Industry Expert Blogs

HSM – What it is and how it works

Encrypted data is not secure if the keys used for encryption are exposed. Hardware security modules (HSMs) can provide a solution. HSMs are tamper- and intrusion-resistant hardware components used to protect and store cryptographic keys while still allowing authorized users to use them. The purpose of HSMs is to control access and limit the risk to sensitive private keys.

HSMs make it possible to use the private keys without requiring direct access to them. Software hosted on a web server, for example, can perform cryptographic functions and authentication without loading a copy of the private key into the web server’s memory, where the key may be vulnerable to attack. These functions are performed within the secure environment of an HSM’s. Running within this secure environment prevents the sensitive data from being compromised. The private keys remain protected in a secure location.

To better understand this concept, you can think of an HSM like a vending machine. In a vending machine, drinks and food are stored in an isolated environment. It is designed to accept user input (e.g. item selection) and generate output (e.g. dispense a tasty snack). It is not possible to access the inside of the machine or change its functions.
Similarly, an HSM accepts user input and generates output (e.g. signed certificates or signed software) without users or applications being able to see, access or modify the cryptographic keys. This is possible because its functions are performed within the secure environment and no key can be fully exported, extracted or removed from an HSM in a readable format.

Click here to read more ...