<img alt="" src="https://secure.weed6tape.com/193471.png" style="display:none;">
Products & Solutions
Products & Solutions
Explore our portfolio of cutting-edge cybersecurity solutions, centered around our flagship Hardware Security Modules (HSMs). From encryption and key management to secure access and authentication, our products ensure robust protection for your most critical data and systems.
menu icon
Hardware Security Module (HSM)
HSM Overview What is an HSM? Primus HSM CyberVault (X2 Models) Primus HSM CyberVault Core (E2 Model) Primus HSM X-Series Primus HSM E-Series Primus HSM S-Series Primus HSM Blockchain Post-Quantum Cryptography HSM
menu icon
Cloud Security
Securosys CloudHSM Cloud Console What is CloudHSM? CloudHSM Service Offerings Integrated Technologies HashiCorp Vault Docker Image Security Bring Your Own Key (BYOK) External Key Store (XKS) Proxy for AWS Fortinet Fortigate Keyfactor EJBCA/SignServer
menu icon
Additional Products and Services
Decanus Terminal Transaction Security Broker (TSB) Key Attestation Smart Key Attributes (SKA) Securosys Authorization App S365 DKE - add-in for Microsoft 365 Securosys VaultCode CyberVault Key Management System
Partners
Partners
shield-people-colourful
Partners
Partner Directory
digital-data-finance-security-transactions-2
Integrations
Integrated Technologies HashiCorp Vault Fortinet FortiGate S365 DKE - adds in for Microsoft Bring Your Own Key (BYOK) External Key Store (XKS) - Proxy for AWS Keyfactor EJBCA/SignServer
Support
Support
menu icon
Support
Online Documentation Support Portal System Status Trainings
finance-institution-colourful
What is ...?
What is an HSM? What is CloudHSM? What is BYOK? What is SIC system?
About
About
Learn more about our mission, explore career opportunities, and access our resources. Discover how we’re shaping the future of cybersecurity and how you can be part of it.
menu icon
Securosys SA
About Us Events News Career
menu icon
Resources
Online Documentation Blog Articles Stories and Paper Video Gallery
document-lock-b&w
Certifications
Security Certifications Safety & Compliance Certifications Company Certification
Contact us
  • There are no suggestions because the search field is empty.

Challenge

Modern financial and digital asset applications require more than basic key usage. They increasingly depend on fine-grained policies and complex workflows.

Implementing these workflows directly inside each application is complex. They require state management, authorization collection, and reliable coordination, while ensuring that all security-critical checks remain inside the HSM.

Solution

The Securosys Transaction Security Broker (TSB) simplifies the implementation of advanced authorization and key-usage workflows and how applications interact with the Primus HSM. TSB is a Java-based service that communicates with the HSM over JCE while exposing a language-agnostic REST API that applications can use without installing client-side libraries. All cryptographic operations and security-critical checks remain inside the HSM, while TSB orchestrates request handling, approval logic, and workflow state.

Approvals can be provided using signing keys held on crypto tokens, in software, or through the Securosys Authorization App. The Securosys Authorization App provides approvers with a simple interface to receive notifications, review requests, and submit approvals. TSB manages communication with the app and collects approvals before forwarding authorized operations to the HSM.

TSB supports two usage modes. In its basic mode, it acts as a REST translation layer, enabling applications to perform signing, decryption, and key management operations through REST calls. In its workflow mode, TSB manages Smart Key Attribute (SKA) approval processes by collecting authorizations, coordinating multi-step workflows, and forwarding completed authorization data to the HSM. This separation ensures that all the approvals required by the SKA policy have been gathered together by TSB outside the HSM, while only the HSM itself enforces all policies

 

Key Benefits

API-circle-b&w
Simple REST API Integration
TSB provides a language-agnostic REST API to access Primus HSM functionality without client-side libraries. This simplifies integration with modern applications and services.
key-circle-people-b&w
Streamlined SKA Workflow Orchestration
TSB manages approval collection and workflow state for SKA-enabled keys, reducing complexity for applications while ensuring that all authorization checks remain inside the HSM.
locket-circle-blocks-b&w
Scalable Deployment Options
TSB can run as multiple container instances connected to the same HSM partition, enabling horizontal scaling and integration with high-availability HSM clusters.
vault-b&w
Consistent Hardware-Based Security
All cryptographic operations and SKA policy validations occur inside the secure physical boundary of the Primus HSM, ensuring key protection with tamper-resistant hardware at every stage.
blocks-lock-b&w
Flexible Deployment Inside or Outside the HSM
TSB can be deployed on external platforms or within the HSM as VaultContainers, offering architectural flexibility based on operational and regulatory needs.

