Download Factsheet

Primus E-Series HSM

The Primus E-Series HSMs are the ideal solution for small, cost sensitive system without sacrificing functionality nor usability. Often used to replace cumbersome PCI-e card HSMs it offers high performance at an outstanding price. It is available in three performance classes (E20/E60/E150) and an upgrade to the higher performance X-Series is always possible. Connecting the devices to existing systems is just as easy as commissioning. Easy to setup, configure and maintain, the E-Series can be optionally controlled with our remote access device Decanus.

Securosys-Primus-HSM-E-Series-Detail-Front-Right

Overview

The E-Series is available in various performance classes: E20, E60 and E150 (number corresponds to RSA-4096 signatures per second). It can be configured via the serial port or over the network with our Decanus remote terminal.

APPLICATIONS

The devices of the E-Series are very versatile. Built as network appliances, they lack the disadvantages of PCIe-based solutions. They are not dependent on the software version of PCIe host systems and the host system itself, which cannot be virtualized. The E-Series is ideally suited to secure financial transactions such as EBICS, access to the cloud (CASB), key management in the PKI environment, or to protect blockchain systems.

 

FEATURES

The devices generate and store encryption keys and manage the distribution of these keys. Besides key management, they also perform authentication and encryption tasks. Multiple Primus HSMs can be grouped together to support redundancy and load balancing. Each Primus HSM can also be partitioned for multiple users (multi-tenancy). Primus supports symmetric (AES, 3DES), asymmetric (RSA, ECC, Diffie-Hellman), and cryptographic hash algorithms (SHA-2, SHA-3). They can be seamlessly and easily integrated into any network environment.

E-Gesamtansicht_freigestellt

Primus E-Series Gallery

Business Advantage

Best Price/Performance
The Primus E-Series HSM offer the best price performance ratio for any general purpose HSM.
FIPS 140-2 Level 3 validated
Many applications require FIPS certified HSM, the E-Series delivers at an unbeatable price point.
Replacement for PCIe card HSM
Operate HSM as a network attached device. No compatibility issues between operating system version of the host device and the PCIe card HSM.
Fastest setup
Thanks to the setup wizard the E-Series HSM are quick to setup and configure, fast to integrate with many applications, and low cost in operation and maintenance.
Scalable Solution
A simple license update allows one to upgrade the E-Series from E20 to E60 and E150. Moreover, there is also the option to upgrade to the X-Series if your performance needs require it.
Swiss Made
All Securosys Primus HSM are developed and manufactured in Switzerland, free from contaminating influences.

Technical
specification

Security Architecture

  • Multilevel security architecture
  • Intern hardware supervision for error-free operations

Encryption / Authentication

  • 128- and 256-bit AES (GCM, CTR, ECB, CBC, MAC modes)
  • Camellia, 3DES
  • RSA 1024, 2048, 3072, 4096, 8192
  • ECDSA 256-521, GF(P) arbitrary curves
  • DSA 256-8192
  • Diffie-Hellman 1024, 2048, 4096
  • SHA-2 (256 - 512), SHA-3, SHA-1
  • Upgradeable to quantum computer-resistant algorithms

Key Generation

  • Two hardware true random number generators (TRNG)
  • SP800-90 compatible random number generator

Key Management

  • Key capacity: up to 6 GB
  • Ultra-secure vault for long term keys, certificates, and key attestation (CC EAL 4+ certified root key store)
  • Up to 50 partitions @ 120 MB capacity

Operation

  • Unlimited number of backups
  • Number of client connections not restricted

Anti Tampering Mechanismst

  • Several sensors to detect unauthorized access
  • Active destruction of key material and sensitive data on tamper
  • Transport and multi-year storage tamper protection by digital seal

Firmware

  • Local firmware update on device or optionally on Decanus remote

Identity Based Authentication

  • Multiple security officers (2 out of m)
  • Identification based on Smartcard and PIN, using Decanus remote, or through virtual Smartcard

Software Integration

  • JCE/JCA Provider
  • PKCS#11, OpenSSL
  • MS CNG

Network Management

  • IPv4/IPv6
  • Enhanced test functions
  • Event agent

Device Management

  • Configuration, monitoring and logging (syslog, SNMP V2)
  • Integrated logging
  • Firmware update 

Performance (per second, concurrent)

  RSA 4096 ECC 256 ECC 521 AES (Mbit)
E150 150 400 150 180
E60 60 400 60 180
E20 20 400 20 180

Power

  • Power supply:
    • 100 ... 240 V AC, 50 ... 60 Hz
  • Power dissipation: 30 W (typ) ... 50 W (max)
  • Backup lithium battery

Interfaces

  • 4 ethernet RJ-45-ports with1 Gbit/s (rear)
  • RS-232 management port (rear)
  • 1 USB management port (rear)

Controls

  • Console interface
  • 4 LEDs for system and interface status (multicolored)
  • Optional remote control Decanus

Environmental Test Specifications (Target)

  • EMV/EMC: EN 55022, EN 55024, FCC Part 15 Class B
  • Safety: IEC 60950

Specifications

  • Temperature ranges (IEC 60068-2-1 Ad, IEC 60068-2-2 Bd): storage -25...+70 °C; operation 0...+40 °C
  • Humidity (IEC 60068-2-78 Cab): 40 °C, 93% RH, non-condensing
  • MTBF (RIAC-HDBU-217Plus) at tamb=25 °C: 80  000 h
  • Dimensions (w×h×d) 417 x 44 x 365 mm (fits 1HE 19" EIA standard rack)
  • Weight 5,8 kg

Certification

  • FIPS140-2 Level 3
  • CC EAL 4+ certified root key storage
  • CE, FCC, UL

Didn't find what you were looking for?

Please find here our products overview or solutions overview page.

Contact us

Contact us if you want to know more about our products and offering.

Write us a message or request a call now