Content & Service Providers

For Content & Service Providers


For Device Manufacturers


For Middleware Providers


For Semiconductor Manufacturers

Software developers dealing with keys and other secrets often rely on basic protection of these values through simplistic mechanisms such as folder permissions. This leaves these credentials open to an easy hack. In some cases, secrets may have enough value (such as an RSA or ECC private key for e-commerce) that an expensive hardware security module (HSM) needs to be employed. For many applications however, a well-constructed software system designed to hide keys and secrets can be a cost-effective solution. Elliptic offers this capability through the ESS-07: Virtual Security Module (VSM).

Ellipsys-VSM is part of the Ellipsys Trust Framework which is Elliptic’s solution to help device manufactures and system providers protect their product from tampering, cloning, and other threats.

Ellipsys-VSM is a Virtual Security Module (VSM) that offers software based cryptographic services, similar to a Hardware Security Module (HSM), to support a range of solutions for digital identity and transactional security applications. It is a “software smart card” used to secure embedded secrets in software systems and has the capability to manage and protect sensitive information such as keys and credentials for system applications executing on embedded platforms.

Ellipsys-VSM supports a wide range of protected key management services such as secure key generation, storage, archiving, cloning, and secure migration of key material. The solution optionally provides acceleration for public-key operations via Elliptic (CLP-300: Public Key Accelerator) or third party hardware offload engines.

Ellipsys-VSM can work as a standalone solution or in tandem with other Ellipsys Trust Framework companions, such as Ellipsys-Secure Boot (SB) and Ellipsys-Certification Authority (CA).




  • Management and protection of sensitive information like keys and certificates
  • Secure generation, storage , archiving, cloning and migration of key material
  • Highly configurable and flexible architecture
  • Supports industry standards and protocols
  • Support for hardware acceleration and CPU offload
  • Linux and ANSI-C based Builds on generic ARM, PPC, X86 platforms




  • Highly configurable, flexible and reliable
  • NIST CAVP Certified
  • Optimized for size and performance
  • GPL-Free Code
  • Platform/OS agnostic
  • Significantly reduces development cycles
  • Optional support for hardware acceleration and offload for embedded processors



  • Anti-cloning and anti-counterfeiting
  • Anti-tampering
  • Key exchange (IPsec IKE)



Public Key Accelerator

S5 Box