sematicon se.SAM™ P210 & P220 miniPCIe Cryptomodules – Keys in Hardware for the Industry

The “sematicon Security and Authentication Module” – in short se.SAM™ – has been especially designed to meet the requirements of industrial, electronic, IoT and IIoT systems, in which stability, robustness and particular easy handling must be the main focus. The se.SAM™ module complies with these demands and enables smooth integration and upgrading of digital security on various platforms. se.SAM™ P-Series Modules are having a miniPCIe interface and are therefore particularly suitable as a digital key for installation in your equipment for retrofitting systems with an integrated miniPCIe interface.

For USB-Devices, our se.SAM™ U-Series is also available. For integration directly on the PCB, we also offer our modules as an integrated circuit for the PCB. You can find information on this under se.SAM™ – Embedded.

Additional se.SAM™ Products

The se.SAM™ N-Series for Networks

se.SAM™ N200 – The network HSM

se.SAM™ N200X – The network HSM for the shopfloor

The se.SAM™ U-Series for USB

se.SAM™ U110 – The easy to use industrial grade USB-Cryptomodule

se.SAM™ U200 – The USB-Cryptomodule with CC-Certification

Corefunctions of the se.SAM™ P-Series

Keys in hardware

All cryptographic keys are generated in special security hardware – the N200 Crypto Core – and the cryptographic functions are also processed in hardware. Because the keys never reside in the appliance’s storage, outsiders can never obtain the valuable key material. The use of certified hardware secure elements (Secure Elements) prevents side-channel attacks.

Authenticity and protection of data and access

se.SAM™ protects digital secrets comprehensively and prevents unauthorised copying of or access to data. At the same time, source as well as destination of data can be clearly identified and verified. se.SAM™
guarantees protection and authenticity of any kind of data, such as sensor data, measured data and other intellectual property.

Easy integration – fast project success

se.SAM™ provides a wide range of cryptographic security functions on a very limited space, which can be implemented in projects in the simplest possible way and without any additional software. Thus, se.SAM™ is not only perfectly suitable for data protection, but also serves as a tool to ensure a fast and secure project success. In-depth cryptographic expertise is no longer necessary – se.SAM™
takes care of it.

Flexible and platform-independent use

No matter whether the module shall be operated indoors, in the control cabinet or outdoors: se.SAM™ is flexible. A wide temperature range, an extended radio interference suppression as well as waterproof tightness enables the module’s application in all climatic environments. It is fully encapsulated with a special sealing compound resisting mechanical influences and manipulation.

Guarantee security and save costs

se.SAM™ is manufactured exclusively in Germany and supported by all computers and platforms without any additional software. A long-term availability of the module assures additional planning reliability. The very low effort for support and integration reduces operational costs. se.SAM™ is the perfect tool to ensure security, minimise risks and realise cost savings.

The se.SAM™ P210 Cryptomodules

The se.SAM™ P210 Module is module for the miniPCIe Slot. It uses the USB-Pins of the slot. The MiniPCIe interface is found in many industrial PCs and controllers and allows the crypto module to be screwed in securely. Functionally identical and equipped with the same processor as the U210 series, the device can be used for a variety of applications in which a trust anchor is required. This device also registers as a CDC device in the operating system and can be addressed via simple commands. In addition to a variety of algorithms such as NIST, Brainpool and RSA ranular permissions can be assigned to key objects. There is full support for “Secure Manufacturing”, which the device can fully exploit together with an N-Series module. The hardware of the cryptoprocessor as well as its operating system are CC-EAL6+ certified.

se.SAM Krypto Module - P110 Serie

The se.SAM™ P210 – simple, universal with extended features and cryptofunctions

  • Suitable and tested for industry, IT and office operation
  • Long-term availability
  • Extreme temperature ranges -40°C to +90°C
  • Driverless – “Plug & Play“ – Independent of OS or CPU-Architectures
  • No libraries or special software necessary
  • Isolated storage areas for protecting cryptographic keys and data
  • Cost-efficient integration by short training periods
  • Integrated PIN-Management

Anwendungsbeispiel

Siemens IoT2050 Connector

Technical specifications

Cryptography

  • Key storage: 10 symmetric keys and 10 asymmetric key pairs with certificate
  • Symmetric algorithms: AES CBC, AES, CTR, AES ECB each with 128 and 256 bit, SHA1-HMAC, SHA256-HMAC, SHA384-HMAC, SHA512-HMAC, CMAC-128
  • Asymmetric algorithms: RSA 512 to 4096, ECC-NIST-P/secp192r1 to 521r1, ECC-Brainpool 160 to 512, ECC Koblitz/secp160k1 to 256k1, ECDSA , ECDH
  • HASH digest: SHA1, SHA-2-224 bis 512
  • Key derivation function: HKDF
  • Additional functions: Secure Hardware Counter, “Multi Source True Random Number Generator“, Key-ACLs, Secure Key Exchange, firmware update, which can be disabled, cryptographic self-test, Secure Key Import, Key Usage Counter

Certifications

  • Common Criteria EAL6+ (hardware and operating system of the crypto-processor)
  • Compliant to EU-directive 2014/32/EU and the WELMEC Software Guide for Measuring Instruments (V7.2, 2015)

Anschluss

  • Half-/Full-Size PCI Express Mini Card (USB-Pins)

