HARDWARE SECURITY MODULE
CQ1 Module
1U rack-mount. PKCS#11. CRYSTALS-Kyber-1024. >18K ops/sec.
The hardware layer your post-quantum migration depends on
CQ1 executes CRYSTALS-Kyber-1024 key encapsulation and CRYSTALS-Dilithium-3 digital signatures directly in FPGA fabric. No software fallback. No CPU load. The operations that define post-quantum security happen inside a tamper-evident boundary that meets the physical attack-resistance requirements banks require.
With PKCS#11 and JCA/JCE interfaces, CQ1 accepts connections from existing application stacks without code modification. The cryptographic upgrade is transparent to your middleware.
INTEGRATION
Drops into existing HSM infrastructure
CQ1 was designed as a drop-in replacement for Thales Luna and Entrust nShield form factors. Your application does not need to know it has been upgraded.
PKCS#11 interface
Standard Cryptoki API. Payment rail middleware, HSM management tools, and SWIFT libraries connect without modification.
JCA/JCE provider
Java Cryptography Architecture provider for JVM-based banking platforms. Spring, JBoss, WebLogic — all connect through standard JCE SPI.
PCIe host interface
PCIe Gen3 x4 slot for latency-critical payment authorization workloads. Direct memory-mapped key operation path, no network hop.
Network-attached HSM mode
Dual 10GbE ports for shared-HSM pool topology. Multiple application servers connect to a single CQ1 unit via TLS-secured network interface.