Hardware Key Protection

Flash/Video Get nCipher Solutions Sheets HSM Deployment Strategies nCipher Hardware Platforms White Papers netHSM Technical Architecture Product Data Sheets netHSM Datasheet nShield Data Sheet

Managing and using cryptographic keys in a purely software based environment carries a number of inherent and serious risks.  A firmly established best practice for increasing the security for critical business applications and sensitive data requires the use of tamper-resistant hardware based systems to protect encryption, authentication and signing keys. 

Hardware security modules (HSMs) boost server and application security

nCipher HSMs protect an unlimited number of keys from attack and enforce fine-grained key management policies within a tamper-resistant, physically hardened device.  HSMs can be tied to a particular server or application and housed within the server chassis itself or they can be shared by multiple applications of servers simultaneously and accessed remotely via an IP network.  The security properties of HSMs are often independently validated to the FIPS 140 standard to comply with regulatory and industry guidelines.

In addition to the use of HSMs, the trend towards protecting cryptographic processes and keys is also demonstrated by the use of smart cards (also known as chip cards) for ID cards and banking cards as well as the introduction of Trusted Platform Modules (TPMs) within most laptop and certain desktop computers.

Read more about nCipher HSMs, that also support best in class cryptographic acceleration and unique capabilities such as the nCipher Secure Execution Engine (SEE).

Secure information and applications across the enterprise

HSMs have historically been used to protect the most critical keys within the enterprise and  particularly those keys that are subject to external scrutiny or audit.  These keys tend to be used in conjunction with certain business applications and elements of security infrastructure.  The following is a list of common applications where the use of HSMs is a recognized best practice, although in reality the owner of any application that represents significant business risk should carefully consider the use of HSMs. 

• PKI – protect Certificate Authority (CA) root keys, authorize individual key management
  operations, and accelerate certificate signing and key generation. Read more about PKI.
• Encryption – securely protect encryption/decryption keys, providing long-term key archival and 
  recovery, and enforcing key usage policies.  Read more about encryption management.
• Digital Signing and Time Stamping – validate authenticity and integrity of documents, 
  messages and transactions, create legally defensible records and audit trails. Learn more.
• Strong Authentication & Access Control – generate and protect digital credentials, authorize
  credential usage and securely authenticate PINs, passwords, keys and certificates.
• Code Signing – securely publish commercial and in-house software using Microsoft
  Authenticode to prove authenticity of code.
• Web Services Security  - authenticate,and digitally sign web services based transactions to
  ensure privacy and integrity 
• Payment and Credit Card Processing – authenticate online users and protect credit card
  details, PINs and other confidential information.  Read more about specific payments related
  functionality and complying with the Payment Card Industry (PCI) data security standard.