Module features

  • Size (LxWxH): 50,95 x 30 x 3,5 mm or 26,80 x 30 x 3,5 mm
  • Weight: up to 25g
  • Temperature range: -40°C to +90°C
  • Humidity rating: 0% – 100% (without condensation)
  • Memory data retention: over 15 years
  • Immunity (ESD): 4 kV contacted discharge (Performance Criteria A), 8kV air discharge (Performance Criteria A), EN55024:2010, EN61000-6-2:2005
  • Immunity (EMI): 10V/m from 80 MHz to 1 GHz (Performance Criteria A), 3V/m from 1GHz to 2,7 GHz (Performance Criteria A), EN55024:2010, EN61000-6-2:2005
  • Emission (EMR): EN55032:2012
  • Voltage: 3,3 V (DC)
  • Power supply: up to 25 mA (under load)
  • EU-directives (CE marking): 2012/19/EU (WEEE),2011/65/EU and 2015(863/EU /RoHS),2014/30/EU (EMC)

The se.SAM™ P220 Cryptomodules

se.SAM™ P220 Serie – The module for time based cryptography The module based on the P210 series but includes an additional very robust and precise real time clock. This enalbes the module to generate temporary keys (ephemeral keys) or to change and syncronize keys – ohne Datenverbindung – on a regular base. In addition, the direct use of a clock enables independent time stamps or the verification of time-based one-time passwords.

se.SAM Krypto Module - P210 Serie

The se.SAM™ P220 – simple, universal with extended features and cryptofunctions

  • Suitable and tested for industry, IT and office operation
  • Long-term availability
  • Extreme temperature ranges -40°C to +90°C
  • Driverless – “Plug & Play“ – Independent of OS or CPU-Architectures
  • No libraries or special software necessary
  • Isolated storage areas for protecting cryptographic keys and data
  • Cost-efficient integration by short training periods
  • Integrated PIN-Management
  • Integrated Real-Time-Clock (RTC) for time based crypto features

Integrated clock for dynamic key management

Thanks to the integrated real-time clock, the module is able to create keys independently and keep them synchronised with other modules even without an external power supply or connectivity. Thus, offline verification of one-time passwords (OTP) or certificates is easily possible. The independent real-time clock can of course also be integrated into your individual applications.

Technical specifications

Cryptography

  • Key storage: 10 symmetric keys and 10 asymmetric key pairs with certificate
  • Symmetric algorithms: AES CBC, AES, CTR, AES ECB each with 128 and 256 bit, SHA1-HMAC, SHA256-HMAC, SHA384-HMAC, SHA512-HMAC, CMAC-128
  • Asymmetric algorithms: RSA 512 to 4096, ECC-NIST-P/secp192r1 to 521r1, ECC-Brainpool 160 to 512, ECC Koblitz/secp160k1 to 256k1, ECDSA , ECDH
  • HASH digest: SHA1, SHA-2-224 to 512
  • Key derivation function: HKDF
  • Additional functions: Secure Hardware-Counter, “Multi Source True Random Number Generator“, Key-ACLs, Secure Key Exchange, firmware update, which can be disabled, cryptographic self-test, Secure Key Import, Key Usage Counter, integrated precise real-time clock for automatic key management

Certifications

  • Common Criteria EAL6+ (hardware and operating system of the crypto-processor)
  • Compliant to EU-directive 2014/32/EU and the WELMEC Software Guide for Measuring Instruments (V7.2, 2015)

Connection

  • Full-Size PCI Express Mini Card (USB-Pins)

Module features

  • Size (LxWxH): 50,95 x 30 x 6,3 mm
  • Weight: up to 35g
  • Temperature range: -40°C to +85°C
  • Humidity rating: 0% – 100% (without condensation)
  • Data memory retention: over 15 years
  • Immunity (ESD): 4 kV contacted discharge (Performance Criteria A), 8 kV air discharge (Performance Criteria A), EN55024:2010, EN61000-6-2:2005
  • Immunity (EMI): 10V/m from 80 MHz to 1 GHz (Performance Criteria A), 3V/m from 1GHz to 2,7 GHz (Performance Criteria A), EN55024:2010, EN61000-6-2:2005
  • Emission (EMR): EN55032:2012
  • Accuracy of time: ±1 ppm @ 25°C
  • Voltage: 3,3 V (DC)
  • Power supply: up to 25 mA (under load)
  • EU-directives (CE marking): 2012/19/EU (WEEE), 2011/65/EU and 2015(863/EU /RoHS), 2014/30/EU (EMC)

Do you need more information about our Module?

Get the Command Manual of the se.SAM™ P-Series

P-Series Manual Request

    Plase select the desired module
Secure Coding Basics Video Michael Walser sematicon AG 2021Secure Coding Basics Video Michael Walser sematicon AG 2021

Mastering Windows Code Signing – Standard vs. EV Certificates

Windows device drivers must be protected using strongest EV certificates. Otherwise, these drivers are not accepted by the operating system. Furthermore, Windows SmartScreen-filter in Windows 10 warns for software packages and executables not signed by an EV code signing certificate. But what exactly are EV code signing certificates and what is the difference to standard code signing certificates?
HSM-Safe (Credentials, Personal Data, Business Secrets, Finance Data)

Keys in hardware: encryption using an HSM

Häufig müssen vertrauliche Informationen, z.B. personenbezogene Daten, Zugangsdaten, Finanzdaten oder Firmengeheimnissen, in Server- oder Cloud-Anwendungen verschlüsselt abgespeichert werden