HSM-DETAIL
Tamper-proof cryptographic hardware module.
Definition
Main vendors: Thales (Luna, payShield), Utimaco, Entrust nShield, AWS CloudHSM, Azure Dedicated HSM. Used for PKI root CA, AdES qualified signatures, ATM/EMV payments, blockchains. FIPS 140-3 Level 3 compliance standard for public CAs.
Origin
IBM 4758 pioneer HSM in 1986 ; FIPS 140-1 published 1994 ; FIPS 140-3 ratified March 2019.
Example in context
A bank keeps its PKI root key in 3 clustered Thales Luna HSMs with 2-of-3 quorum signing.
Related terms
- FIPS 140-3 — certification standard.