<img alt="" src="https://secure.weed6tape.com/193471.png" style="display:none;">
x
Contact Sales
Download Factsheet

Securosys Primus X Cyber Vault sets a new standard in Hardware Security Modules (HSMs), delivering unparalleled performance, scalability, and robust security features.

Designed, developed, and manufactured in Switzerland, it represents the pinnacle of encryption and authentication performance, making it the ideal solution for organizations with the most demanding security requirements.

 

S2FrontDirect_DSC07676-S2cn-1

KEY FEATURES

  • Market-Leading Performance: With over 50,000 concurrent transactions per second (TPS), the Primus X Cyber Vault stands as the fastest HSM in the market. It is scalable to support over 1,000,000 concurrent transactions per second in clustered environments.
  • Tamper Protection: Ensures the integrity of data during transport, storage, and operation, providing a secure foundation for critical infrastructure.
  • Simple Setup and Maintenance: Effortlessly integrate into existing systems with easy commissioning, configuration, and maintenance procedures.
  • Scalable and Flexible: Customize the Primus X Cyber Vault to meet your specific needs, ensuring adaptability as your requirements evolve.

 

APPLICATIONS

The versatility of the Primus X Cyber Vault makes it ideally suited for to secure high volumes of financial transactions, blockchain systems and crypto asset management, among others.

Zero Trust Networking

  • Every connection is authenticated and secured using TLS crypto-offloading.
  • Utilization of containerized/virtualized architectures.

Post-Quantum Cryptography (PQC) Challenge

  • Transition to PQC requires hybrid operation with both classical and PQC algorithms.
  • Integration of RSA or ECC/ED with PQC signatures, AES encryption/decryption, and key exchange protocols.
  • Focus on balanced performance to maintain efficiency during the transition.

Scalable Performance

  • Cloud encryption solutions ensure data sovereignty across platforms like Azure, AWS, and Google Cloud.
  • Geo-redundancy enhances resilience and availability.
  • Managed Service Providers offer multi-tenancy support, facilitating scalability and accessibility.
S2Back_DSC07692cn-1

FUNCTIONS

  • Key Generation and Management: Generate, store, and distribute cryptographic keys securely, ensuring robust key management practices.
  • Authentication and Encryption: Perform authentication and encryption tasks using a comprehensive suite of algorithms, including symmetric (AES) and asymmetric encryption (RSA, Diffie-Hellman, ECDSA), as well as hash algorithms (SHA-2, SHA-3).
  • High Availability Clustering: Group multiple Primus HSMs together to support redundancy and load balancing, ensuring continuous operation in mission-critical environments.
  • Seamless Integration: Easily integrate into any network environment with support for copper and optical interfaces up to 10 Gbps.
  • Remote Management and Backup: All devices can be securely managed and configured remotely using the Decanus terminal. They also come with standardized backup functionality via USB and WebDav.
  • Easy Integration: Seamlessly integrate into any network environment with support for various API providers (JCE/JCA, CNG, PKCS#11, REST) and both copper and optical interfaces.

Experience Unparalleled Security and Performance with Primus X Cyber Vault

Secure your infrastructure with the fastest HSM in the market. The Securosys Primus X Cyber Vault delivers unmatched performance, scalability, and flexibility, meeting the highest standards of safety, availability, and tamper protection.

Contact us today to learn more about how Primus X Cyber Vault can enhance your security posture and streamline your operations.

