Tamper Protection />
The tamper-proof, tamper resistance and response are the most important and fundamental difference of the average computer HSMS server as a cryptographic accelerator />
While there are several security standards that are required for the cryptographic module, the most widely accepted (both as customers of choice and government requests) is the NIST FIPS 140-2. />
HSM software APIs />
Below is a list of the most popular cryptography APIs that can be used with hardware modules from different manufacturers. />
RSA-PKCS # 11 API, designed to be platform independent defines a generic interface to the HSMS. Also called "Cryptoki known'/>
JCE / JCA Java Cryptography API />
Microsoft CAPI API for Microsoft IIS, CA and other goods, and NET. />
Microsoft CNG API Microsoft /> The next generation crypto API for Windows Vista from used by IIS, and ADCs.
HSMS can be any application that uses digital keys are used Typically, the key must be of high value - meaning a significant negative impact on the owner of the key. If compromised, the list of applications endless, but some of the basic tools are: />
PKI environment (CA HSMS) />
Older Luna HSMS (PCMCIA)
In the PKI environment, the HSMS usually by all CAS (CAS Certification Authority) and registration authorities (RAS) for the production, storage and handling of key pairs. gives In this case, there should be Some basic properties of a device has more: />
Logical and physical high-level user />
Multi-part authorization scheme (see BLAKLEY-Shamir secret sharing) />
full audit log and trace />
Secure key backup />
Around the PKI, the device is much less important to the performance of both online and offline operations process Registration Authority infrastructure performance bottlenecks represent. />
HSMS Card payment system (Bank HSMS) />
ARX Private Network Attached Server HSM Limited />
function HSMS the card processing system used, these systems are usually less complex than CA HSMS and normally do not have a common API these devices be divided into two classes: .. />
OEM or integrated modules for ATMs and POS terminals: />
enter the PIN to encrypt card />
key to load in protected memory />
approval and personalize modules are available: />
verification of on-line PIN by comparing with a encrypted PIN block />
check related to an ATM controller, credit / debit card transactions through the card security code or by taking the host portion of a transaction processing of EMV based in />
crypto API with a smart card support (eg EMC) />
re-encrypt a PIN block to another host permission to send
supports a management protocol POS ATM network />
support de-facto standards of host-host key | data exchange API />
generate and print a "PIN mailer "/>
generate data for a magnetic stripe card (PVV, CVV) />
build a map keyset and support the smart card personalization
The excellent organization, maintains and discharge standards for HSMS in the banking market is the Payment Card Industry Security Standards Council.
SSL connectivity />
applications where the performance bottleneck is not security should not be forgotten. These applications are usually shown as served as a secure web services using HTTPS (SSL / TLS). In this environment, SSL acceleration HSMS busy . Typical performance figures for the scope of application 50-1000 1024-bit RSA signs / second, although some devices can reach speeds as high as 7,000 operations per second.
DNSSEC
an increasing number of HSMS use the Registry to store key material, sign the large zone file. opendnssec example, a designated DNSSEC signer tool a PKCS # 11 interface HSMS.
/> See also />
Secure crypto processor />
Electronic Funds Transfer />
Public Key Infrastructure />
security token IBM 4764 />
/>
External links Wikimedia Commons has media related to : Hardware Security Module />
Bull Group, CRYPT2pay />
Current NIST FIPS-140-Certificate />
AEP Networks validated FIPS 140-2 Level 4
Thales Group, nCipher product
/> HP Atalla Security />
ARX (Algorithmic Research) - Private Server HSM, FIPS 140-2 Level 3 validated
Utimaco HSM harbor CryptoServer
/> Understanding Security API (an excellent summary of HSMS) />
Category: Cryptographic Hardware | Banking technology Hidden categories All articles with unsourced statements | Articles with unsourced statements from June 2009
