Advantages of the secunet one-box connector
The secunet konnektor with the e-health firmware (PTV3) is approved by gematik and certified by the BSI in accordance with the protection profiles BSI-CC-PP-0097-V2-2020 and BSI-CC-PP-0098-V2-2020. The conformity of the secunet connector's specialist modules with the technical guidelines BSI TR-03155 (specialist module AMTS) and BSI TR-03154 (specialist module NFDM) has been confirmed by the BSI.
The secunet one-box connector is approved for 50 card terminals. An extension of the licence is possible. In order to maintain the guaranteed performance level, we recommend the use of 25 card readers.
Due to its modular design, the connector can be expanded to include additional applications and uses. We offer a two-year warranty (extendable up to five years).
Commissioning is extremely simple: using predefined configuration data from the practice or pharmacy, the one-box connector can be installed quickly and easily.
Thanks to its remote management, the one-box connector is easy to operate - and users also receive support.
Technical Data
- Working memory: 8 GB
- Hard disk SSD: 16 GB
- Processor: Intel® N4200
- Number of cores (processor): 4 cores
- Passive cooling without fan
- Dimensions (length x width x height in mm): approx. 250 x 180 x 70
- Weight: approx. 900 g
Scope of delivery:
- Modular connector
- External power supply AC plug-in power supply 220V and power cable
- Safety supplement Reception and testing
- Safety sheet Installation and commissioning
- CD/DVD user manual as PDF

Tools, instructions and test points
Operating instructions
Notes and test points connector end user version 1.7
Here you can download the Notes and Checkpoints for End Users version 1.7.
The SHA-256 hash value to check the integrity is:
6A36278EB9E99C4266E030CC607894E1
2F30E81B049975C78C266577FC14A615
secunet connector response generator version 1.0.0
Below we provide you with tools for administrative support.
Please refer to the operating manual as well as the current errata of the operating instructions.
Here you can download the response generator in version 1.0.0.
The SHA-256 hash value to check the integrity is:
377A2E8CDE900F6C42BFB8303EA88264
CCBC88255BBBA3D4835E51263A771953
Single box connector CE declaration
Here you can download the CE declaration of the single box connector.
Current firmware and release notes
History: Firmware and Release Notes
Open source software
Upon request to the following address, we will send the complete versions of the source codes of the included open source software components to the desired delivery address:
secunet Security Networks AG
Project Connector
Kurfürstenstrasse 58
45138 Essen
E-mail: project.connector(at)secunet.com
This offer is valid for 3 years from receipt.
In the case of postal delivery, shipping costs may apply.
How are the auto-update parameters of the respective releases set?
As of the release of product type version 4.1.3 (ePA connector), the "auto updates" function is supported. If this function is activated in the connector, any software updates that are available are automatically downloaded from the connector and installed automatically.
For more information about the Auto Update function, refer to the manual.
Below you will find the auto-update parameters defined for the releases:
Which firmware versions are permitted?
Which firmware versions are approved for productive use on the secunet konnektor 2.0.0 (one-box connector)?
The manufacturer recommends updating the one-box connectors to the current firmware (see table).
Further details on the approvals for online productive operation can be found on the gematik specialist portal at fachportal.gematik.de.
Which firmware versions are approved for the PTV- 4 field test?
Which firmware versions are approved for the PTV- 3 field test?
Who is my contact person at secunet konnektor?
Who should I contact if I have any questions about connecting and operating the secunet connector?
- Please contact your service provider/supplier of the TI components (e.g. practice or pharmacy management system manufacturer).
Who should I contact if I have technical questions about the device?
- As a user, please contact your service provider/supplier of the TI components (e.g. practice or pharmacy management system manufacturer).
- secunet partners/customers please direct their questions to: konnektor(a)secunet.com.
Where can I view the BSI certification documents?
The certificate, certification report, security requirements, and IT security certification profile information can be viewed here.
Where can I find safety instructions for the operating environment?
According to BSI requirements, the deployment environment must protect the connector from unintentional physical access:
- Installation only within a personnel-operated area or a non-public operating room (e.g., regular location of the physician/practice operator).
- It must be possible to detect theft or manipulation of the connector in good time.
The installation - really fast and convenient?
How can I obtain the secunet connector?
Can I also purchase the connector as a single component?
Which practice management systems are supported by the secunet connector?
The secunet connector supports all PVS systems available on the market. The smooth interaction between the connector and other components such as the practice management systems and readers is continuously tested in our test laboratories. Since the configuration and interface description for the connection of PVS and connector are specified by gematik, the changed local conditions can be implemented as quickly as possible even if a PVS is changed. Please clarify the details of this first with the PVS provider of your choice (the status of the approval of the practice management system providers can be viewed on the gematik homepage). This will enable you to plan a possible system changeover with all parties involved at an early stage.
Can I also obtain the secunet connector with a PVS system from CGM?
In principle, our connector can be operated with all practice management systems (also from CGM). Enquiries regarding the distribution of our connector to practices with practice management software that do not currently have contracts with "My Access Service" will be considered separately. We therefore pass on enquiries with the aim of connecting a PVS solution from CGM to our contractual partner for clarification of possible sales and installation steps. A conclusive statement cannot be made at this point.