Why TSB vs. Multi-signature?

  • Works with all supported crypto assets — independent of blockchain signature formats
  • Lower fees and better privacy due to single-signature on-chain addresses
  • Decouples key ownership from key usage for operational and regulatory flexibility
  • Supports advanced policy models including time-restrictions

Why TSB vs. Multi-Party Computation (MPC)?

  • Supports time-based workflows
  • Key material stays hardware-protected
  • Redundant deployment without increasing key-exposure risk
  • Simpler lifecycle management and operational model

 

Approval Process with SKA — How It Works

The approval process applies when using Smart Key Attributes with TSB.

To support SKA workflows, the Securosys Authorization App enables approvers to receive notifications, review pending tasks, and provide approvals directly from their devices. The app integrates with TSB, which orchestrates the workflow while the HSM performs all policy enforcement.

Step 1
Request Approval
A business application requests a key operation (e.g., signing) via TSB.
Step 2
Policy Retrieval
The HSM returns the SKA policy associated with the key, with a signed timestamp.
Step 3
Broadcast Request
The application fetches the approval request from TSB and broadcasts it to approvers.
Step 4
Collect Approvals
TSB collects approvals until the key’s SKA rules are met.
Step 5
Authorization Validation
TSB forwards the payload and collected approvals to the HSM.The HSM validates authorization data according to SKA attributes.
Step 6
Final Signature
If all conditions are met, the HSM signs the payload and returns the signature to TSB.

Use Cases

colourful-background-patterns-13 Multi-Quorum Transaction Approval Enable m-of-n or multi-layer approval flows for high-value financial transactions, ensuring controlled and verifiable authorization.
colourful-background-patterns-11 Time-Locked Transaction Security Enforce time-based policies to delay or restrict key operations, reducing operational risk.
colourful-background-patterns-14 Hybrid Approval Systems Combine device-based approvals, user roles, or multi-device workflows with HSM-based key protection.
colourful-background-patterns-8 Policy-Driven Key Usage Control Define complex, granular SKA policies for key usage and enforce them through TSB for digital assets, financial operations, and regulated environments.

Related Products

key-hand-b&w Smart Key Attributes Fortifying your encryption keys security with Smart Key Attributes 3D-people-platform-locket-colourful Securosys Authorization App Approve cryptographic operations anywhere, anytime device-hsm-colourful Primus HSM Overview Gain Full sovereignty over your data with Securosys Primus HSM, ensuring the utmost security standards cloudhsm-alps-locket-colourful CloudHSM CloudHSM provides a seamless, secure, and cost-effective path to achieving full compliance with data security requirements and regulations
key-hand-b&w Smart Key Attributes Fortifying your encryption keys security with Smart Key Attributes
3D-people-platform-locket-colourful Securosys Authorization App Approve cryptographic operations anywhere, anytime
device-hsm-colourful Primus HSM Overview Gain Full sovereignty over your data with Securosys Primus HSM, ensuring the utmost security standards
cloudhsm-alps-locket-colourful CloudHSM CloudHSM provides a seamless, secure, and cost-effective path to achieving full compliance with data security requirements and regulations
key-hand-b&w Smart Key Attributes Fortifying your encryption keys security with Smart Key Attributes
3D-people-platform-locket-colourful Securosys Authorization App Approve cryptographic operations anywhere, anytime
device-hsm-colourful Primus HSM Overview Gain Full sovereignty over your data with Securosys Primus HSM, ensuring the utmost security standards
cloudhsm-alps-locket-colourful CloudHSM CloudHSM provides a seamless, secure, and cost-effective path to achieving full compliance with data security requirements and regulations
key-hand-b&w Smart Key Attributes Fortifying your encryption keys security with Smart Key Attributes
3D-people-platform-locket-colourful Securosys Authorization App Approve cryptographic operations anywhere, anytime
device-hsm-colourful Primus HSM Overview Gain Full sovereignty over your data with Securosys Primus HSM, ensuring the utmost security standards
cloudhsm-alps-locket-colourful CloudHSM CloudHSM provides a seamless, secure, and cost-effective path to achieving full compliance with data security requirements and regulations
key-hand-b&w Smart Key Attributes Fortifying your encryption keys security with Smart Key Attributes
3D-people-platform-locket-colourful Securosys Authorization App Approve cryptographic operations anywhere, anytime
device-hsm-colourful Primus HSM Overview Gain Full sovereignty over your data with Securosys Primus HSM, ensuring the utmost security standards
cloudhsm-alps-locket-colourful CloudHSM CloudHSM provides a seamless, secure, and cost-effective path to achieving full compliance with data security requirements and regulations