Securosys Primus E-Series

The E-Series of our Primus HSM is the ideal network HSM for PCi-cards. It offers high performance at an outstanding price. Connecting the devices to existing systems is just as easy as commissioning. They can be used as substitutes for PCIe cards and are available in different performance classes (E20/E60/E150). Easy to setup, configure and maintain, the E-Series can be optionally controlled with our remote access device Decanus.




The E-Series is available in various performance classes: E20, E60 and E150 (number corresponds to RSA-4096 signatures per second). It can be configured via the serial port or over the network with our Decanus remote terminal.


The devices of the E-Series are very versatile. Built as network appliances, they lack the disadvantages of PCIe-based solutions like software dependance of PCIe host systems and the host system itself, which cannot be virtualized. The E-Series is ideally suited to secure financial transactions such as EBICS and PCI, access to the cloud (CASB), key management in the PKI environment, or to protect blockchain systems.


The devices generate encryption keys, store and manage the distribution of these keys. Besides key management, they also perform authentication and encryption tasks. Multiple Primus HSM can be grouped together to support redundancy and load balancing. Each Primus HSM can also be partitioned for multiple users (multi-tenancy). Primus supports symmetric (AES, 3DES), asymmetric (RSA, ECC, Diffie-Hellman), and hashing (SHA-2, SHA-3) cryptographic algorithms. They can be seamlessly and easily integrated into any network environment.



Business advantage

  • Market-leading price-performance ratio
  • HSM Network Appliance as a replacement for PCIe cards
  • Simple setup, configuration, and maintenance
  • Tamper protection during transport, storage, and operation
  • Scalable and flexible partitionable to your needs
  • Designed, developed, and manufactured in Switzerland




Security Features

Security architecture

  • Multilevel security architecture
  • Intern hardware supervision for error-free operations


  • 128- and 256-bit AES (GCM, CTR, ECB, CBC, MAC modes)
  • Camellia, 3DES
  • RSA 1024, 2048, 3072, 4096, 8192
  • ECDSA 256-521, GF(P) arbitrary curves
  • DSA 256-8192
  • Diffie-Hellman 1024, 2048, 4096
  • SHA-2 (256 – 512), SHA-3, SHA-1
  • Upgradeable to quantum computer-resistant algorithms

Key Generation

  • Two hardware true random number generators (TRNG)
  • SP800-90 compatible random number generator

Key Management

  • Key capacity: up to 6 GB
  • Ultra-secure vault for long term keys and certificates (CC EAL 4+ certified root key store)
  • Up to 50 partitions @ 120 MB capacity


  • Unlimited number of backups
  • Number of client connections not restricted

Anti tampering mechanisms

  • Several sensors to detect unauthorized access
  • Active destruction of key material and sensitive data on tamper
  • Transport and multi-year storage tamper protection by digital seal


  • Local firmware update on device or optionally on Decanus remote

Identity based authentication

  • Multiple security officers (2 out of m)
  • Identification based on Smartcard and PIN, using Decanus remote, or through virtual Smartcard



Networking Features

Software Integration

  • JCE/JCA Provider
  • PKCS#11, OpenSSL
  • MS CNG

Network Management

  • IPv4/IPv6
  • Enhanced test functions
  • Event agent

Device Management

  • Configuration, monitoring and logging (syslog, SNMP V2)
  • Integrated logging
  • Firmware update



Technical data

Performance (per second, concurrent)
RSA 4096 ECC 256 ECC 521 AES (Mbit)
E150 150 400 150 180
E60 60 400 60 180
E20 20 400 20 180



  • Power supply:
    • 100 … 240 V AC, 50 … 60 Hz
  • Power dissipation: 30 W (typ) … 50 W (max)
  • Backup lithium battery


  • 4 ethernet RJ-45-ports with1 Gbit/s (rear)
  • RS-232 management port (rear)
  • 1 USB management port (rear)


  • Console interface
  • 4 LEDs for system and interface status (multicolored)
  • Optional remote control Decanus

Environmental test specifications (target)

  • EMV/EMC: EN 55022, EN 55024, FCC Part 15 Class B
  • Safety: IEC 60950


  • Temperature ranges (IEC 60068-2-1 Ad, IEC 60068-2-2 Bd): storage -25…+70 °C; operation 0…+40 °C
  • Humidity (IEC 60068-2-78 Cab): 40 °C, 93% RH, non-condensing
  • MTBF (RIAC-HDBU-217Plus) at tamb=25 °C: 80  000 h
  • Dimensions (w×h×d) 417 x 44 x 365 mm (fits 1HE 19″ EIA standard rack)
  • Weight 5,8 kg


  • FIPS140-2 Level 3 (in evaluation)
  • CC EAL 4+ certified root key storage
  • CE, FCC, UL



Download the Securosys Primus E-Series product brief