Technologies

What is a Hardware Security Module (HSM)?

Definition: A hardware security module (HSM) is a ‘trusted’ physical computing device that provides extra security for sensitive data. This device creates, provides, protects and manages cryptographic keys for functions such as encryption and decryption and authentication for the use of applications, identities and databases.

Discover Utimaco’s HSM portfolio here.

Explanation

Hardware Security Module (HSM) explained

A hardware security module is a tamper and intrusion-resistant, highly-trusted physical device that performs all major cryptographic operations, including encryption, decryption, authentication, key management and key exchange. The sole purpose of an HSM is to conceal and protect cryptographic data. They have a robust operating system and restricted network access via a firewall. HSMs need to comply with a range of standards and regulations, which include the following:

An HSM is a ‘trusted’ device because it:

  • Is built on top of specialized hardware. In special laboratories, the hardware has been thoroughly tested and certified
  • Has a security-focused operating system
  • Has restricted access through a network interface that is strictly governed by internal rules
  • Actively hides and protects cryptographic data.

HSMs can be found in smart cards, dedicated cards found in hardware (cryptographic cards), portable devices, self-contained devices (appliances), IoT devices installed on site, hosted, or offered as a cloud service (HSM-as-a-Service).

There are two main types of Hardware Security Module:

1. General Purpose

General Purpose HSMs can utilize the most common encryption algorithms, such as PKCS#11, CAPI, CNG as well as other common algorithms, which are mainly used with Public Key Infrastructures to safe-guard digital keys and certificates (which protect PKI from being breached), crypto-wallets, and other basic sensitive data.

2. Payment & Transaction

A Payment HSM is used primarily by the banking industry for the protection of payment transactions which include:

  • the use of PIN (generation, management, validation and translation of the PIN Block in transactions carried out at POS and ATMs)
  • the protection of electronic fund transfers (EFT)
  • the generation of data for magnetic strips and EMV chips in card production and personalization processes
  • the processing of payment transactions with debit and credit cards
  • the validation of cards, users and cryptograms during payment transaction processing
  • Payment credential issuing for payment cards and mobile applications

Payment HSMs generally provide cryptographic support for most card brands' payment applications, and their interconnection interfaces are usually more limited than those of general-purpose HSMs.

Benefits of using HSMs

Hardware Security Modules have a number of benefits including:

  • Tamper-resistant, tamper-evident, and tamper-proof systems to provide extremely secure physical systems
  • Providing the highest level of security for sensitive data and cryptographic keys on the market
  • Meeting security standards and regulations
  • Cryptographic key lifecycle tasks can be automated quickly and efficiently
  • Cryptographic keys are stored in a single location rather than in multiple locations.

Being a physical device with a powerful operating system and limited network access, makes an HSM the "Root of Trust" in an organization's security infrastructure.

Solutions

Solutions

Blog posts

Blog posts

blog-how-to-select-an-hsm
Blog post

How to select an HSM vendor

As the choice of HSMs is dependent on the specific application it is used for, we make some general recommendations by providing a list of potential criteria to take into account, irrespective of what you intend to use it for.
digital icons presenting money
Blog post

Understanding the Role of Hardware Security Modules in Credit Card-Based Payment and Retail Banking

Most standard card payment systems utilize what is called the “Four Corners” model. This model relies on the secure environments provided by HSMs to protect the numerous cryptographic keys and cryptographic operations.
a machine with icons around
Blog post

Understanding the Role of Hardware Security Modules in Digital Identities for Machines

Humans are not the only ones that need the security of a digital identity. Machines used in digital transactions are a target for hackers, necessitating the protection that digital identities provide for all stakeholders in order to prevent security breaches.
cloud icon
Blog post

Understanding the Role of Hardware Security Modules in the Hybrid Cloud

More businesses have come to rely on the use of public cloud environments as these environments have been proven to provide more security than typical on-premises data centers. However, it is essential that businesses keep data that is migrating between their data centers and the cloud secure at all times.
somebody is clicking on the phone
Blog post

Understanding the Role of Hardware Security Modules in Public Key Infrastructure (PKI)

Public key infrastructure protects communications between users and website servers. The underlying Hardware Security Modules are the root of trust which protect PKI from being breached.
digital avatar
Blog post

Understanding the Role of Hardware Security Modules in Digital Identities for Humans

eIDAS created standards for trust services to ensure that digital identities, including those for humans remain secure. Here we will examine the role that HSMs play in securing digital identities for humans.
ABI Research awards
Blog post

Utimaco named the Overall Leader and Top Implementer in the HSM Market by ABI Research

The latest Hardware Security Module, OEM competitive assessment by global technology intelligence firm ABI Research, announced Utimaco as the overall leader in the HSM market.
Related products

Related products

Contact us

We look forward to answering your questions.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

      About Utimaco's Downloads

      Visit our Downloads section and select from resources such as brochures, data sheets, white papers and much more. You can view and save almost all of them directly (by clicking the download button).

      For some documents, your e-mail address needs to be verified. The button contains an e-mail icon.

      Download via e-mail

       

      A click on such a button opens an online form which we kindly ask you to fill and submit. You can collect several downloads of this type and receive the links via e-mail by simply submitting one form for all of them. Your current collection is empty.