Primus HSM

A Hardware Security Module generates, stores, and manages access to encryption keys, digital identities (certificates), and digital assets. Rather than storing this critical information just somewhere on your network server or on a cloud server the HSM securely locks them away. Any transaction using these keys have to be executed inside the HSM. So, even if your network is breached and your files are accessed, the most critical information, your digital identities and assets, your certificates, and your encryption keys are protected.

Typical use cases for the Securosys Primus HSM:

  • PKI and Digital Signature: Securing the keys and certificates of PKI (Private Key Infrastructure) systems such as Microsoft CA/PKI, PrimeKey EJBCA, Entrust PKI, and SwissPKI.
  • Securing Cloud Access with CASB (Cloud Access Security Broker) using Centraya and online document sharing platforms like SecureSafe from DSwiss.
  • Blockchain and Crypto Currency Platforms: Protecting wallets and Cryptos like Bitcoin, Ethereum, Ripple, IOTA as well as permissioned blockchain nodes and systems like Corda from R3 and Hyperledger, in particular with the Securosys Transaction Security Broker. See also Securosys Primus Blockchain HSM.
  • Key management: Securing the keys of encryption key management systems like Fornetix.
The Securosys Primus HSM is offered in the following versions:

Primus E-Series: The Primus E-Series HSM is the ideal solution for small, cost sensitive system without sacrificing functionality nor usability. Often used to replace cumbersome PCI-e card HSMs it offers high performance at an outstanding price. It is available in three performance classes (E20/E60/E150) and has up to 50 partitions of 120MB each. An upgrade to the higher performance X-Series is always possible. Connecting the devices to existing systems is just as easy as commissioning. It is easy to setup, configure and maintain.

Primus X-Series: The Primus X-Series HSM is available in four different performance classes (X200/X400/X700/X1000). It can store over 1 million keys in 120 partitions of 240MB each and is capable to perform over 1200 RSA-4096 signatures per second. It is a secure and tamper-proof network security appliance. The Primus X-Series are ideally suited to fulfill the highest requirements in high availability systems. Multiple HSMs can be grouped together as clusters across different datacenters, countries, or even continents to provide load balancing and fail-over. In addition, each unit is equipped with two redundant hot pluggable power supplies (AC or DC).

CloudsHSM: Instead of operating the Primus HSM by yourself on premise or in your data center, CloudsHSM offers you the option of HSM as a Service (HSMaaS). CloudsHSM is a hardware security module (HSM) cloud service. It allows users to generate encryption keys, use them and store them securely without having to worry about time-consuming things like evaluation, setup, maintenance and updating their own HSM. Instead experienced experts from Securosys take care of it.

Decanus Terminal: Decanus allows easy and cost-effective management of your HSMs without compromising security. The Remote Control Terminal allows you to manage up to 64 Primus HSMs in different locations worldwide. Decanus connects securely to your HSM over the network (TCP/IP, AES 256). It offers the functionality of the Primus HSM front panel on a touch screen display. Most configuration, management and control tasks can be performed without visiting multiple data centers. It can also be used to manage only one partition on the Primus HSM without the need to turn on or trust the HSM administration. This way an organization can meet the strictest security policies by allowing each business application and unit to fully control its secure keystore.

The Securosys Primus HSM are connected to the applications using either the JCE/JCA, MS CNG, or PKCS#11 interfaces. Alternatively, a REST API via the Securosys Transaction Security Broker can be used.