Hardware Security Module

A Hardware Security Module (often abbreviated to HSM, also often called a Host
Security Module) is a plug-in card (PCI) or external device
(RS232/SCSI/IP/USB/PCMCIA) for a general purpose computer and may even be an
embedded system itself.

The job of the HSM is to securely generate and/or store long term secrets for use in
cryptography and physically protect the access to and use of those secrets over time.
Generally these are private keys used in Public-key cryptography; some HSMs also
allow for hardware protection of symmetric keys.

Many HSM systems have a means to securely backup the keys either in a wrapped
form via the computer's operating system or externally using a smartcard or some
other USB token. The most robust HSM systems are those when secrets are not
exported even when migrating between HSMs or performing backup operations.

Most HSM systems are also hardware cryptographic accelerators. Since they do not
allow the keys to be removed from the device in an unencrypted form, they must be
able to perform the common cryptographic operations, as a happy consequence these
HSMs will accelerate the intense maths (especially the case in Public-key
cryptography) and provide better performance than a normal software based crypto
system.

It is important to note that keys protected by HSM are only truly 'hardware protected'
if they were generated inside the hardware itself, importing a standard software
protected key into an HSM will still mean that a non-hardware protected copy of the
key material might still exist on old backups.

HSM Software APIs

RSA, Sun/IBM Java, Microsoft and OpenSSL all provide or implement API level
hooks that allow software to make use of a HSM. Below is a list of popular
cryptography APIs that can be used with hardware modules from different vendors.

• PKCS#11 - RSA's API, designed to be platform independent, defining a

generic interface to HSMs. Also known as 'cryptoki'
• JCE/JCA - Java's Cryptography API
• Microsoft CAPI - Microsoft's API as used by IIS, CA and others, also
available from .net

Card Payment System HSMs

Special HSMs are used in card processing systems, that do not use the PKCS#11 API.
While there is no global standard on the low level API for "payment" HSMs, common
principles are shared among HSM software developers.

There are two main groups of HSMs used here:

OEM or integrated modules for automated teller machines and POS terminals:

• to encrypt the PIN entered when using the card.

• to load keys into protected memory.

Authorisation and personalisation modules may be used to:

• check an on-line PIN by comparing with an encrypted PIN block.

• verify credit/debit card transactions by checking card security codes or by
performing host processing component of an EMV based transaction
• support a crypto-API with a Smart Card (such as an EMV).
• re-encrypt a PIN block to send it to another authorisation host.
• support a protocol of POS ATM network management.
• support de-facto standards of host-host key|data exchange API.
• generate and print a "PIN mailer".
• generate data for a magnetic stripe card (PVV, CVV).
• generate a card keyset and support the personalisation process for Smart
Cards.

Organizations Manufacturing HSMs

• SafeNet - Luna SA, Luna CA (CC EAL4+), Luna SP, Luna PCI, Luna PCM,
ProtectServer Gold, ProtectServer External, ProtectHost White, ProtectHost
EFT
• Thales e-Security - HSM 8000, P3 Crypto Module, WebSentry, SafeSign
Crypto Module
• Atalla Security Products of HP A8150 A9150 A10150 FIPS 140-2 Level Three
Validation
• AEP Keyper FIPS Level 4 HSM - AEP Keyper FIPS Level 4 HSM
• Banksys DEP - Banksys DEP
• IBM - 4764 FIPS 140-2 Level 4 (superseding 4758)
• ARX - PrivateServer HSM
• xyzmo - xyzmo seal server
• nCipher - netHSM, miniHSM, nShield, nForce
• ERACOM (now a SafeNet subsidiary - CSA8000, protectserver orange,...
• Crypto Accelerator 6000 - Sun
• Bull - CRYPT2Pay
• FutureX - Jones FutureX
• Smart Card Technology Inc.SPK2032 Smart Key/Smart Disc
• REALSEC - Cryptosec 2048
• Utimaco - SafeGuard CryptoServer