<img alt="" src="https://secure.weed6tape.com/193471.png" style="display:none;">
Try Securosys CloudHSM for free. Start your 90-days-trial now

Get started
Products & Solutions
Products & Solutions
Explore our portfolio of cutting-edge cybersecurity solutions, centered around our flagship Hardware Security Modules (HSMs). From encryption and key management to secure access and authentication, our products ensure robust protection for your most critical data and systems.
menu icon
Key Management & Hardware Security Module (HSM)
CyberVault Key Management System (KMS) HSM Overview What is an HSM? Post-Quantum Cryptography HSM Primus HSM CyberVault (X2 Models) Primus HSM CyberVault Core (E2 Model) Primus HSM X-Series Primus HSM E-Series Primus HSM S-Series Primus HSM Blockchain
menu icon
Cloud Security
Securosys CloudHSM Cloud Console What is CloudHSM? CloudHSM Service Offerings Integrated Technologies HashiCorp Vault Docker Image Security Bring Your Own Key (BYOK) External Key Store (XKS) Proxy for AWS Fortinet Fortigate Keyfactor EJBCA/SignServer
menu icon
Additional Products and Services
Securosys VaultCode Decanus Terminal Transaction Security Broker (TSB) Smart Key Attributes (SKA) Key Attestation S365 DKE - add-in for Microsoft 365 Securosys Authorization App
Partners
Partners
shield-people-colourful
Partners
Partner Directory
locket-platform-blocks-colourful
Integrations
Integrated Technologies HashiCorp Vault Fortinet FortiGate S365 DKE - adds in for Microsoft Bring Your Own Key (BYOK) External Key Store (XKS) - Proxy for AWS Keyfactor EJBCA/SignServer
Support
Support
menu icon
Support
Online Documentation Support Portal System Status Trainings
finance-institution-colourful
What is ...?
What is an HSM? What is CloudHSM? What is BYOK? What is SIC system?
About
About
Learn more about our mission, explore career opportunities, and access our resources. Discover how we’re shaping the future of cybersecurity and how you can be part of it.
menu icon
Securosys SA
About Us Events News Career
menu icon
Resources
Online Documentation Blog Articles Stories and Paper Video Gallery
document-lock-b&w
Certifications
Security Certifications Safety & Compliance Certifications Company Certification
3D-locket-documents-colourful
Compliance
Hong Kong Guidelines for VATP
Contact us
  • There are no suggestions because the search field is empty.

Challenge

The EU’s eIDAS regulations specify the requirements to generate a QES – a Qualified Electronic Signature. Any electronic signature meeting these requirements is by law considered equivalent to a physical 'wet ink' signature. Qualified Trust Service Providers (QTSPs) provide a scalable and convenient remote signing service, enabling customers to digitally sign documents and data in full compliance with the rigorous demands of these regulations.

Under eIDAS rules QTSPs cannot simply deploy a traditional Hardware Security Module (HSM). Conventional HSM designs do not support the principle of ‘sole control’ – they are unable to apply an individual access control policy to all protected keys or enforce strong authentication for usage of those keys. It is for this reason that a Signature Activation Module (SAM) component is included within the regulations to provide this missing functionality, enabling strong authentication of all end users within the QTSP’s system. The combination of an HSM and SAM is referred to as a Qualified Signature Creation Device (QSCD) in eIDAS terminology.

3D-circle-blocks-colourful

Solution

Uniquely, Securosys Primus HSMs support a feature known as Smart Key Attributes (SKA). SKA enables fine-grained authorization of private key usage, on a per-key basis. Securosys have built on this technology to develop SAM functionality that operates within the HSM itself. As a result, the Primus HSM CyberVault Series has now been certified to natively meet both the HSM (known as a Cryptographic Module/CM in eIDAS, certified against CEN EN 419 221-5) and SAM (certified against CEN EN 419 241-2) regulations.

Securosys SAM is compatible with all Primus HSM CyberVault X2 Series devices – Pro, Enterprise, Max and Max Plus editions. It is supported by the latest corresponding Common Criteria certified firmware (version 3.1.x). SAM functionality can be licensed per partition or per device.

The Transaction Security Broker (TSB) is not a mandatory requirement for SKA or SAM, but greatly simplifies integration, exposing a REST interface.

3D-circle-blocks-colourful

Key Benefits

shield-locket-b&w
QTSP Ready, Fully Certified
Certified to all eIDAS QCSD standards (CEN EN 419 221-5 and CEN EN 419 241-2). No need to build or certify separate SAM components.
document-signing-lock-b&w
Qualified Signatures and Seals
Supports sole control for qualified electronic signatures and m-of-n authentication for qualified electronic seals.
API-circle-b&w
Integrated, Comprehensive QSCD Solution
Primus HSM CyberVault Series natively fulfills QSCD requirements — no external components required. One vendor for product, support, and consultancy.
vault-b&w
Robust Key Protection
Sensitive keys remain securely inside the HSM and are never exposed outside its physical boundary.
locket-performance-b&w
High Performance and Highly Available
Built for remote signing at scale by supporting millions of transactions per second in clustered setups and with up to 30GB key storage.

Resources

SAM Documentation SAM White Paper