By using state-of-the-art technology, the se.SAM™ N200 Crypto Appliance provides comprehensive protection for digital secrets. The device combines numerous cryptographic functions in only one tool – easy to handle and readily understandable. No matter what motivational factor drives your project: the protection of your intellectual property, the authenticity of your data and the immutability of your measurement results or the operation of a PKI or signature application. By using the se.SAM™ N200 Crypto Appliance you are on the safe side.
Hardware security module for flexible use
The se.SAM™ N200 Crypto Appliance not only supports cryptographic IT applications in the field of identity management via public-key-infrastructures (PKI) and code signing, but also the upcoming requirements of the IoT- and IIoT operations as well as secure industrial production.
The interfaces of the se.SAM™ N200 Crypto Appliance
- RESTful JSON API – complete REST-API with GET and POST API via http as well as https
- TCP RAW-API – quick and easy TCP API, usable in any programming language
- Node-RED – se.SAM™ HSM Node for cryptography in Node-RED
Optional interfaces:
- Microsoft KSP – Key Storage Provider for Windows 8.1/10, Server 2012R2/2016/2019
- PKCS#11 – Cryptoki v2.40 for Windows and Linux
- OpenSSL – OpenSSL Interface for Linux OpenSSL 1.1.x
Core functions
Keys in hardware – all cryptographic keys are generated in special security hardware – the N200 Crypto Core – and the cryptographic functions are also processed in hardware. Because the keys never reside in the appliance’s storage, outsiders can never obtain the valuable key material. The use of certified hardware secure elements (Secure Elements) prevents side-channel attacks.
Multi Core Function – all integrated crypto modules dispose of two independent crypto cores. At the beginning of the operation process, these can be initialised differently in order to separate the test and production environments cryptographically, for instance. If both cores are configured identically, it is possible to run the crypto operations with parallel computing power.
Modern Admin-GUI – the intuitive GUI comes with a flexible and role-based administration concept in order to manage the built-in crypto-modules, a user management featuring Active Directory and LDAP integration, a key management with multi-level life-cycle-management and a flexible authorisation management for crypto-functions per user.
Flexible authorisation management – for adequate protection of key usage, a bottom-up authorisation concept has been implemented: permissions per core, permissions per keys and counter, PIN-authorisation, key-authorisation, functional permission management, application authentication per IP-address, user name + password, API key or MFA. Moreover, a life cycle management starting from creation to deletion is available for all keys.
Integrated cluster function – multiple appliance nodes can be configured to form a cluster with equal permissions and rights. Henceforth, all nodes synchronise all keys, credentials and authorisation rules using an encrypted connection. For special applications, newly generated keys are synchronised immediately to all cluster nodes before their first use. This function is highly recommendable for the employment of a key management system and as a high-availability cluster.
Fully automated backup – in addition to the synchronisation of all keys across cluster nodes, the appliance performs a daily and fully automated backup via e-mail interface and HTTPS interface. The backup includes all keys as well as user data, permissions and basic configurations. With the backup, any node can be restored within only a few minutes.
