into various operating systems and environments without any hassle.

There's no limit to the number of users and clients that can securely access the Primus E-Series HSM, ensuring effortless expansion for your organization.

Maintain data integrity during transport, storage, and operation with advanced tamper protection measures that exceed FIPS and Common Criteria certification requirements.

With a user-friendly setup wizard, the Primus E-Series HSM offers quick setup, easy configuration and operation, reducing setup time and lowering operational and maintenance costs.

Easily upgradable from E20 to E60 and E150 with a simple license update, Primus HSMs provide scalability for evolving performance needs.

Tamper sensors remain active even when the HSM is unpowered, ensuring ongoing protection during transit or storage. Any attempt at manipulation triggers alerts upon power-up.

Unbeatable Price/ Performance ratio

The Primus E-Series HSM delivers the functionality of full network appliances at a price comparable to PCIe card HSMs, but without their limitations or drawbacks.

In-built Security

High availability, clustering, automatic failovers, and load balancing at local or in a worldwide set-up is in-built in the HSM and does NOT require the installation of any additional software outside the HSM.

Swiss Made

Crafted entirely in Switzerland, Securosys Primus HSMs embody unmatched quality and reliability. Free from external influences, our Swiss-made HSMs guarantee the highest standards from development to production, ensuring unparalleled security solutions.

The Primus E-Series HSM is an ideal solution for Certification Authority (CA) operations where high performance is not the primary concern, but ample storage space is crucial. With up to 6GB of storage, the E-Series HSM securely manages large volumes of cryptographic keys and certificates, ensuring the integrity and confidentiality of CA processes.

The Primus E-Series HSM provides secure key generation, storage, and management, ensuring the integrity and confidentiality of cryptographic keys essential for PKI and KMS environments.

Safeguard the entire certificate lifecycle, from issuance to revocation, with the Primus E-Series HSM, ensuring trust and authenticity in digital communications.

Secure blockchain operations by leveraging the Primus E-Series HSM to protect private keys and ensure the authenticity of blockchain transactions. Learn more

Enhance the security of smart metering systems by using the Primus E-Series HSM to securely store and manage cryptographic keys, ensuring the accuracy and integrity of metered data. Learn more

The Primus E-Series HSM offers secure key storage and management, critical for safeguarding crypto assets in both cold and hot wallet environments. Learn more

Ensure secure identity verification and access control by using the Primus E-Series HSM to manage cryptographic keys that protect sensitive user credentials and privileged access.

The Primus E-Series HSM enables secure cloud operations by managing keys used in Bring Your Own Key (BYOK) scenarios, external key stores, and other cloud-based encryption services.

Maintain the integrity and authenticity of software and documents with the Primus E-Series HSM, which securely manages the cryptographic keys used in signing processes.

Comply with European and Swiss digital signature regulations by using the Primus E-Series HSM to securely manage Qualified Signature Creation Devices (QSCD) for eIDAS and ZertES operations.

Protect sensitive data within databases by using the Primus E-Series HSM to manage encryption keys, ensuring data remains secure both at rest and in transit.

Security Features

Networking Features

Technical Data

Security Features

Multilevel security architecture
Internal hardware supervision for error-free operations

128/192/256-Bit AES
with GCM-, CTR-, ECB-, CBC-, MAC-mode
Camellia, 3DES (legacy), ChaCha20-Poly1305, ECIES
RSA 1024-8192, DSA 1024-8192
ECDSA 224-521, GF(P) arbitrary curves (NIST, Brainpool,...)
ED25519, Curve25519
Diffie-Hellman 1024-4096, ECDH
SHA-2/SHA-3 (224-512), SHA-1, RIPEMD-160, Keccak
HMAC, CMAC, GMAC, Poly1305
Post-Quantum Cryptographic (PQC) algorithms option CRYSTALS-Dilithium, CRYSTALS-Kyber, SPINCS+

Two hardware true random number generators (TNRG)
NIST SP800-90 compatible random number generator

Key capacity: up to 6 GB
E150 up to 50 partitions @ 120 MB capacity
E60/E20 up to 10 partitions @ 120 MB capacity

Number of client connections not restricted
Unlimited number of backups

Several sensors to detect unauthorized access
Active destruction of key material and sensitive data on tamper
Transport and multi-year storage tamper protection by digital seal

Cryptographic evidence of audit relevant parameters (keys, configuration, hardware, states, logs, time-stamping)

Multiple security officers (m out of n)
Identification based on smart card and PIN using Decanus Terminal, or through virtual smart card

Networking Features

Technical Data

Model	RSA 4096	ECC 256	ECC 521	AES 256
E150	200	1500	300	600
E60	60	700	120	600
E20	20	350	60	200

Power supply: 100 ... 240 V AC, 50 ... 60 Hz
E150 with two redundant hot pluggable power supplies
Power dissipation: 30 W (typ), 50 W (max)
Backup lithium battery: Lithium Thionyl Chloride 0.65g Li, IEC 60086-4, UL 1642, 3.6V

4 Ethernet RJ-45-ports with 1 Gbit/s (rear)
1 RS-232 management port (rear)
1 USB management port (rear)

Console interface
4 LEDs for system and interface status (multicolor)
Optional Decanus Terminal for remote administration

EMV/EMC: EN 55022, EN 55024, FCC Part 15 Class B
Safety: IEC 62368-1

Temperature ranges (IEC 60068-2-1 Ad, IEC 60068-2-2 Bd): storage -25 ... +70 °C; operation 0 ... +40 °C,
recommended +1 ... +30 ̊C
Humidity (IEC 60068-2-78 Cab): 40 °C, 93% RH, non-condensing
MTBF at tamb=25 °C: 80 000 h
Dimensions (w×h×d) 417 x 44 x 365 mm (1U 19" EIA standard rack)
Weight 5,8 kg