sematicon se.SAM™ N200 Crypto Appliance
Keys in hardware for any usecase scenario

By using state-of-the-art technology, the se.SAM™ N200 Crypto Appliance provides comprehensive protection for digital secrets. The device combines numerous cryptographic functions in only one tool – easy to handle and readily understandable. No matter what motivational factor drives your project: the protection of your intellectual property, the authenticity of your data and the immutability of your measurement results or the operation of a PKI or signature application. By using the se.SAM™ N200 Crypto Appliance you are on the safe side.

Hardware security module for flexible use

The se.SAM™ N200 Crypto Appliance not only supports cryptographic IT applications in the field of identity management via public-key-infrastructures (PKI) and code signing, but also the upcoming requirements of the IoT- and IIoT operations as well as secure industrial production.

Further se.SAM™ products

Thee se.SAM™ U-Series

se.SAM™ U110 – the easiest solution for USB
se.SAM™ U200 – more functionality and CC-certified processor

The se.SAM™ P-Series

se.SAM™ P210 – the module for the miniPCIe-interface
se.SAM™ P220 – the module for temporary keys

Specifications

se.SAM N200 Crypto Appliance - Frontansicht

N200: 230V PSU, PS/2 Keyboard, 4x USB, 2x Gigabit Ethernet, VGA connection, expansion port for 10-Gigabit-Ethernet (n.a.)

se.SAM N200X Industrial

N200X:  2x Gigabit Ethernet. 4x USB, 24V DC Power

The interfaces of the se.SAM™ N200 Crypto Appliance

RESTful JSON API – complete REST-API with GET and POST API via http as well as https

TCP RAW-API – quick and easy TCP API, usable in any programming language

Node-REDse.SAM™ HSM Node for cryptography in Node-RED

Optional interfaces:

Microsoft KSP – Key Storage Provider for Windows 8.1/10, Server 2012R2/2016/2019

PKCS#11 – Cryptoki v2.40 for Windows and Linux

OpenSSL – OpenSSL Interface for Linux OpenSSL 1.1.x

N200 Appliance

  • Standard 1HE rack-appliance (437 x 287 x 43 mm)
  • 4 GB RAM, 120 GB SSD, max. 30 W
  • 2 Gigabit Ethernet ports, 802.1q VLAN support
  • Cluster-capable (active-active)
  • Integrated backup function

N200X Appliance for manufacturing

  • Industrial appliance (150 x 105 x 53 mm, 900g)
  • 4 GB RAM, 120 GB SSD
  • 2 Gigabit Ethernet ports, 802.1q VLAN support
  • Cluster-capable (active-active)
  • Integrated backup function
  • Top-hat rails (DIN-Rail) mounting-kit
  • Temperature: -25°C until +40°C (+65°C with airflow)
  • Green-IT max. 30W

API interfaces

  • RESTful JSON API (PUT, POST)
  • TCP RAW API
  • Node-Red
  • Key Storage Provider (KSP)
  • OpenSSL / PKCS#11 (Win, Linux)

Cryptography

  • 2 x N200 Crypto Cores, CC EAL 6+ certified
    to Secure-Processor-OS-Level
  • Hash: MD5, SHA1, SHA-256, SHA-384, SHA-512
  • AES: 128, 192, 256 bit
  • RSA: 512, 1024, 2048, 4096 bit
  • ECC NIST: 192, 224, 256, 384, 512 bit
  • ECC Koblitz: 160, 192, 224, 256 bit
  • ECC Brainpool: 160, 192, 224, 256, 320, 384, 512 bit
  • Multi Source True Random Number Generator
  • Licence key generator
  • Key derivation: HKDF, Key Derivation Functions
  • Secure-Hardware-Counter

Every se.SAM™ N200 Crypto Appliance contains a hardware-crypto-module of the N200 Crypto Core. This is a high-performance security module featuring two physically separated EAL 6+ certified crypto-coprocessors, which can be configured independently of each other. This approach is ideal for cryptographically separated applications or for displaying a variety of production and test keys.

In addition to the generation of RSA and ECC keys, the N200 Crypto Core also provides for secure-hardware-counters, i.e. for secure manufacturing applications, as well as a multi-source True Random Number Generator and various key derivation functions.

se.SAM N200 Modul

Every se.SAM™ N200 Crypto Appliance contains a hardware-crypto-module of the N200 Crypto Core. This is a high-performance security module featuring two physically separated EAL 6+ certified crypto-coprocessors, which can be configured independently of each other. This approach is ideal for cryptographically separated applications or for displaying a variety of production and test keys.

In addition to the generation of RSA and ECC keys, the N200 Crypto Core also provides for secure-hardware-counters, i.e. for secure manufacturing applications, as well as a multi-source True Random Number Generator and various key derivation functions.

Do you need information about the API commands?

