2.1 What is an HSM?

A Hardware Security Module (referred to as an HSM) is a device that performs cryptographic operations on behalf of the host computer to which it is connected.

Offloading the cryptographic operations to a dedicated hardware device can have the following benefits:

• Cryptographic acceleration

  Cryptographic operations (on which MyID heavily depends) can be processor-intensive. Carrying out these calculations on hardware that is optimized for them can improve performance and also leave the host computer’s processor free to perform other tasks.

• Improved security

  Computers are general-purpose devices that can perform a wide variety of tasks. HSMs are specifically designed to store sensitive key data securely.

A computer stores its keys in its memory but an HSM has a dedicated memory store just used to store key data that is inaccessible to unauthorized access. It is often encased in a tamper-proof enclosure, or has built in security measures that will delete the sensitive key data if it is attacked.

Sensitive key data can be created as non-exportable, meaning that although the key can be used for cryptographic operations, it cannot be extracted or ‘stolen’. An HSM is equivalent to a very high-performance server smart card.