top of page

Secure Your Future

FIPS 140-3 Level 3 USB Hardware Security Module

AegisPQC-HSM: Portable Quantum-Safe Root of Trust

The AegisPQC-HSM USB is a portable hardware security module implementing all three NIST-standardized post-quantum cryptography algorithms in a compact USB 3.2 Gen 2 form factor. Designed for secure key generation, storage, and cryptographic operations, it combines the power of our AegisPQC-Lite chip with secure key storage, tamper detection, and FIPS 140-3 Level 3 certification.

Secure Your Identity in a Post-Quantum World

The AegisPQC-HSM USB brings the security of a full-scale hardware security module to a compact, portable form factor. Powered by the AegisPQC-Lite core, it provides a dedicated environment where private keys are generated, stored, and used—never leaving the hardware.

Request Quote

Technical Documentation

Get PKCS#11 Drivers

Why Choose AegisPQC-HSM?
True Hardware Isolation

Private keys are locked behind a physical barrier, protected by a hardware-based PUF (Physical Unclonable Function).

NIST Standardized

Native acceleration for FIPS 203 (ML-KEM), 204 (ML-DSA), and 205 (SLH-DSA).

Tamper-Reactive

Internal sensors detect physical intrusion, voltage glitching, or extreme temperatures, triggering an immediate zeroization of all sensitive data.

Internal Architecture

At the heart of the device is a sophisticated multi-layered architecture that separates the external USB communication from the internal cryptographic operations.

Component Breakdown
1. AegisPQC-Lite Core

Handles the heavy lifting of NTT-based and Hash-based cryptography at 800 MHz.

2. Secure Microcontroller

A dedicated RISC-V core acts as the gatekeeper, managing the PKCS protocol stacks and secure boot.

3. Encrypted Key Storage

16 MB to 64 MB of AES-256-GCM encrypted flash, capable of storing up to 16,000+ keys.

Security: FIPS 140-3 Level 3 Implementation

We don't just protect against hackers; we protect against physical theft and lab-grade side-channel attacks.

  • Tamper Mesh: A fine-wire mesh embedded in the PCB detects any attempt to drill or probe the circuit.

  • PUF Identity: The device's master encryption key is derived from the unique physical characteristics of the silicon, making it impossible to "clone" the device.

  • Active Zeroization: In the event of a breach, the device wipes its internal SRAM and destroys the flash decryption keys in under 10 microseconds.

Application Use Cases

1. Secure Code Signing

Protect your software supply chain. Signing keys remain on the HSM, ensuring that even if your build server is compromised, your signing authority remains secure.

2. Archival Document Signing

Use SLH-DSA for documents that require 50-year validity. The hash-based nature of SLH-DSA makes it the most stable long-term signature standard available.

3. Remote Admin Authentication

Replace vulnerable password-based logins with hardware-backed ML-DSA authentication for SSH and VPN access.

Ready to Secure Your Data?

Contact us to see the available dates and discuss about the features or customization.

Request Bulk Quote

Contact Us

bottom of page