A hardware security module (HSM) is a device that provides a secure and dedicated environment for performing cryptographic operations thus reducing the likelihood of secret key material being compromised as well as improving cryptographic processing performance.
Cryptographic devices can be divided in two categories: smart cards/tokens and Box HSM(s). Smart cards/tokens are slow but are cost-effective and easy to administer. Box HSM(s) offer performance and security benefits, but are relatively more expensive and complex to administer than smart cards.
Both Box HSM(s) and smart cards offer improved security over software implementations but choosing one or the other will require customers to balance security, cost, performance, and administrative overhead.
nCipher and SafeNet are the market leaders in the Box HSM segment due to their incumbent status, size, and technical fit. Other Box HSM vendors are either small private companies, or niche players in this market like IBM.
In the smart card space there are vendors, like Axalto, Gemplus, Oberthur, etc., that produce smart cards for varied applications (like mobile telephony, credit-cards, national identity cards, etc) and niche vendors, like SafeNet, that specialize in cards and tokens for user identification. Vendors generally use standard chips from manufacturers like Philips, Infineon, STMicroelectronics, etc, so product differentiation is hard to sustain.
FIPS 140 certification is widely used for selecting HSM products, since FIPS 140 is an industry standard for assessing the security of HSMs.
Comments