Definition: HSMs (Hardware Security Module) are hardware devices that generate, store and protect cryptographic keys. In addition, they are also responsible for functions such as encryption, decryption, signature and authentication. HSMs are physically separated from their servers and can be found in the cloud (HSM in cloud).
HSMs have become a very important element to protect the confidential data of both an organization and a user. There are two types of HSMs: General Purpose HSM and Financial HSM (also called Payment HSM). In this article, we will explain the differences between them. But to understand the differences, we first need to know what each one consists of.
General Purpose HSM and Financial HSM explained
What is the General Purpose HSM?
General Purpose HSMs are a type of Hardware Security Module that provide general cryptographic commands that return sensitive information to the software application. General Purpose HSMs are very flexible to use, as they can be used in any application that uses cryptographic keys that do not require the additional functions that must be used in the Financial HSM.
General Purpose HSMs comply with numerous safety standards such as these below:
- PCI DSS.
- PCI 3DS (Server 3DS).
- RGPD.
- FISMA, FedRAMP and FICAM.
- eIDAS.
What is the Financial HSM?
The Financial HSM is a Hardware Security Module that has a set of enhanced features that are necessary to comply with payment industry standards. Financial HSMs enforce management under dual control and provide the specific cryptographic commands that are required to ensure that the sensitive information being handled does not go out of the HSM.
The Payment Card Industry Security Standards Council has a number of standards related to payment security. Listed below are the most common uses according to the standards that require the use of financial HSMs such as PCI PTS HSM.
- Security PIN.
- P2PE.
- 3DS (ACS any DS).
- Cards production.
- TSP.
- SPoC.
- CPoC.
Requirements within the listed standards mean that HSMs must provide payment industry-specific functionality.
Differences between the two types of Hardware Security Module
Summing up, the first major difference between the two types of Hardware Security Module is that they have different uses. While the General Purpose HSM is used for digital signatures, to encrypt or decrypt information, to verify and validate digital identity or to generate and custody KPI keys, the Financial HSM can be used to generate, manage and validate the PIN, to recharge the card, to validate the card, user and cryptogram during payment transaction processing, to share keys securely or to issue payment credentials for payment cards and mobile apps.
Another difference is related to cryptographic commands. While the General Purpose HSM offers general cryptographic commands, the Financial HSM offers more specific cryptographic commands so that information does not leave the HSM.
Finally, the security standards met by each one are also different, as we have seen above.
The best HSM solution is at Utimaco
The HSM solution has become one of the best ways to protect all our confidential information. They have multiple advantages, are useful in many sectors and offer unique features. At Utimaco we have the best HSM devices on the market so you can shield your information and be safe on the Internet. If you have any questions, please do not hesitate to contact us. We will be pleased to help you.