<img alt="" src="https://secure.weed6tape.com/193471.png" style="display:none;">

Register now: Securosys User & Developer Conference 29. September 2022

Register
x
Download Supported Algorithms

Primus X-series

Primus X-Series Hardware Security Modules (HSMs) are available in different performance classes (X200/X400/X700/X1000). In its most powerful implementation, the Primus X1000 HSM is capable to perform 1200 RSA-4096 operations (or about 4000 RSA-2048) per second. The Primus X-Series HSM can be managed with our remote access device Decanus.

Primus x-Serie

Overview

Key Management and Encryption

The Primus X-Series HSM performs a wide range of operations. It generates encryption keys, stores these keys, and manages the distribution of these keys. Besides key management, it also performs authentication and encryption tasks. Multiple Primus HSMs can be grouped together in a self-synchronizing cluster to support geo-redundancy and load balancing. Each Primus can also be partitioned for multiple applications. Primus supports symmetric (AES, 3DES), asymmetric (RSA, ECC, Diffie-Hellman), cryptographic hash algorithms (SHA-2, SHA-3), as well as advanced encryption standard-cipher message authentication code (AES-CMAC) for symmetric key diversification.

True Random Numbers Generation (TRNG)

High-entropy encryption keys are paramount to provide the highest security. The Primus X-Series HSM has multiple true random number generation (TRNG) modules.  They are built up with separate hardware components and get their randomness from different physical noise mechanisms.

Ultra-Secure Vault

Primus also contains an ultra secure vault implemented inside a dedicated security chip. This Common Criteria (CC EAL 5+) certified device offers offline storage for PKI root keys and other critical keys.

Crypto-Agile Architecture

Due to its dynamic architecture, the Primus HSM is quantum computer ready. Should quantum computers make any of the supported algorithms to become obsolete, then a quantum computer safe algorithm may be installed through a firmware/software upgrade.

Primus X-Series @Securosys

Primus X-Series Gallery

Business Advantage

Primus X-Series HSMs are secure and tamper-proof network security appliances. They are ideally suited to fulfill the highest requirements in high availability systems. Multiple HSMs can be grouped together as clusters across different datacenters, countries, or even continents to provide load balancing and fail-over. In addition, each unit is equipped with two redundant hot pluggable power supplies (AC or DC).

Unlimited Users
There is no limit on the number of users and clients that can access the Primus X-Series HSM. Applications can connect either through Java (JCE/JCA), Windows (CNG, PKCS#11), or Linux (PKCS#11, openSSL) providers to the Primus X-Series.
Over 1 Million Keys
The Primus X-Series hardware security module can be configured with up to 120 partitions, each providing up to 240MB protected storage space. It can securely hold over one million keys or objects.
Prevent Tampering
Special care has been taken in the Primus X-Series HSM to detect and prevent tampering that go beyond FIPS and Common Criteria certification requirements. Multiple tamper sensors ensure proper operation and handling of the Primus X-Series HSM. If triggered, they will erase all key material.
Store Keys
The Primus X-Series HSM store cryptographic keys and provision encryption, decryption, authentication and digital signing services. They are essential to manage and provide protection for transactions, identities and applications.
Protect Sensitive Data
Protect your sensitive data and transactions with industry-leading security in the highest performance HSM. Integrate the Primus X-Series Hardware encryption devices directly into environments for on-site data security.
Transport Protection
The tamper sensors are also in operation when the HSM is unpowered. So, even when the HSM is in transit or held instorage, the HSM is protecting itself against any attempt to manipulate it and will notify its owner when powered up again.
Fully Shielded
To protect against side-channel attacks the Primus X-Series HSM is enclosed in a heavy aluminum casing. Moreover the critical cryptographic core is additionally shielded inside the box. This results in essentially no electro-magnetic (EM) radiation.

API Integration

Primus HSM offers a wide range of APIs for their integration. The APIs are either offered natively by the HSM or via a software layer. Securosys offers API providers (client API software / libraries) that are installed on the application server and ensure secure communication with the HSM and provide automatic failover and load balancing, optionally based on priority classes.


