single box connector

Telematics infrastructure - Highly secure access

for practices, pharmacies, other service providers and smaller medical facilities

Advantages of the secunet one-box connector

Approved and certified

The secunet konnektor with the e-health firmware (PTV3) is approved by gematik and certified by the BSI in accordance with the protection profiles BSI-CC-PP-0097-V2-2020 and BSI-CC-PP-0098-V2-2020. The conformity of the secunet connector's specialist modules with the technical guidelines BSI TR-03155 (specialist module AMTS) and BSI TR-03154 (specialist module NFDM) has been confirmed by the BSI.


The secunet one-box connector is approved for 50 card terminals. An extension of the licence is possible. In order to maintain the guaranteed performance level, we recommend the use of 25 card readers.

Investment- & future-proof

Due to its modular design, the connector can be expanded to include additional applications and uses. We offer a two-year warranty (extendable up to five years).

Time-saving commissioning

Commissioning is extremely simple: using predefined configuration data from the practice or pharmacy, the one-box connector can be installed quickly and easily.

Simple operation

Thanks to its remote management, the one-box connector is easy to operate - and users also receive support.


Technical Data


  • Working memory: 8 GB
  • Hard disk SSD: 16 GB
  • Processor: Intel® N4200
  • Number of cores (processor): 4 cores
  • Passive cooling without fan
  • Dimensions (length x width x height in mm): approx. 250 x 180 x 70
  • Weight: approx. 900 g

Scope of delivery:

  • Modular connector
  • External power supply AC plug-in power supply 220V and power cable
  • Safety supplement Reception and testing
  • Safety sheet Installation and commissioning
  • CD/DVD user manual as PDF
The solution for large medical facilities

Uncomplicated connection to the telematics infrastructure

Here you can download the Notes and Checkpoints for End Users version 1.7.

The SHA-256 hash value to check the integrity is:

Below we provide you with tools for administrative support.
Please refer to the operating manual as well as the current errata of the operating instructions.

Here you can download the response generator in version 1.0.0.

The SHA-256 hash value to check the integrity is:

Here you can download the CE declaration of the single box connector.

Upon request to the following address, we will send the complete versions of the source codes of the included open source software components to the desired delivery address:

secunet Security Networks AG
Project Connector
Kurfürstenstrasse 58
45138 Essen
E-mail: project.connector(at)

This offer is valid for 3 years from receipt.

In the case of postal delivery, shipping costs may apply.

Questions and hints

As of the release of product type version 4.1.3 (ePA connector), the "auto updates" function is supported. If this function is activated in the connector, any software updates that are available are automatically downloaded from the connector and installed automatically.

For more information about the Auto Update function, refer to the manual.

Below you will find the auto-update parameters defined for the releases:

Which firmware versions are approved for productive use on the secunet konnektor 2.0.0 (one-box connector)?

The manufacturer recommends updating the one-box connectors to the current firmware (see table).

Further details on the approvals for online productive operation can be found on the gematik specialist portal at

The following firmware versions are only intended for the PTV4 field test:

Product type: PTV4
Product version: 4.0.10:2.0.0
Approval status: Approval exists only for a Friendly User Test
End of approval: 15.01.2021

Who should I contact if I have any questions about connecting and operating the secunet connector?

  • Please contact your service provider/supplier of the TI components (e.g. practice or pharmacy management system manufacturer).


Who should I contact if I have technical questions about the device?

  • As a user, please contact your service provider/supplier of the TI components (e.g. practice or pharmacy management system manufacturer).
  • secunet partners/customers please direct their questions to: konnektor(a)

The certificate, certification report, security requirements, and IT security certification profile information can be viewed here.

According to BSI requirements, the deployment environment must protect the connector from unintentional physical access:

  • Installation only within a personnel-operated area or a non-public operating room (e.g., regular location of the physician/practice operator).
  • It must be possible to detect theft or manipulation of the connector in good time.

Commissioning the secunet konnektor is extremely simple: The device can be configured quickly and efficiently using configuration data created in advance. This individual configuration data is recorded in practice by a service technician (DVO) during the initial appointment.

There are several ways to purchase. Please contact us at

The secunet connector is also offered to partners as a single component.
It is usually offered by our partners in a bundle with the necessary components card reader and access service.

The secunet connector supports all PVS systems available on the market. The smooth interaction between the connector and other components such as the practice management systems and readers is continuously tested in our test laboratories. Since the configuration and interface description for the connection of PVS and connector are specified by gematik, the changed local conditions can be implemented as quickly as possible even if a PVS is changed. Please clarify the details of this first with the PVS provider of your choice (the status of the approval of the practice management system providers can be viewed on the gematik homepage). This will enable you to plan a possible system changeover with all parties involved at an early stage.

In principle, our connector can be operated with all practice management systems (also from CGM). Enquiries regarding the distribution of our connector to practices with practice management software that do not currently have contracts with "My Access Service" will be considered separately. We therefore pass on enquiries with the aim of connecting a PVS solution from CGM to our contractual partner for clarification of possible sales and installation steps. A conclusive statement cannot be made at this point. 