Are there any installation or operating instructions for the secunet connector?
Detailed installation and operating instructions can be found further up on this website in the section "Technical data and notes". Operating instructions with further information on the connector and commissioning can also be found at the top of this website.
The connector is splash-proof and must not be placed in direct sunlight. To protect it from unauthorised access, it can also be operated permanently in a locked cabinet. When doing so, ensure sufficient ventilation and avoid additional heat sources (e.g. radiators under the installation location).
Is a specific internet connection necessary for the operation of the secunet connector?
The type of Internet access is of secondary importance with regard to functionality, so that all existing access media (DSL/fibre optic/cable/LTE) can continue to be used. Fundamental to the functionality is the performance provided by the internet connection. The performance of the connection can be determined within the scope of the on-site check; alternatively, an online test can be carried out to roughly determine the general performance (e.g. via www.wieistmeineip.de/speedtest/). Please understand that we can only give a general statement on the general conditions and cannot consider the individual access situation at this point. For clarification regarding the individual access situation, please contact your technology partner (this is usually the manufacturer of the practice management system) or, if necessary, your personal system administrator or IT technician.
Are there any preparations to be made before commissioning the secunet connector?
In the run-up to the installation, the service technician (DVO) needs the technical parameters for configuring your practice for connection to the telematics infrastructure. From experience, this information can be provided by your network engineer/IT administrator - usually also by your PVS provider.
Why do we need this info? We want to make the installation process as fast as possible and without friction. For this purpose, it is recommended to make some presettings in the connector so that the preconfigured secunet connector supports the installation process per se.
How is the secunet connector integrated into my network?
According to the gematik specification, the secunet connector can be integrated into the practice network both serially and in parallel. The individual options with the associated general conditions are described below:
Serial connection: In the case of a serial connection, the gematik specifications stipulate exclusive communication via the VPN access service. This means that access to systems outside the telematics infrastructure is only possible via secure Internet access. The practice network is connected via the LAN port of the connector, which itself is connected to the Internet gateway via the existing WAN port. This connection variant is shown as an example in the animation at the top of this page.
Parallel connection: In the case of parallel connection, access to the telematics infrastructure takes place via the connector, and any non-TI relevant services are forwarded through the connector. This enables parallel operation of TI access and Internet services outside the TI. The connector is connected exclusively via the LAN port of the connector (e.g., at the shared switch); the WAN port is deactivated in this configuration.
Can several service providers use one secunet connector?
How many card reader terminals can be used in the practice network with the secunet connector?
The one-box connector is licensed for at least 45 card terminals. The license is valid for 50 card terminals and is extendable.In order to guarantee that the performance level is maintained, it should be discussed in advance with the technical service manager what number is to be considered reasonable. We recommend the use of 25 card readers per connector.
The data center connector is licensed for at least 50 card terminals. The license is valid for 50 card terminals per computing unit, consequently for 100 card terminals in total. An extension of the license is possible.
In order to guarantee that the performance level is maintained, it should be discussed in advance with the technical service manager what number is to be considered reasonable. We recommend the use of 50 card readers per connector.
Who integrates the secunet connector into my practice network?
How much time is needed to install the secunet connector?
The network configuration of your practice takes only a few minutes and in less than an hour the online connection of your practice and thus the unrestricted practice workflow is possible again. The on-site technician will make the final technical settings on your systems without affecting the work on your practice management system or the reading in of patient data. The entire installation process takes 1-2 hours depending on the nature of your practice (group practice, group practice, individual practice, etc.) as well as the scope of training of the practice staff.
Can the secunet connector be switched off when not in use?
The secunet connector is designed for continuous operation. However, if it is to be disconnected from the power supply for a longer period of time at your request (practice holidays, etc.), the connector can be switched off using the power switch. Please note: If the connector is not switched on, the network connection through the connector is not available.
Can the secunet connector be mounted on the wall to save space?
Which browser can be used to access the secunet connector?
The secunet konnektor has a web interface for the purpose of configuration and management. As part of our quality assurance process, a testing process based on the Google Chrome browser is currently established; we will be happy to inform you of the currently used version if required. Access via browsers of other manufacturers is not explicitly excluded by us, but due to the large number of products and versions, we cannot currently guarantee full functionality.
Do I have to log on to the secunet connector when I start the system?
How do I get training material on the secunet connector?
The Face-2-Face and online training courses are primarily aimed at DVOs or staff of the PVS houses who carry out the installation and configuration of the connector, VPN connection service, reader and PVS in the practice.
To register for online training/certification, please contact the manufacturer of your practice management system. Your PVS provider will send your request with all relevant details to our contractual partner, who is responsible for implementing the online training. From there you will be activated for the online training and receive all further information.
Is the Safe-Net connection to the KV for quarterly billing also integrated in the connector?
With the introduction of the telematics infrastructure, the Secure Network of KVs (SNK) will be connected to the TI.
Online billing as an application in the SNK will thus be accessible via the TI connector in future (cf. KBV practice information January 2018, section: SECURE NETWORK REMAINS).
Please coordinate the exact details regarding the accessibility of the SNK and the applications of the SNK with the KBV or the local KV (cf. also KVH Telegram No. 48 of 08.02.2018, date for mandatory online billing via SNK to be postponed to 1 January 2019).