Sending the REST-API command from se.SAM™ N200 Crypto Appliance

Core functions

Keys in hardware – all cryptographic keys are generated in special security hardware – the N200 Crypto Core – and the cryptographic functions are also processed in hardware. Because the keys never reside in the appliance’s storage, outsiders can never obtain the valuable key material. The use of certified hardware secure elements (Secure Elements) prevents side-channel attacks.

Multi Core Function – all integrated crypto modules dispose of two independent crypto cores. At the beginning of the operation process, these can be initialised differently in order to separate the test and production environments cryptographically, for instance. If both cores are configured identically, it is possible to run the crypto operations with parallel computing power.

Modern Admin-GUI – the intuitive GUI comes with a flexible and role-based administration concept in order to manage the built-in crypto-modules, a user management featuring Active Directory and LDAP integration, a key management with multi-level life-cycle-management and a flexible authorisation management for crypto-functions per user.

Flexible authorisation management – for adequate protection of key usage, a bottom-up authorisation concept has been implemented: permissions per core, permissions per keys and counter, PIN-authorisation, key-authorisation, functional permission management, application authentication per IP-address, user name + password, API key or MFA. Moreover, a life cycle management starting from creation to deletion is available for all keys.

Integrated cluster function – multiple appliance nodes can be configured to form a cluster with equal permissions and rights. Henceforth, all nodes synchronise all keys, credentials and authorisation rules using an encrypted connection. For special applications, newly generated keys are synchronised immediately to all cluster nodes before their first use. This function is highly recommendable for the employment of a key management system and as a high-availability cluster.

Fully automated backup – in addition to the synchronisation of all keys across cluster nodes, the appliance performs a daily and fully automated backup via e-mail interface and HTTPS interface.  The backup includes all keys as well as user data, permissions and basic configurations. With the backup, any node can be restored within only a few minutes.

Unlimited keys and clients – the number of keys, counters, users, accesses etc. is not limited and restricted only by the crypto coprocessor’s memory and speed. With the se.SAM™ N200 Crypto Appliance, you do not need any expensive partition activations, client licences, keys or performance upgrades. The appliance’s entire crypto power is always available.

Test the se.SAM™ Crypto Appliance according to your requirements!

 

Secure cryptography has never been so easy!

If you are interested in the HSM* you can test the se.SAM™ N200 Crypto Appliance free of charge and without any commitment:

  • se.SAM N200 Crypto Appliance as Cloud Instance with an N200 Core
  • complete access to the Admin-GUI and the management console
  • all API methods are usable: RESTful/JSON API, TCP-interface, KSP, PKCS#11, etc.
  • you can generate and use any number of keys you like
  • complete user manual with numerous crypto examples
  • free of charge and without any commitment for 30 days

* This offer is directed to companies and their current requirement to use an HSM and/or keys in hardware. Due to resource reasons, we might have to decline other test requests.

se.SAM™ N200 Crypto Appliance

 

se.SAM™ N200 Crypto Appliance
HSM Appliance with two crypto-cores, 2 GBit NICs, 19″, cluster-capable

se.SAM N200X Industrial Appliance

se.SAM™ N200X Industrial Crypto Appliance
HSM Appliance with two crypto-cores suitable for industrial use, 2 GBit NICs, cluster-capable, top-hat rail mounting

se.SAM™ N200 Crypto Appliance Bundles

 

se.SAM™ N200 PKI Bundle
HSM Appliance incl. KSP middleware, installation fee

se.SAM™ N200 PKCS11/OpenSSL Bundle
HSM Appliance incl. PKCS#11/OpenSSL middleware, support package

se.SAM™ N200 Code Signing Bundle
HSM Appliance for extended validation (EV) Code Signing

se.SAM™ N200 HA Cluster Bundle
HSM Appliance (2x), cluster configuration as high-availability cluster

se.SAM™ N200 Integrator Bundle
HSM Appliance plus 2 pcs se.SAM™ P200 Crypto Module, support package

Secure Coding Basics Video Michael Walser sematicon AG 2021Secure Coding Basics Video Michael Walser sematicon AG 2021

Mastering Windows Code Signing – Standard vs. EV Certificates

Windows device drivers must be protected using strongest EV certificates. Otherwise, these drivers are not accepted by the operating system. Furthermore, Windows SmartScreen-filter in Windows 10 warns for software packages and executables not signed by an EV code signing certificate. But what exactly are EV code signing certificates and what is the difference to standard code signing certificates?
HSM-Safe (Credentials, Personal Data, Business Secrets, Finance Data)

Keys in hardware: encryption using an HSM

Häufig müssen vertrauliche Informationen, z.B. personenbezogene Daten, Zugangsdaten, Finanzdaten oder Firmengeheimnissen, in Server- oder Cloud-Anwendungen verschlüsselt abgespeichert werden