F8652E HIMA 硬件安全模块

概述：

硬件安全模块(hardware security module,缩写HSM)是一种用于保护和管理强认证系统所使用的密钥，并同时提供相关密码学操作的计算机硬

件设备。硬件安全模块一般通过扩 展卡或外部设备的形式直接连接到电脑或网络服务器。HSM提供篡改留证(tamper evidence/proof)、篡改抵

抗(tamper evidence)两种方式的防篡改功能，前者设计使得篡改行为会留下痕迹，后者设计使得篡改行为会令HSM销毁密钥一类的受保护信

息。[1]每种HSM都会包括一个或多个安全协处理器，用于阻止篡改或总线探测。许多HSM系统提供可靠的密钥备份机制，使机密数据可以通过智

能-卡或其他设备安全地处理或转移。由于HSM通常是公钥基础设施(PKI) 或网上银行一类关键基础设施的- 部分，-般会同时使用多个HSM以实

现高可用性。一些HSM具备双电源、无需停机更换配件(如冷却风扇)等设计，以确保在数据中心等环境中的高可用性要求。少数HSM可以让用户

在其内部处理器上运行专门开发的模块。

在一一些场景下，这种设计相当实用，例如用户可以在这种安全、受控的环境下运行一些特殊的算法或者业务逻辑，哪怕攻击者取得了计算机的完全控

制权限，存储在HSM (连接到计算机)中的程序也无法被提取或篡改。-般HSM允许用户使用C、.NET、 Java等编程语言开发这种专用程序。值得

注意的是，用户自定义的程序与HSM本身的程序之间存在隔离，这使程序的存在不会影响到HSM本身的安全。考虑到硬件安全模块(HSM)在应

用程序与基础设施的安全中扮演的关键角色，此类密码学模块通常都会经过Common Criteria、FIPS 140等受到国际承认的认证。这将为用户提供

产品设计与实现上的保障,同时确保相应的密码学算法能按预期方式正确工作。FIPS 140安全认证最高认证等级为Level4 (整体)，仅有极少数

HSM成功通过这一等级的认证， 大部分设备处于Level 3等级。

硬件安全模块可在任何涉及到密钥的场景下使用。通常来说，这些密钥具有较高的价值，-旦泄露会导致严重的后果。硬件安全模块的功能通常包

括:板载密码学安全密钥生成;板载密码学安全密钥存储与管理;加密且敏感资料的使用;卸载(代办)应用程序服务器的对称与非对称加密计算。

HSM也用于数据库透明加密的密钥管理。对于密钥在内的敏感信息，HSM同时提供逻辑层面与物理层面的保护，以防止未经授权的访问或者可能的

入侵。

F8652E HIMA 硬件安全模块

内容来自www.xbaqingplc.com转载请标注

A hardware security module (HSM) is a computer hardware used to protect and manage the keys used by a strong authentication system, while providing related cryptographic operations

Piece of equipment. Hardware security modules are usually connected directly to a computer or network server in the form of expansion cards or external devices. HSM provides tamper evidence/proof and tamper credit

tamper evidence is two kinds of anti-tamper functions, the former is designed so that tampering will leave traces, and the latter is designed so that tampering will cause HSM to destroy protected letters such as keys

Breath. [1] Each HSM includes one or more security coprocessors to prevent tampering or bus detection. Many HSM systems provide a reliable key backup mechanism that allows confidential data to pass through intelligence

Can - cards or other devices be safely handled or transferred. Because HSMS are often part of critical infrastructures such as public key infrastructure (PKI) or online banking, multiple HSMS are often used simultaneously

High availability now. Some HSMS are designed with dual power supplies and no downtime to replace accessories, such as cooling fans, to ensure high availability requirements in environments such as data centers. A few HSMS allow users to

Runs specially developed modules on its internal processor.

In some cases, this design is quite useful, such as the user can run some special algorithms or business logic in such a secure, controlled environment, even if the attacker has gained full control of the computer

Programs stored in the HSM (connected to a computer) cannot also be extracted or tampered with. - General HSM allows users to develop such specialized programs using programming languages such as C,.NET, Java, etc. Be worth

It is important to note that there is isolation between user-defined programs and the HSM's own programs, so that the existence of the program does not affect the security of the HSM itself. Take into account the hardware security module (HSM) in response

With a critical role to play in the security of programs and infrastructure, such cryptography modules are typically certified by internationally recognized Criteria such as Common Criteria and FIPS 140. This will be available to the user

Guarantee the design and implementation of the product, and ensure that the corresponding cryptographic algorithms work correctly as expected. FIPS 140 Security certification The highest certification level is Level4 (overall), only a few

HSM has successfully passed this Level of certification, with most of the equipment at Level 3.

The hardware security module can be used in any scenario involving keys. Generally speaking, these keys have a high value - if the leakage can lead to serious consequences. The functionality of hardware security modules is usually packaged

Including: on-board cryptography security key generation; On-board cryptography security key storage and management; Use of encrypted and sensitive data; Uninstall (agent) the application server's symmetric and asymmetric encryption calculations.

HSM is also used for key management of database transparent encryption. For sensitive information, including keys, HSM provides both logical and physical protection to prevent unauthorized access or possible access

Invasion.

1.因产品库存量大，没有搜到的型号，请联系我们。

2.所有售出的产品质量保证一年，如果您在收到货内

7天我们可以给您换货或退回任何质量问题。

3.我们是中国很好的工控产品供应商，如果您需要其他

 产品类型，请咨询我们，我们会立即给您答复。

4.如果您购买多件，我们会给您折扣，如果您已经收到价格，

请联系我们，我们将努力让您满意，我们的客户来自世界各地。