WHITEPAPER
Hardware Encryption
The HSM Concept
Because business-critical information of all kinds needs reliable protection against unauthorised access, manipulation, and theft, IT security is one of management’s most important tasks today in business, in public administration (e-government), and in healthcare (e-health).
New business processes, technologies, and legal requirements require new security strategies. In a dynamic competitive environment, the ability to quickly modify and extend security mechanisms as system landscapes grow and become more heterogeneous is no simple task.
The basic idea behind a hardware security module.
Today’s cryptography guarantees the security of user data, so the way electronic transactions are processed completely meets demands for confidentiality, integrity, and identity (authenticity). However, the encrypted data are not protected effectively until the computer systems on which these cryptographic transactions are performed, and on which the keys that will be used in the future are saved, are also fully secured.
A solution (HSM) to achieves all current certification procedures for proving that IT security measures have been implemented, physically and logically, such as the American FIPS 140-2* standard, share these general basic characteristics.
3D Approach to HSM
Hardware security modules can be used to save important, confidential, and business-critical enterprise data (such as corporate certificates, signature keys, encryption keys, etc.) safe from tampering and theft, and then process that data and make it available for use.
This provides a way for companies to create their own “zone of trust.” In other words, hardware security modules provide comprehensive data security,even in environments such as external computing centres in which they have no direct control over or access to cryptographic identities and keys or their application.
3 Dimensional Security
Ten years ago, the most important issues were the basic architectures of the processors and memory module to be used and the design. With today’s powerful digital signal processor architectures, the focus is now on security circuits and the ways to optimise them.
We believe that a hardware security module must create three-dimensional security:
- The security of keys and their applications in accordance with cryptographic procedures (with American FIPS 140-2 standard certification*)
- High fail-safe security and availability
- High investment security due to its open and uniquely modular software concept, which enables CryptoServer to be upgraded to work with new or changed procedures, even in years to come
Philosophy
Your security in all three dimensions.
Hardware security must be achieved as cost-effectively as possible, whether in the case of largely standardised system landscapes such as Microsoft Server, for applications in which security tools and functions are integrated via PKCS #11 interfaces, or in payment traffic with clearly defined procedures.
A characteristic of the cost-efficiency of SSI provided technology is its high level of flexibility and openness, which means it can be integrated smoothly into all business processes and specific IT architectures.
Simply Secure
Cryptography, certificates, PKCS interfaces – all these terms, abbreviations, and functional descriptions make it harder to understand, select, and implement IT security systems. Carrying out detailed in-house analysis of requirements and implementing complex certification procedures that have been tailored to meet the high protection potential of HSMs is both expensive and time-consuming.
SSI provisioned solution combines all of the necessary functions, procedures, and interfaces in a range of ready-to-use solution packages, all of which meet the requirements of the many various sectors of industry and business processes.
When selecting a product you should not be forced to research cryptography and hardware security. Instead, you should be able to choose an optimised standard package that consists of certified hardware and software that has been tried, tested, and refined over many years of use. And if you want to add specific functions, a solution that can be retrofitted whenever you want and without having to upgrade hardware.