<img alt="" src="https://secure.weed6tape.com/193471.png" style="display:none;">
Download Factsheet

PRIMUS HSM S500

The Primus S500 Hardware Security Module has been built exclusively for the Swiss Interbank Clearing System operated by SIX-SIC under the supervision of the Swiss National Bank. Daily transactions of over CHF 100 billion per day are protected by Primus S500 HSM.

image3

Overview

The Primus HSM S500 is an exclusive version with a restricted feature set for the Swiss Interbank Clearing operated by SIX-SIC. It generates encryption keys, stores these keys, and manages the distribution of these keys. Besides key management, it can also perform authentication and encryption tasks.

HIGH ENTROPY ENCRYPTION KEYS

Multiple Primus S500 HSMs can be grouped together for redundancy and load balancing controlled by the application program. Primus supports symmetric (AES, Camellia), asymmetric (RSA, Diffie-Hellman), and hashing (SHA-2, SHA-3) cryptographic algorithms. High entropy encryption keys are generated in separate hardware true random number generation (TRNG) modules based on different physical noise mechanisms.

Post Quantum Computer Ready

Thanks to its dynamic FPGA (field programmable gate array) based architecture, the Primus HSM is quantum computer ready. Should quantum computers make any of the supported algorithms obsolete then an algorithm that is quantum computer safe may be installed through a software/firmware upgrade.

S500_ganz_freigestellt_0

Primus HSM S500 Gallery

Business Advantage

The Primus S500 HSM is the only device approved for the Swiss Interbank Clearing (SIC4) system. It has been validated by the Cryptographic Group of the Swiss Ministry of Defence. Its dynamic architecture allows for future upgrades to new algorithms, higher performance and enables a long life time.

Technical
specification

Security Architecture

  • Military grade security architecture
  • Multi-barrier software and hardware architecture with supervision mechanisms

Encryption / Authentication (extract)

  • 128-bit and 256-bit AES with GCM-, CTR-, GCTR-, ECB-, CBC-, MAC-modes
  • Camellia
  • RSA 1024, 2048, 3072, 4096, 8192
  • DSA 256-8192
  • Diffie-Hellman 1024, 2048, 4096
  • SHA-2 (256 - 512), SHA-3

Key Generation

  • Two hardware true random number generators (TNRG)

Key Management

  • Key capacity: up to 30 GB

Operation

  • Number of client connections not restricted

Anti Tampering Mechanisms

  • Several sensors to detect unauthorized access
  • Active destruction of key material and sensitive data on tamper
  • Transport and multi-year storage tamper protection by digital seal

Firmware

  • Local firmware update

Identity based authentication

  • Multiple security officers (2 out of m)
  • Identification based on Smartcard and PIN

Software Integration

  • JCE/JCA Provider

Network Management

  • IPv4/IPv6
  • Enhanced test functions
  • Event agent

Device Management

  • Configuration, monitoring and logging (syslog, SNMP V2)
  • Integrated logging
  • Firmware update

Load Balancing / Fail Over

  • Multiple units may be connected to provide load balancing by application software

Performance (per second, concurrent)

RSA 4096 RSA 3072
200 400

 

Power

  • Two redundant power supplies, hot pluggable:
    • 100 ... 240 V AC, 50 ... 60 Hz
    • 36 … 75 V DC
  • Power dissipation: 60 W (typ.), 80 W (max.)
  • Ultra capacitors for data retention
  • Backup lithium battery

Interfaces

  • 4 Ethernet RJ-45 ports with 1 Gbit/s (rear)
  • 1 RS-232 management port (front)
  • 1 USB management port (front)
  • 3 smart card slots
  • Physical key to open case

Controls

  • 3 slots for Securosys Security smart cards
  • 4 LEDs for system and interface status (multicolored)
  • 1 liquid crystal display for management information
  • Panel for menu navigation and to trigger built in test equipment and emergency erasure

Environmental Test Specifications

  • EMV/EMC: EN 55022, EN 55024, FCC Part 15 Class B
  • Safety: IEC 60950

Specifications

  • Temperature ranges (IEC 60068-2-1 Ad, IEC 60068-2-2 Bd): storage -25 ... +70 °C; operation 0 ... +40 °C (recommended +1 ... +30°C)
  • Humidity (IEC 60068-2-78 Cab): 40 °C, 93% RH, non-condensing
  • MTBF (RIAC-HDBU-217Plus) at tamb=25 °C: 100 000 h
  • Dimensions (w×h×d) 440 x 88 x 441 mm (2U 19" EIA standard rack)
  • Weight 13.5 kg

Certification

  • Reviewed by DDPS (Federal Department of Defence, Civil Protection and Sport)
  • CE, FCC, UL

Didn't find what you were looking for?

Please find here our product overview or solutions overview page.

Contact us

Contact us if you want to know more about our products and offering.

Write us a message or request a call now