Primus HSM

Primus HSM is a line of Hardware Security Modules (HSMs) from Securosys that generate, store, and use cryptographic keys inside tamper-resistant hardware, keeping private keys isolated from the applications that call them. What distinguishes the line is its partition model: a single CyberVault unit hosts up to 1,000 independent, isolated partitions, letting one appliance serve many tenants or applications, alongside firmware crypto-agility that adds NIST post-quantum algorithms without replacing hardware.

The hardware performs key generation, encryption, signing, and TLS session operations internally, exposing them through PKCS#11, Microsoft CNG, Java (JCE), and REST interfaces so applications never handle raw key material. Models span the entry-level E-Series for PKI key management through X-Series and CyberVault units rated above 50,000 transactions per second, with clustering for geo-redundant high availability. Post-quantum support covers ML-KEM, ML-DSA, SLH-DSA, HSS-LMS, and XMSS, and a hybrid mode pairs classical RSA or ECC keys with post-quantum signatures and key exchange for a phased migration.

Primus HSM is validated to FIPS 140-2 Level 3 (CMVP certificates 4583 and 3430) and certified Common Criteria EAL4+ against the eIDAS protection profile EN 419221-5, with EN 419241-2 qualified server-signing support on firmware 3.1.0. Securosys produces and maintains the HSMs behind the Swiss Interbank Clearing (SIC) payment system under a contract renewed in 2024, and serves financial institutions, trust service providers, and blockchain custodians from offices in Switzerland, Germany, Hong Kong, and the United States.