Hardware Security Module (HSM)
Devices dedicated to performing cryptographic functions
Physical device that provides extra security for sensitive data.
Hardware Security Modules/(HSMs), are devices dedicated to performing strong authentication for digital keys, certificate management, provides crypto-processing and calculation of specific values such as card verification values (CVVs) or Personal Identification Numbers (PINs).
Hardware Security Module systems come in different flavors and form factors, and are less susceptible to corruption and system failures. This is because they do not have an operating system and are attached externally to the device they are serving.
The functions of an HSM are:
- Onboard secure cryptographic key generation
- Onboard secure cryptographic key storage.
- Key management
- Use of cryptographic and sensitive data material.
- Offloading application servers for complete asymmetric and symmetric cryptography.
The entire cryptography key lifecycle -- from provisioning, managing, and storing to disposing or archiving the keys -- occurs in the HSM.
The HSMs are either embedded in other hardware, or connected to a server as part of a network, or used as a standalone device offline.
The software and programs may be free, but due to the mission critical nature of the PKI, securely designing, implementing and managing in accordance with standards like CA/Browser Forum needs attention. The deployment of the PKI requires physical and logical security controls, quality of service all the time.