S2Front25D_DSC07721cn-1

Technical
specification

Security Architecture

  • Multi-barrier software and hardware architecture with supervision mechanisms

  • Secure supply-chain 

Encryption / Authentication (extract)

  • 128/192/256-bit AES with GCM-, CTR-, ECB-, CBC-, MAC Mode
  • Camellia, ChaCha20-Poly1305, ECIES
  • RSA 1024-8192, DSA 1024-8192
  • ECDSA 224-521, GF(P) arbitrary curves (NIST, Brainpool, ...)
  • ED25519, Curve25519
  • Diffie-Hellman 1024, 2048, 4096, ECDH
  • SHA-2/SHA-3 (224 - 512), SHA-1, RIPEMED-160, Keccak
  • HMAC, CMAC, GMAC, Poly 1305
  • Post-Quantum Cryptographic (PQC) algorithms
    CRYSTALS-Dilithium, CRYSTALS-Kyber, SPHINCS+

Key Generation

  • Two hardware true random number generators (TNRG)
  • NIST SP800-90 compatible random number generator

Key Management

  • Key capacity: up to 30 GB
  • up to 1000 partitions

Operation

  • Number of client connections not restricted
  • Unlimited number of backups

Anti-Tamper Mechanisms

  • Several sensors to detect unauthorized access
  • Active destruction of key material and sensitive data on tamper
  • Transport and multi-year storage tamper protection by digital seal

Attestation and Audit Features

  • Cryptographic evidence of audit relevant parameters (keys, configuration, hardware, states, logs, time-stamping)

Identity based authentication

  • Multiple security officers (m out of n)
  • Identification based on smart card and PIN

Software Integration

  • JCE/JCA Provider

  • PKCS#11 provider, OpenSSLv3, Apache, Nginx, p11-kit 

  • Microsoft CNG/KSP 

  • REST (TSB module)

Networking

  • IPv4/IPv6
  • Interface bonding (LACP or active/backup)
  • Active clustering of multiple units for load-balancing and fail-over
  • Monitoring and log streaming (SNMPv2, syslog/TLS)

Device Management

  • Local configuration (GUI, Console)
  • Remote administration (Decanus Terminal)

  • Local and remote firmware update 

  • WebDAV data transfer 

  • Secure log and audit 

  • Enhanced diagnostic functions

Performance (transactions per second)

Model RSA 4096 RSA 3072

RSA 2048

ECC256
X2P RSA 2'000 5'000 12'000 15'000
  ECC521 ECC384 ECC256  
X2P EC 10'000 15'000 30'000  

 

Power

  • Two redundant power supplies, hot pluggable: 
    100 ... 240 V AC, 50 ... 60 Hz
  • Power dissipation: 65 W (typ.), 100 W (max.)
  • Backup lithium battery:
    Lithium Thionyl Chloride 0.65g Li, IEC 60086-4, UL 1642, 3.6V

Interfaces

  • 4 Ethernet RJ-45 ports with 1 Gbps (rear)
  • 2 SFP+ slots for optical 10Gbps Ethernet modules (rear)
  • 2 Console ports (RJ45, front/rear)
  • 2 USB-A management ports (front/rear)
  • 1 USB-C management port (rear)
  • 3 Smart card slots

Controls

  • 3 slots for Securosys security smart cards
  • 4 LEDs for system and interface status (multicolor)
  • Touch screen for configuration
  • Console interface
  • Optional Decanus Terminal for remote administration

Specifications

  • Temperature ranges (IEC 60068-2-1 Ad, IEC 60068-2-2 Bd):
    storage -20 ... +60 °C; operation 0 ... +35 °C
  • Humidity (IEC 60068-2-78 Cab):
    40 °C, 93% RH, non-condensing
  • MTBF (RIAC-HDBU-217Plus) at tamb=25 °C: >100 000 h
  • Dimensions (w×h×d) 417 x 44 x 365 mm (1U 19" EIA standard rack)
  • Weight 7.5 kg

Certifications

  • FIPS140-3 Level 3 (in progress) 

  • CC EN 419221-5 eIDAS protection profile (in progress) 

  • CE, FCC, UL

Didn't find what you were looking for?

Please find here our product overview or solutions overview page.

Contact us

Contact us if you want to know more about our products and offering.

Hinterlassen Sie uns Ihre Nachricht hier
Language
Address

Max-Högger-Strasse 2
8048 Zürich
Switzerland

Phone

+41 44 552 31 00

Fax

+41 44 552 31 99

Copyright © 2024 Securosys SA. All rights reserved.