What is a General Purpose Hardware Security Module?
Hardware security modules (HSMs) are hardened, tamper-resistant hardware devices that secure cryptographic processes by generating, protecting, and managing keys used for encrypting and decrypting data and creating digital signatures and certificates. HSMs are tested, validated and certified to the highest security standards including FIPS 140-2 and Common Criteria.
HSMs enable organizations to:
- Meet and exceed established and emerging regulatory standards for cybersecurity, including GDPR, eIDAS, PCI DSS, HIPAA, etc
- Achieve higher levels of data security and trust
- Maintain high service levels and business agility
What is an HSM as a service?
An HSM as a service is a subscription-based offering where customers can use a hardware security module in the cloud to generate, access, and protect their cryptographic key material, separately from sensitive data. The service offering typically provides the same level of protection as an on-premises deployment, while enabling more flexibility. Customers can transfer CapEx to OpEx, enabling them to only pay for the services they need, when they need them.
nShield as a Service uses dedicated FIPS 140-2 Level 3 certified nShield Connect HSMs. The offering delivers the same features and functionality as on-premise nShield HSMs, combined with the benefits of a cloud service deployment. This allows customers to fulfill their cloud first objectives and leave the maintenance of these appliances to the experts at nCipher.
What is Root of Trust?
Root of Trust (RoT) is a source that can always be trusted within a cryptographic system. Because cryptographic security is dependent on keys to encrypt and decrypt data and perform functions such as generating digital signatures and verifying signatures, RoT schemes generally include a hardened hardware module. A principal example is the hardware security module (HSM) which generates and protects keys and performs cryptographic functions within its secure environment.
Because this module is for all intents and purposes inaccessible outside the computer ecosystem, that ecosystem can trust the keys and other cryptographic information it receives from the root of trust module to be authentic and authorized. This is particularly important as the Internet of Things (IoT) proliferates, because to avoid being hacked, components of computing ecosystems need a way to determine information they receive is authentic. The RoT safeguards the security of data and applications and helps to build trust in the overall ecosystem.
RoT is a critical component of public key infrastructures (PKIs) to generate and protect root and certificate authority keys; code signing to ensure software remains secure, unaltered and authentic; and creating digital certificates for credentialing and authenticating proprietary electronic devices for IoT applications and other network deployments.
What is random number generation?
Random number generation (RNG)
refers to the random numbers created by an algorithm or device.
When the source of entropy for a random number generator is derived from software-based measurements, it cannot be guaranteed that the entropy will not be predictable, or able to be influenced. An HSM uses a hardware-based source of entropy for its RNG, that has been verified to provide a good source of entropy in all normal operating conditions.