SafeNet HSM

Keyon and Gemalto have a close partnership. The two companies have implemented a number of strategic projects for its customers and launched pioneering solutions in the field of IT security.

The hardware security module (HSM) is a hardware module for secure generation, storage and management of keys or passwords. Administrative processes can be distributed to several people. All critical operations, such as encryption, resp. decryption of data occurs within the HSM. Standardized interfaces allow easy integration into your infrastructure.

The main HSMs are listed below.

Keyon is platinum partner of Gemalto and we assist you with the planning, integration, and support of Gemalto's SafeNet Hardware Security Modules.

Overview HSM


SafeNet Network HSM - Network-attached HSM server

The SafeNet Network HSM from Gemalto is the comprehensive solution for safe, centralized generation, storage and management of sensitive cryptographic keys and passwords. The FIPS 140-2 Level 3 certification guarantees maximum security. The network-compatible HSM provides centralized administration and can be integrated simply and inexpensively in large server environments. The solution is scalable and meets the highest demands on availability. The administration is role-based and allows the formation of personal unions (e.g. four-eye principle).


SafeNet Java HSM - Secure environment for JAVA applications

The SafeNet Java HSM from Gemalto is a programmable application server based on the SafeNet Network HSM. It provides a secure platform for the implementation of web applications and services as well as Java applications, which place high demands on the trustworthiness, as a combination of a safe standardized application server platform with a dedicated hardware security module (HSM). The SafeNet Java HSM from Gemalto application server is specifically safeguarded and optimized in order to take advantage of the integrated HSM and its specific hardware features.


Keyon-Luna SA Monitor Service

The Keyon-Luna SA Monitor Service provides the following functionality:

  • Monitor all physical Luna SA partitions that are combined in a virtual partition in the High Availability (HA) mode
  • Availability and allocation of private keys and certificates

Keyon-Luna SA / PSE - Key migration from CSP to KSP

Microsoft PKI can be set up with a cryptographic service provider (CSP) or now also with a key storage provider (KSP). The new KSP is future-oriented, flexible in handling and supports new algorithms such as SHA-256 or ECC-DSA.

With Keyon’s CSP2KSP Migration-Tool can Microsoft PKI keys, which have been generated with Gemalto/SafeNet CSP, be made accessible via the Gemalto/SafeNet KSP. For example, a Microsoft 2003 PKI, which was set up with a Luna SA 4, can easily and securely be migrated to a Microsoft 2012 PKI with Luna SA 5, using the existing PKI keys. So does a migration using the Gemalto/SafeNet Protect Server family work. The CSP2KSP migration tool from Keyon extends the functionality of Gemalto/SafeNet's ksputil.exe.

CA Migration

Key pairs generated directly with a PKCS#11 interface and not with Gemalto/SafeNet CSP or KSP, can be made visible with the CSP2KSP Migration-Tool for KSP, so that e.g., a Microsoft PKI with an existing key and certificate can be installed into an existing, non-Microsoft PKI.

Business Continuity Planning

Key pairs generated with the Microsoft PKI using the KSP are only visible to the respective host. With Keyon’s CSP2KSP Migration-Tool can host names that are assigned to a PKI key be edited and managed. For example, a new or additional PKI server can simply and securely be set up, who then can use the key pairs in the HSM, even if the old server is no longer available.


SafeNet ProtectServer External 2

The ProtectServer External 2 is a low cost HSM with FIPS 140-2 Level 3 certification. The HSM is integrated over the network to the server environments and is available in three different speed settings (number of signatures per second). It has a simple key backup and restore mechanism based on smart cards. Various API allow for easy integration into applications.


SafeNet PCIe HSM

The SafeNet PCIe HSM is a cost-effective and powerful HSM with FIPS 140-2 Level 3 and Common Criteria EAL 4 + certification. An administrator may authenticate himself via an external PIN Entry Device (PED) towards the Luna PCI HSM and thus does not rely on commercial keyboards or displays.


ProtectV -Security Solutions for Microsoft Azure

SafeNet ProtectV secures data on Microsoft Azure by encrypting entire virtual machine instances and attached storage volumes to ensure complete isolation of data and separation of duties. This enables enterprises across many verticals, including major financial institutions and governments to securely migrate even the most sensitive and highly regulated data to Microsoft Azure.