| CC | Common Criteria (CC) certification, an international recognized security standard for IT products. |
| Clone | A static duplicate of a Master device. Used for load balancing and fail-safe operation (High Availability) |
| Decanus | A tamper proof terminal used for remote administration of Primus HSM devices, single Partitions, and Imunes TEE devices. |
| Digital Seal | Cryptographic method used to ensure integrity of the device during transport or storage. The seal is broken through tampering, zeroization or factory default. It may be renewed, and its value displayed on the HSMs front panel. |
| exFAT | Extensible File Allocation Table, a file system introduced by Microsoft, optimized for large flash memory, and supporting large file sizes. |
| FAT32 | File Allocation Table, a file system supporting storage devices up to 2 TB with maximum file size of 4 GB. |
| FIPS | Federal Information Processing Standard, developed by U.S. government for computer systems. |
| FW | Firmware installed on a hardware appliance (e.g. for Primus HSM) |
| GDPR | General Data Protection Regulation, an European Union law that governs the way in which personal data can be used, processed and stored |
| Genesis | Pre-management role, required to set up the Primus HSM. |
| Genesis Card | Pre-programmed card used to authenticate the Genesis role. The PIN is either fixed or defined once using an Activation Code during initial setup and cannot be changed afterward. |
| HA | High Availability Mode, a cluster of Master and Clone devices which keep themselves synchronized. In this mode, a Clone is a dynamic duplicate of the Master with continuous data replication. Used for load balancing and fail-safe operation. |
| HSM User | User of a logical HSM Partition (also referred to as “Partition”). |
| HTTP | Hypertext Transfer Protocol, a protocol for transferring data between clients and servers over the network, typically on port 80. |
| KBA | Knowledge Based Article, a support document available on the Securosys Support Portal. |
| KEK - Key Encryption Key | Key used to wrap (encrypt) all user keys. It is deleted in case of tampering or zeroization operation. |
| PA – Partition Administration | Role to manage a Partition on Primus HSM with an appropriate license installed, remotely via Decanus Terminal. |
| PA: Management Password | A one-time password used to pair the Partition Security Officer via the Decanus Terminal using the Partition Administration application. It provides initial authentication, confidentiality, and authorization to retrieve the permanent Management Secret. |
| PA: Management Secret | Long-term security credential used to authenticate, protect, and authorize access for Partition management (PSO) via the Decanus Terminal’s Partition Administration application. |
| PAU – Partition Auditor | Role to audit a Partition on Primus HSMs with an appropriate license installed, remotely via Decanus Terminal. Partition Auditor corresponds mainly to Partition administration with read-only rights (except card handling). |
| PAU: Audit Password | A one-time password used to pair the Partition Auditor via the Decanus Terminal using the Partition Administration application. It provides initial authentication, confidentiality, and authorization to retrieve the permanent Audit Secret. |
| PAU: Audit Secret | Long-term security credential used to authenticate, protect, and authorize access for Partition audit (PAU) via the Decanus Terminal’s Partition Administration application. |
| Primus HSM | Generic term for Securosys Hardware Security Module concerning all series except it is explicitly differentiated by symbols or words. |
| PSO - Partition Security Officer | Management role to manage a single Partition. The role can be split across multiple operators (shares). |
| PSU | Power Supply Unit |
| REP - Restore Encryption PIN | PIN required to restore a device backup on a new device. |
| SAM | Signature Activation Module |
| Setup Password | A short-lived temporary credential used to pair Client API access to a specific Partition. It provides initial authentication, confidentiality, and authorization to retrieve the permanent User Secret. |
| SFP, SFP+ | Enhanced Small Form-factor Pluggable, a compact network interface module supporting data rates up to 10Gbps (Ethernet). |
| SIEM | Security Information and Event Management, a system that aggregates and analyzes security event data in real-time for threat monitoring and response. |
| SKA (EKA) | Smart Key Authorization (or Extended Key Authorization), a policy-based mechanism that allows binding specific policies to keys. |
| SO - Security Officer | A management role responsible for enforcing security policies and access controls on an HSM. The role is divided among multiple officers (m-out-of-n). Activation requires authentication by at least two officers (2-of-n). |
| DSO - Device Security Officer | Device Security Officer, Security Officer registered on the specific HSM. |
| MSO - Master Security Officer | Master Security Officer, represents the DSOs of the master HSM in a cluster and is only shown in the diagnostics of a clone. |
| SO Card | Card programmable by means of the Primus HSM. Multiple Cards are used for the SO role. PINs may be changed. |
| timestamp | Filename timestamp in the format of YYMMDD-hhmmss |
| UG | Abbreviation for Securosys User Guide |
| USB Device | Single volume FAT-32 formatted storage device with USB2.0 interface |
| User Secret | Long-term security credential used to authenticate, protect, and authorize Client API access to a specific user (Partition). |
| v2.8.21+ | Firmware version, the appended plus sign indicates a specific firmware version including all successor versions, e.g. v2.8.21, v2.8.22, … |
| WebDAV | Web-based Distributed Authoring and Versioning, an HTTP extension to allow bidirectional file management through a web server. |
| XML | Extensible Markup Language, defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. Format used for HSM configuration, user creation and attestation files. |