Detailed installation and operating instructions can be found further up on this website in the section "Technical data and notes". Operating instructions with further information on the connector and commissioning can also be found at the top of this website.

The connector is splash-proof and must not be placed in direct sunlight. To protect it from unauthorised access, it can also be operated permanently in a locked cabinet. When doing so, ensure sufficient ventilation and avoid additional heat sources (e.g. radiators under the installation location).

The type of Internet access is of secondary importance with regard to functionality, so that all existing access media (DSL/fibre optic/cable/LTE) can continue to be used. Fundamental to the functionality is the performance provided by the internet connection. The performance of the connection can be determined within the scope of the on-site check; alternatively, an online test can be carried out to roughly determine the general performance (e.g. via Please understand that we can only give a general statement on the general conditions and cannot consider the individual access situation at this point. For clarification regarding the individual access situation, please contact your technology partner (this is usually the manufacturer of the practice management system) or, if necessary, your personal system administrator or IT technician.

In the run-up to the installation, the service technician (DVO) needs the technical parameters for configuring your practice for connection to the telematics infrastructure. From experience, this information can be provided by your network engineer/IT administrator - usually also by your PVS provider.
Why do we need this info? We want to make the installation process as fast as possible and without friction. For this purpose, it is recommended to make some presettings in the connector so that the preconfigured secunet connector supports the installation process per se. 

According to the gematik specification, the secunet connector can be integrated into the practice network both serially and in parallel. The individual options with the associated general conditions are described below:

  • Serial connection: In the case of a serial connection, the gematik specifications stipulate exclusive communication via the VPN access service. This means that access to systems outside the telematics infrastructure is only possible via secure Internet access. The practice network is connected via the LAN port of the connector, which itself is connected to the Internet gateway via the existing WAN port. This connection variant is shown as an example in the animation at the top of this page.

  • Parallel connection: In the case of parallel connection, access to the telematics infrastructure takes place via the connector, and any non-TI relevant services are forwarded through the connector. This enables parallel operation of TI access and Internet services outside the TI. The connector is connected exclusively via the LAN port of the connector (e.g., at the shared switch); the WAN port is deactivated in this configuration.

Yes, the secunet connector is designed to be multi-client capable. The respective service providers (up to ten BTRS according to gematik specification) can be managed individually in the administration of the secunet konnektor, just like the respective card terminals.

The one-box connector is licensed for at least 45 card terminals. The license is valid for 50 card terminals and is extendable.In order to guarantee that the performance level is maintained, it should be discussed in advance with the technical service manager what number is to be considered reasonable. We recommend the use of 25 card readers per connector.

The data center connector is licensed for at least 50 card terminals. The license is valid for 50 card terminals per computing unit, consequently for 100 card terminals in total. An extension of the license is possible.
In order to guarantee that the performance level is maintained, it should be discussed in advance with the technical service manager what number is to be considered reasonable. We recommend the use of 50 card readers per connector.

Delivery and installation are performed by an on-site service provider (DVO) whose use and schedule can be arranged with your practice management system vendor.

The network configuration of your practice takes only a few minutes and in less than an hour the online connection of your practice and thus the unrestricted practice workflow is possible again. The on-site technician will make the final technical settings on your systems without affecting the work on your practice management system or the reading in of patient data. The entire installation process takes 1-2 hours depending on the nature of your practice (group practice, group practice, individual practice, etc.) as well as the scope of training of the practice staff.

The secunet connector is designed for continuous operation. However, if it is to be disconnected from the power supply for a longer period of time at your request (practice holidays, etc.), the connector can be switched off using the power switch. Please note: If the connector is not switched on, the network connection through the connector is not available.

An optionally available wall bracket can be used for uncomplicated wall mounting of the secunet connector. This can be ordered from your contract partner and also serves as a drilling template for preparing the installation. 

The secunet konnektor has a web interface for the purpose of configuration and management. As part of our quality assurance process, a testing process based on the Google Chrome browser is currently established; we will be happy to inform you of the currently used version if required. Access via browsers of other manufacturers is not explicitly excluded by us, but due to the large number of products and versions, we cannot currently guarantee full functionality.

It is not necessary to log in to the secunet konnektor when starting the system.

The Face-2-Face and online training courses are primarily aimed at DVOs or staff of the PVS houses who carry out the installation and configuration of the connector, VPN connection service, reader and PVS in the practice.
To register for online training/certification, please contact the manufacturer of your practice management system. Your PVS provider will send your request with all relevant details to our contractual partner, who is responsible for implementing the online training. From there you will be activated for the online training and receive all further information.

With the introduction of the telematics infrastructure, the Secure Network of KVs (SNK) will be connected to the TI.
Online billing as an application in the SNK will thus be accessible via the TI connector in future (cf. KBV practice information January 2018, section: SECURE NETWORK REMAINS).
Please coordinate the exact details regarding the accessibility of the SNK and the applications of the SNK with the KBV or the local KV (cf. also KVH Telegram No. 48 of 08.02.2018, date for mandatory online billing via SNK to be postponed to 1 January 2019).