The “sematicon Security and Authentication Module” – in short se.SAM™ – has been especially designed to meet the requirements of industrial, electronic, IoT and IIoT systems, in which stability, robustness and particular easy handling must be the main focus. The se.SAM™ module complies with these demands and enables smooth integration and upgrading of digital security on various platforms. se.SAM™ P-Series Modules are having a miniPCIe interface and are therefore particularly suitable as a digital key for installation in your equipment for retrofitting systems with an integrated miniPCIe interface.
For USB-Devices, our se.SAM™ U-Series is also available. For integration directly on the PCB, we also offer our modules as an integrated circuit for the PCB. You can find information on this under se.SAM™ – Embedded.
Additional se.SAM™ Products
The se.SAM™ N-Series for Networks
• se.SAM™ N200 – The network HSM
• se.SAM™ N200X – The network HSM for the shopfloor
The se.SAM™ U-Series for USB
• se.SAM™ U110 – The easy to use industrial grade USB-Cryptomodule
• se.SAM™ U200 – The USB-Cryptomodule with CC-Certification
se.SAM™ Embedded – Crypto for your new project
Corefunctions of the se.SAM™ P-Series
Keys in hardware
All cryptographic keys are generated in special security hardware – the N200 Crypto Core – and the cryptographic functions are also processed in hardware. Because the keys never reside in the appliance’s storage, outsiders can never obtain the valuable key material. The use of certified hardware secure elements (Secure Elements) prevents side-channel attacks.
Authenticity and protection of data and access
se.SAM™ protects digital secrets comprehensively and prevents unauthorised copying of or access to data. At the same time, source as well as destination of data can be clearly identified and verified. se.SAM™
guarantees protection and authenticity of any kind of data, such as sensor data, measured data and other intellectual property.
Easy integration – fast project success
se.SAM™ provides a wide range of cryptographic security functions on a very limited space, which can be implemented in projects in the simplest possible way and without any additional software. Thus, se.SAM™ is not only perfectly suitable for data protection, but also serves as a tool to ensure a fast and secure project success. In-depth cryptographic expertise is no longer necessary – se.SAM™
takes care of it.
Flexible and platform-independent use
No matter whether the module shall be operated indoors, in the control cabinet or outdoors: se.SAM™ is flexible. A wide temperature range, an extended radio interference suppression as well as waterproof tightness enables the module’s application in all climatic environments. It is fully encapsulated with a special sealing compound resisting mechanical influences and manipulation.
Guarantee security and save costs
se.SAM™ is manufactured exclusively in Germany and supported by all computers and platforms without any additional software. A long-term availability of the module assures additional planning reliability. The very low effort for support and integration reduces operational costs. se.SAM™ is the perfect tool to ensure security, minimise risks and realise cost savings.
The se.SAM™ P210 Cryptomodules
The se.SAM™ P210 Module is module for the miniPCIe Slot. It uses the USB-Pins of the slot. The MiniPCIe interface is found in many industrial PCs and controllers and allows the crypto module to be screwed in securely. Functionally identical and equipped with the same processor as the U210 series, the device can be used for a variety of applications in which a trust anchor is required. This device also registers as a CDC device in the operating system and can be addressed via simple commands. In addition to a variety of algorithms such as NIST, Brainpool and RSA ranular permissions can be assigned to key objects. There is full support for “Secure Manufacturing”, which the device can fully exploit together with an N-Series module. The hardware of the cryptoprocessor as well as its operating system are CC-EAL6+ certified.
