Primus X-Series Hardware Security Modules (HSMs) are available in different performance classes (X400/X1000). In its most powerful implementation, the Primus X1000 HSM is capable to perform 1200 RSA-4096 operations per second. The Primus X-Series HSM can be managed with our remote access device Decanus.
The Primus X-Series HSM performs a wide range of operations. It generates encryption keys, stores these keys, and manages the distribution of these keys. Besides key management, it also performs authentication and encryption tasks. Multiple Primus HSMs can be grouped together in a self-synchronizing cluster to support geo-redundancy and load balancing. Each Primus can also be partitioned for multiple applications. Primus supports symmetric (AES, 3DES), asymmetric (RSA, ECC, Diffie-Hellman), cryptographic hash algorithms (SHA-2, SHA-3), as well as advanced encryption standard-cipher message authentication code (AES-CMAC) for symmetric key diversification.
High-entropy encryption keys are paramount to provide the highest security. The Primus X-Series HSM has multiple true random number generation (TRNG) modules. They are built up with separate hardware components and get their randomness from different physical noise mechanisms.
Due to its dynamic architecture, the Primus HSM is quantum computer ready. Should quantum computers make any of the supported algorithms to become obsolete, then a quantum computer safe algorithm may be installed through a firmware/software upgrade.
Primus X-Series HSMs are secure and tamper-proof network security appliances. They are ideally suited to fulfill the highest requirements in high availability systems. Multiple HSMs can be grouped together as clusters across different datacenters, countries, or even continents to provide load balancing and fail-over. In addition, each unit is equipped with two redundant hot pluggable power supplies (AC or DC).
Primus HSM offers a wide range of APIs for their integration. The APIs are either offered natively by the HSM or via a software layer. Securosys offers API providers (client API software / libraries) that are installed on the application server and ensure secure communication with the HSM and provide automatic failover and load balancing, optionally based on priority classes.
Clients are free to choose the API that best suits their requirements:
Security architecture
Encryption/Authentication (extract)
Key Generation
Key Management
Up to 120 partitions @ 240 MB secure storage
Operation
Anti-Tamper Mechanisms
Attestation and Audit Features
Cryptographic evidence of audit relevant parameters (keys, configuration, hardware, states, logs, time-stamping)
Identity-based Authentication
Software integration
Networking
Device Management
Performance (transactions per second)
RSA 4096 | ECC 256 | ECC 521 | AES 256 | |
X 1000 | 1000 | 3000 | 550 | 5000 |
X 400 | 400 | 3000 | 550 | 2000 |
Power
Interfaces
Controls
Environmental Test Specifications
Specifications
Certification
Please find here our products overview or solutions overview page.