Kryptus’ kNET HSM is a maximum security multi-purpose device designed to provide a high-performance and scalable environment for cryptographic keys storage, management, and operations.

With a FIPS 140 level 3 certification, kNET meets the most demanding security and auditing requirements to eliminate risks and vulnerabilities in data protection and applications critical execution.

fips e icp


• High Performance
• Secure Execution: kNET allows customers to execute their code in a secure environment
• KMIP Protocol: KMIP Server with native support (no external drivers required)
• Virtual HSMs: Realisolation for multi-tenant scenarios

Virtual HSM

High-availability environment ready, kNET has superior performance capabilities and the unique ability to create and run virtual HSMs with true logical isolation in a multi-tenant environment, segregating key sets, users, and applications.

hsm virtual
cloud hsm

Cloud HSM

Kryptus offers HSM as a service through competitive models to enable access to an ultra-secure and scalable infrastructure, regardless of the operation size or need.


knet hsm


Digital Certification / PKI

kNET HSM with ICP-Brazil approval offers high operational performance and secure storage for millions of objects, perfect for Trusted Service Providers.

Learn more in

Database Protection

Use kNET HSM to encrypt large amounts of data and keep the cryptographic keys in an ultra-secure environment, protecting sensitive information even in case of leaks or improper access.

Learn more in


kNET HSM can integrate swiftly with payment solutions and in compliance with PCI standarts.

Learn more in

Time Stamping

kNET HSM is also part of Kryptus Time-Stamping solution, protecting cryptographic keys of the time synchronization and audit system and the time stamp server.

Learn more in


Kryptus’ kNET HSM is capable of protecting and controlling the entire digital certificates’ life cycle in the openbanking process, ensuring traceability and concentrating operations in dedicated cryptographic equipment.


When a kNET HSM is used together with the SSL/TLS protocol in browsers’ communication with servers, it provides a layer of security that is impossible to break.


kNET HSM generates, stores, and processes credentials and cryptographic keys used by IoT devices in their connection, verifying data transmission integrity, managing lifecycle, and securing firmware updates.


Embedded KMIP allows any application – independently of the programming language, operational system, and hardware architecture – to use HSM functions without having to install drivers and libraries. This makes our HSM an ideal alternative for solutions that operate in heterogeneous environments, such as WEB applications and IoT. With KMIP, integration is prompt and more secure as it allows HSM users to use their keys without depending on external middleware.

FIPS is the security requirement established by the standards defined by the US National Institute of Standards and Technology (NIST). It is considered the certification that defines the international standards for cryptographic modules. Kryptus kNET HSM has FIPS 140-2 level 3, which guarantees compliance with PCI and ICP-Brazil standards.

Yes, they are encrypted by a non-exportable master key. This master (unique) key is generated at the HSM fabrication. It is stored in the crypto CPU and there are no methods or interfaces to extract it from there.

The firmware is encrypted and signed. A secure boot process ensures that the firmware being initialized is legit. The verification is based on public keys that are stored in the CPU during equipment production and are unalterable.

kNET HSM is designed to support virtual instances creation of the Physical HSM (PHSM), that is, it can be logically split into multiple HSMs that share the same functionality, but each isolates its operators and data from the others. This means that the HSM administrator (PCO) can set it up to act as if it were several HSMs serving different purposes. Also, each VHSM has its cryptographer(s), so the PCO can delegate the administration of the VHSM and focus only on managing the PHSM.

Yes. Within the PCI PIN security standards, it describes that HSMs with FIPS validation can be used to process payment transactions. The kNET HSM is currently FIPS 140-2 Level 3 certified.


  • Rua Maria Tereza Dias da Silva, 270 - Barão Geraldo - Campinas-SP - Brasil - CEP 13083-820
  • +55 (19) 3112 5000