Clients are free to choose the API that best suits their requirements:

REST API
  • Best for complex architectures with different software stacks and languages 
  • Upgradable to Transaction Security Broker
  • External software module 
JCE/JCA
  • Best for Java integration 
  • Enhanced feature support: multi-authorization, cryptocurrency, key attestation, and other 

PKCS#11
  • Best for applications using PKCS#11 standard interface, e.g. OpenSSL, Apache, NGINX, PKI, KMS and many programming language libraries. 
Microsoft CNG
  • Best for Microsoft Windows operating systems 
  • Native integration for many applications using Cryptography Next Generation interface (CNG) 

Technical
specification

Military grade security architecture

  • Multi-barrier software and hardware architecture with supervision mechanisms

Encryption / Authentication

  • 128/192/256 bit AES (GCM, CTR, ECB, CBC, MAC, CMAC modes)
  • 128, 192 and 256 bit Camellia (GCM, CTR, ECB, CBC, MAC modes)
  • RSA 2048 - 8192 with PKCS, PSS and OAEP modes
  • ECDSA 256 (mod-p curves, etc.), DSA 2048 - 4096, ECIES
  • ECDH 256, DH 2048 - 4096 • SHA-2, SHA-3 (224 - 512)
  • Upgradeable to quantum computer safe algorithms

Key Generation/ Signatures

  • The HSM has a dual True Random Generator TRNG entropy source, and NIST SP800-90 compliant RNG.

  • CC EAL 5+ chip for IoT key generation

  • Key derivation on asymmetric keys including built-in BIP 32

  • ECDSA: Elliptic curve digital signing algorithm

  • Direct secure address generation (hash of the public key), which delivers extra PQCprotection in the HSM

Key Management

  • Key capacity: in excess of 1’000’000 2048-bit keys
  • Ultra-secure vault for long term keys, certificates, and key attestation

Multi Client / User / Partition Capability

  • Unlimited clients and users
  • Up to 120 partitions of 240MB each
  • More partitions possible, please inquire with us

Anti Tampering Mechanismst

  • Several sensors to detect unauthorized access
  • Enabled to destroy all key material and sensitive data
  • Transport & multi-year storage tamper protection

Firmware

  • Remote firmware update with Decanus Remote Control Terminal

Security Roles

  • Multiple security officers (2 out of m)
  • Identification based on Smartcard and PIN

Military grade security architecture

Multi-barrier software and hardware architecture with supervision mechanisms

Internet Protocol (IPv4, IPv6)

Integration API's

  • JCE/JCA
  • PKCS#11
  • Microsoft CNG
  • REST API (external module)

Network Management

  • Enhanced test functions
  • Event agent Device Management
  • Configuration, monitoring and logging
  • Firmware updating

Load Balancing / Fail Over

  • Multiple units may be connected to provide 
  • High availability redundancy
  • Load balancing by application software 

Performance (transactions per second)

  RSA 4096 ECC 256 ECC 521 AES 256
X 2000 2000 8000 3000 10000
X 1000 1000 3000 550 5000
X 700 700 3000 550 3000
X 400 400 3000 550 2000
X 200 200 2000 350 1000

Controls

  • 3 slots for Securosys Security Smartcards
  • 4 LEDs for system and interface status (multicolored)
  • Build in Liquid Crystal Display for management 
  • Panel for menu navigation and to trigger Built in Test Equipment (BiTE) and emergency erasure

Interfaces

  • 4 Ethernet RJ-45 ports 1 Gbit/s (rear)
  • 1 RS-232 management port (front)
  • 1 USB management port (front)

Power

  • Two redundant hot pluggable power supplies,choice:
    • 100...240 V AC, 50...60 Hz
    • 36…75 V DC
  • Power consumption: 75W
  • Ultra capacitors for data retention

Safety Conformity (target)

 

  • IEC 60950
  • RoHS compliant

 

Electromagnetic Compatibility (EMC) (target)

  • Radiation measured according to EN 55022
  • Immunity: EN 55024

Environmental Test Specifications (target)

  • Temperature ranges (IEC 60068-2-1 Ad, IEC 60068-2-2 Bd): storage -25...+70 °C; operation 0...+40 °C (recommended 1..30°C) 
  • Humidity (IEC 60068-2-78 Cab): 40 °C, 93% RH, non-condensing, 10 days; 8 days in operation

Reliability (target)

  • MTBF (RIAC-HDBU-217Plus) at tamb = 25 °C: 100 000 h

Dimensions (w × h × d)

  • 400 x 88 x 367 mm (fits 2U 19” EIA standard rack)

Certification

  • FIPS140-2 Level 3
  • CC EAL4+, EN 419221-5 eIDAS protection profile
  • CC EAL 5+ certified root key storage
  • CE, FCC, UL

Didn't find what you were looking for?

Please find here our products overview or solutions overview page.

Contact us

Contact us if you want to know more about our products and offering.

Write us a message or request a call now
Language
Address

Förrlibuckstr. 70
8005 Zürich
Switzerland

Phone

+41 44 552 31 00

Fax

+41 44 552 31 99

Copyright © 2022 Securosys SA. All rights reserved.