The se.SAM™ P210 – simple, universal with extended features and cryptofunctions
- Suitable and tested for industry, IT and office operation
- Long-term availability
- Extreme temperature ranges -40°C to +90°C
- Driverless – “Plug & Play“ – Independent of OS or CPU-Architectures
- No libraries or special software necessary
- Isolated storage areas for protecting cryptographic keys and data
- Cost-efficient integration by short training periods
- Integrated PIN-Management
Technical specifications
Cryptography
- Key storage: 10 symmetric keys and 10 asymmetric key pairs with certificate
- Symmetric algorithms: AES CBC, AES, CTR, AES ECB each with 128 and 256 bit, SHA1-HMAC, SHA256-HMAC, SHA384-HMAC, SHA512-HMAC, CMAC-128
- Asymmetric algorithms: RSA 512 to 4096, ECC-NIST-P/secp192r1 to 521r1, ECC-Brainpool 160 to 512, ECC Koblitz/secp160k1 to 256k1, ECDSA , ECDH
- HASH digest: SHA1, SHA-2-224 bis 512
- Key derivation function: HKDF
- Additional functions: Secure Hardware Counter, “Multi Source True Random Number Generator“, Key-ACLs, Secure Key Exchange, firmware update, which can be disabled, cryptographic self-test, Secure Key Import, Key Usage Counter
Certifications
- Common Criteria EAL6+ (hardware and operating system of the crypto-processor)
- Compliant to EU-directive 2014/32/EU and the WELMEC Software Guide for Measuring Instruments (V7.2, 2015)
Anschluss
- Half-/Full-Size PCI Express Mini Card (USB-Pins)
Module features
- Size (LxWxH): 50,95 x 30 x 3,5 mm or 26,80 x 30 x 3,5 mm
- Weight: up to 25g
- Temperature range: -40°C to +90°C
- Humidity rating: 0% – 100% (without condensation)
- Memory data retention: over 15 years
- Immunity (ESD): 4 kV contacted discharge (Performance Criteria A), 8kV air discharge (Performance Criteria A), EN55024:2010, EN61000-6-2:2005
- Immunity (EMI): 10V/m from 80 MHz to 1 GHz (Performance Criteria A), 3V/m from 1GHz to 2,7 GHz (Performance Criteria A), EN55024:2010, EN61000-6-2:2005
- Emission (EMR): EN55032:2012
- Voltage: 3,3 V (DC)
- Power supply: up to 25 mA (under load)
- EU-directives (CE marking): 2012/19/EU (WEEE),2011/65/EU and 2015(863/EU /RoHS),2014/30/EU (EMC)
The se.SAM™ P220 Cryptomodules
se.SAM™ P220 Serie – The module for time based cryptography The module based on the P210 series but includes an additional very robust and precise real time clock. This enalbes the module to generate temporary keys (ephemeral keys) or to change and syncronize keys – ohne Datenverbindung – on a regular base. In addition, the direct use of a clock enables independent time stamps or the verification of time-based one-time passwords.
The se.SAM™ P220 – simple, universal with extended features and cryptofunctions
- Suitable and tested for industry, IT and office operation
- Long-term availability
- Extreme temperature ranges -40°C to +90°C
- Driverless – “Plug & Play“ – Independent of OS or CPU-Architectures
- No libraries or special software necessary
- Isolated storage areas for protecting cryptographic keys and data
- Cost-efficient integration by short training periods
- Integrated PIN-Management
- Integrated Real-Time-Clock (RTC) for time based crypto features
Integrated clock for dynamic key management
Thanks to the integrated real-time clock, the module is able to create keys independently and keep them synchronised with other modules even without an external power supply or connectivity. Thus, offline verification of one-time passwords (OTP) or certificates is easily possible. The independent real-time clock can of course also be integrated into your individual applications.
Technical specifications
Cryptography
- Key storage: 10 symmetric keys and 10 asymmetric key pairs with certificate
- Symmetric algorithms: AES CBC, AES, CTR, AES ECB each with 128 and 256 bit, SHA1-HMAC, SHA256-HMAC, SHA384-HMAC, SHA512-HMAC, CMAC-128
- Asymmetric algorithms: RSA 512 to 4096, ECC-NIST-P/secp192r1 to 521r1, ECC-Brainpool 160 to 512, ECC Koblitz/secp160k1 to 256k1, ECDSA , ECDH
- HASH digest: SHA1, SHA-2-224 to 512
- Key derivation function: HKDF
- Additional functions: Secure Hardware-Counter, “Multi Source True Random Number Generator“, Key-ACLs, Secure Key Exchange, firmware update, which can be disabled, cryptographic self-test, Secure Key Import, Key Usage Counter, integrated precise real-time clock for automatic key management
Certifications
- Common Criteria EAL6+ (hardware and operating system of the crypto-processor)
- Compliant to EU-directive 2014/32/EU and the WELMEC Software Guide for Measuring Instruments (V7.2, 2015)
Connection
- Full-Size PCI Express Mini Card (USB-Pins)
Module features
- Size (LxWxH): 50,95 x 30 x 6,3 mm
- Weight: up to 35g
- Temperature range: -40°C to +85°C
- Humidity rating: 0% – 100% (without condensation)
- Data memory retention: over 15 years
- Immunity (ESD): 4 kV contacted discharge (Performance Criteria A), 8 kV air discharge (Performance Criteria A), EN55024:2010, EN61000-6-2:2005
- Immunity (EMI): 10V/m from 80 MHz to 1 GHz (Performance Criteria A), 3V/m from 1GHz to 2,7 GHz (Performance Criteria A), EN55024:2010, EN61000-6-2:2005
- Emission (EMR): EN55032:2012
- Accuracy of time: ±1 ppm @ 25°C
- Voltage: 3,3 V (DC)
- Power supply: up to 25 mA (under load)
- EU-directives (CE marking): 2012/19/EU (WEEE), 2011/65/EU and 2015(863/EU /RoHS), 2014/30/EU (EMC)