Securosys is a Swiss company designing and producing hardware and software cryptographic systems that secure the digital infrastructure. Securosys Primus Hardware Security Modules (HSM) secure digital keys used in relation with banking transactions, identity and access management, digital signature, key management, and much more. Combined with the Transaction Security Broker it allows to build systems based on multi-authorization that will match the highest enterprise standards for security, compliance and flexibility. In addition, the Imunes Trusted Execution Environment (TEE) allows for secure execution of programs like policy engines, whitelisting services, etc. The Securosys portfolio offered by Group International is complemented with the Centurion Network Encryptors that secure point-to-point and multi-point layer-2 and layer-3 networks.
Securosys products are developed and manufactured in Switzerland and with vested European partners using a trusted supply chain. Securosys Primus HSM protect over $100B in daily transactions on the Swiss Banking system SIC operated by SIX under the supervision of the Swiss National Bank (SNB).
Group International is an official reseller/partner for Securosys. Securosys – Be Digital. Be Secure.
Securosys Primus HSM (Hardware Security Module):
A Hardware Security Module generates, stores, and manages access to encryption keys, digital identities (certificates), and digital assets. Rather than storing this critical information just somewhere on your network server or on a cloud server the HSM securely locks them away. Any transaction using these keys have to be executed inside the HSM. So, even if your network is breached and your files are accessed, the most critical information, your digital identities and assets, your certificates, and your encryption keys are protected.
Typical use cases for the Securosys Primus HSM:
- PKI and Digital Signature: Securing the keys and certificates of PKI (Private Key Infrastructure) systems such as Microsoft CA/PKI, PrimeKey EJBCA, Entrust PKI, and SwissPKI.
- Securing Cloud Access with CASB (Cloud Access Security Broker) using Centraya and online document sharing platforms like SecureSafe from DSwiss.
- Blockchain and Crypto Currency Platforms: Protecting wallets and Cryptos like Bitcoin, Ethereum, Ripple, IOTA as well as permissioned blockchain nodes and systems like Corda from R3 and Hyperledger, in particular with the Securosys Transaction Security Broker. See also Securosys Primus Blockchain HSM.
- Key management: Securing the keys of encryption key management systems like Fornetix.
The Securosys Primus HSM is offered in the following versions:
- Primus X-Series: The Primus X-Series HSM is available in four different performance classes (X200/X400/X700/X1000). It can store over 1 million keys in 120 partitions of 240MB each and is capable to perform over 1200 RSA-4096 signatures per second. It is a secure and tamper-proof network security appliance. The Primus X-Series are ideally suited to fulfill the highest requirements in high availability systems. Multiple HSMs can be grouped together as clusters across different datacenters, countries, or even continents to provide load balancing and fail-over. In addition, each unit is equipped with two redundant hot pluggable power supplies (AC or DC).
- Primus E-Series: The Primus E-Series HSM is the ideal solution for small, cost sensitive system without sacrificing functionality nor usability. Often used to replace cumbersome PCI-e card HSMs it offers high performance at an outstanding price. It is available in three performance classes (E20/E60/E150) and has up to 50 partitions of 120MB each. An upgrade to the higher performance X-Series is always possible. Connecting the devices to existing systems is just as easy as commissioning. It is easy to setup, configure and maintain.
- CloudsHSM: Instead of operating the Primus HSM by yourself on premise or in your data center, CloudsHSM offers you the option of HSM as a Service (HSMaaS). CloudsHSM is a hardware security module (HSM) cloud service. It allows users to generate encryption keys, use them and store them securely without having to worry about time-consuming things like evaluation, setup, maintenance and updating their own HSM. Instead experienced experts from Securosys take care of it.
- Decanus Terminal: Decanus allows easy and cost-effective management of your HSMs without compromising security. The Remote Control Terminal allows you to manage up to 64 Primus HSMs in different locations worldwide. Decanus connects securely to your HSM over the network (TCP/IP, AES 256). It offers the functionality of the Primus HSM front panel on a touch screen display. Most configuration, management and control tasks can be performed without visiting multiple data centers. It can also be used to manage only one partition on the Primus HSM without the need to turn on or trust the HSM administration. This way an organization can meet the strictest security policies by allowing each business application and unit to fully control its secure keystore.
The Securosys Primus HSM are connected to the applications using either the JCE/JCA, MS CNG, or PKCS#11 interfaces. Alternatively, a REST API via the Securosys Transaction Security Broker can be used.
Transaction Security Broker (TSB):
Storing of keys in an HSM is just the start. One has to make sure that they can only be used by adhering to certain rules attached to every key. This makes it impossible for corrupted or hacked applications (or admins) to use the keys, dramatically reducing the risk of having your assets stolen. The Securosys Primus HSM supports adding such rules securely inside the HSM. The feature is named “Smart Key Attributes” (SKA) and can be used for a wide application spectrum, including – but not limited to – for digital signature services according to eIDAS, authorization of blockchain transactions, and much more.
To make the implementation of SKA’s easier, the Securosys Transaction Security Broker provides a REST API and internal state management. It is a standalone engine, which connects to an external database instance and integrates the SKA-enabled Securosys Primus HSM – and is thus uncritical for security, since all security relevant operations are carried out in the HSM.
The TSB can also be used without SKA to provide a REST API for the Securosys Primus HSM.
Imunes Trusted Execution Environment (TEE):
The basic concept of a Securosys Imunes TEE is to execute code securely. This entails to have a mechanism to securely load code, protect code from alteration and extends to protecting the processed data and its output. A TEE must be able to prove, that a certain output was generated form a specific input, when that specific piece of code was executed. Therefore, a TEE acts similar to a notary that attest real world processes or facts. In the digital world attestation can be performed using digital signatures.
Typical applications of TEE are policy engines, automated workflows, code that needs to be protected and isolated from malicious malware.
Centurion Network Encryptor:
Using the Centurion Network Encryptors, you can easily and cost-effectively secure broadband communications. It is the securest way to connect two or more sites. Through its native support of Ethernet and IP Centurion is ideal as a layer-2 encryptor but can also operate on layer-3 carrier Ethernet, MPLS and IP networks in any configuration: link, point-to-point, point-to-multipoint or mesh. No network reconfiguring nor sacrificing performance is required. Simple use case range from a point to point setup to connect headquarters to its datacenter and expand to complex multi-site systems connecting hundreds of sites. Using the proven, industry standard 256 bit AES algorithm with symmetrical AES-GCM authentication combined with true random number generators with quantum effects results in the securest solution for any communications system. Centurion Network Encryptors operate at bandwidths from 100Mbit/s to 100Gbit/s.