- Solutions
- Products
- Services & Support
- Blog
- About
- Contact
Primus X-Series Hardware Security Modules (HSMs) are available in different performance classes (X200/X400/X700/X1000). In its most powerful implementation, the Primus X1000 HSM is capable to perform 1200 RSA-4096 operations (or about 4000 RSA-2048) per second. The Primus X-Series HSM can be managed with our remote access device Decanus.
The Primus X-Series HSM performs a wide range of operations. It generates encryption keys, stores these keys, and manages the distribution of these keys. Besides key management, it also performs authentication and encryption tasks. Multiple Primus HSMs can be grouped together in a self-synchronizing cluster to support geo-redundancy and load balancing. Each Primus can also be partitioned for multiple applications. Primus supports symmetric (AES, 3DES), asymmetric (RSA, ECC, Diffie-Hellman), and cryptographic hash algorithms (SHA-2, SHA-3).
High-entropy encryption keys are paramount to provide the highest security. The Primus X-Series HSM has multiple true random number generation (TRNG) modules. They are built up with separate hardware components and get their randomness from different physical noise mechanisms.
Primus also contains an ultra secure vault implemented inside a dedicated security chip. This Common Criteria (CC EAL 5+) certified device offers offline storage for PKI root keys and other critical keys.
Due to its dynamic architecture, the Primus HSM is quantum computer ready. Should quantum computers make any of the supported algorithms to become obsolete, then a quantum computer safe algorithm may be installed through a firmware/software upgrade.
Primus X-Series HSMs are secure and tamper-proof network security appliances. They are ideally suited to fulfill the highest requirements in high availability systems. Multiple HSMs can be grouped together as clusters across different datacenters, countries, or even continents to provide load balancing and fail-over. In addition, each unit is equipped with two redundant hot pluggable power supplies (AC or DC).
Military grade security architecture
Encryption / Authentication
Key Generation/ Signatures
CC EAL 5+ chip for IoT key generation
Key derivation on asymmetric keys including built-in BIP 32
Direct secure address generation (hash of the public key), which delivers extra PQCprotection in the HSM
Key Management
Multi Client / User / Partition Capability
Anti Tampering Mechanismst
Firmware
Security Roles
Military grade security architecture
Multi-barrier software and hardware architecture with supervision mechanisms
Internet Protocol (IPv4, IPv6)
Software Integration
Network Management
Load Balancing / Fail Over
Performance
RSA 4096/s | ECC 521/s | AES (Mbit/s) | |
X 1000 | 1200 | 2500 | 1000* |
X 700 | 700 | 700 | 1000* |
X 400 | 400 | 400 | 1000* |
X 200 | 200 | 200 | 600 |
*Performance limited by client connection
Controls
Interfaces
Power
Safety Conformity (target)
Electromagnetic Compatibility (EMC) (target)
Environmental Test Specifications (target)
Reliability (target)
Dimensions (w × h × d)
Certification
Please find here our products overview or solutions overview page.