F8650E 硬件安全模块 安全协处理器 HIMA
【产品详情】
硬件安全模块(hardware security module,缩写HSM)是一种用于保护和管理强认证系统所使用的密钥,并同时提供相关密码学操作的计算机硬件设备。硬件安全模块一般通过扩展卡或外部设备的形式直接连接到电脑或网络服务器。HSM提供篡改留证(tamper evidence/proof)、篡改抵抗(tamper evidence)两种方式的防篡改功能,前者设计使得篡改行为会留下痕迹,后者设计使得篡改行为会令HSM销毁密钥一类的受保护信息。
每种HSM都会包括一个或多个安全协处理器,用于阻止篡改或总线探测。许多HSM系统提供可靠的密钥备份机制,使机密数据可以通过智能卡或其他设备安全地处理或转移。由于HSM通常是公钥基础设施(PKI)或网上银行一类关键基础设施的一部分,一般会同时使用多个HSM以实现高可用性。
一些HSM具备双电源、无需停机更换配件(如冷却风扇)等设计,以确保在数据中心等环境中的高可用性要求。少数HSM可以让用户在其内部处理器上运行专门开发的模块。在一些场景下,这种设计相当实用,例如用户可以在这种安全、受控的环境下运行一些特殊的算法或者业务逻辑,哪怕攻击者取得了计算机的完全控制权限,存储在HSM(连接到计算机)中的程序也无法被提取或篡改。
一般HSM允许用户使用C、.NET、Java等编程语言开发这种专用程序。值得注意的是,用户自定义的程序与HSM本身的程序之间存在隔离,这使程序的存在不会影响到HSM本身的安全。考虑到硬件安全模块(HSM)在应用程序与基础设施的安全中扮演的关键角色,此类密码学模块通常都会经过Common Criteria、FIPS 140等受到国际承认的认证。
这将为用户提供产品设计与实现上的保障,同时确保相应的密码学算法能按预期方式正确工作。FIPS 140安全认证最高认证等级为Level 4(整体),仅有极少数HSM成功通过这一等级的认证,大部分设备处于Level 3等级。硬件安全模块可在任何涉及到密钥的场景下使用。通常来说,这些密钥具有较高的价值,一旦泄露会导致严重的后果。
硬件安全模块的功能通常包括:板载密码学安全密钥生成;板载密码学安全密钥存储与管理;加密且敏感资料的使用;卸载(代办)应用程序服务器的对称与非对称加密计算。HSM也用于数据库透明加密的密钥管理。对于密钥在内的敏感信息,HSM同时提供逻辑层面与物理层面的保护,以防止未经授权的访问或者可能的入侵。
F8650E 硬件安全模块 安全协处理器 HIMA
【英文介绍】
A hardware security module (HSM) is a computer hardware device that protects and manages the keys used by a strong authentication system while providing related cryptographic operations. Hardware security modules are usually connected directly to a computer or network server in the form of expansion cards or external devices. HSM provides tamper evidence/proof (tamper evidence) and tamper evidence resistance (tamper evidence). The former is designed so that tampering will leave traces, and the latter is designed so that tampering will make HSM destroy protected information such as keys.
Each HSM includes one or more security coprocessors to prevent tampering or bus detection. Many HSM systems provide a reliable key backup mechanism that allows confidential data to be securely processed or transferred via smart cards or other devices. Because HSMS are often part of a critical infrastructure such as public key infrastructure (PKI) or online banking, multiple HSMS are often used simultaneously to achieve high availability.
Some HSMS are designed with dual power supplies and no downtime to replace accessories, such as cooling fans, to ensure high availability requirements in environments such as data centers. A few HSMS allow users to run specially developed modules on their internal processors. In some cases, this design is quite useful, such as the user can run some special algorithms or business logic in this secure, controlled environment, even if the attacker gains full control of the computer, the program stored in the HSM (connected to the computer) cannot be extracted or tampered with.
General HSM allows users to use C,.NET, Java and other programming languages to develop such specialized programs. It is worth noting that there is a separation between user-defined programs and the HSM's own programs, so that the existence of the program does not affect the security of the HSM itself. Given the critical role that hardware security modules (HSM) play in the security of applications and infrastructure, such cryptography modules are typically certified by internationally recognized standards such as Common Criteria and FIPS 140.
This will provide users with assurance in product design and implementation, while ensuring that the corresponding cryptographic algorithms work correctly as expected. FIPS 140 Security certification is the highest certification Level of Level 4 (overall), only a small number of HSM successfully passed this level of certification, the majority of equipment at Level 3. The hardware security module can be used in any scenario involving keys. Generally speaking, these keys have a high value and can lead to serious consequences if leaked.
The functions of hardware security module usually include: on-board cryptography security key generation; On-board cryptography security key storage and management; Use of encrypted and sensitive data; Uninstall (agent) the application server's symmetric and asymmetric encryption calculations. HSM is also used for key management of database transparent encryption. For sensitive information, including keys, HSM provides both logical and physical protection to prevent unauthorized access or possible intrusion.
F8650E 硬件安全模块 安全协处理器 HIMA
【其他型号推荐】
| 4211 | 1756-EN2T | 1336-PB-SP2B | AO845A | C2RPS-CHAS2 | CP450-T-ETH |
| 4351b | 1756-EN2TR | 1336-SN-SP6A | AO2040 | C310 | CP800 |
| 5136-DNP-PCI | 1756-EN2TXT | 1336-TR-SP1A | APBU-44C | C3100020STD | CP7002-0001-0010 |
| 5136-RE2-PCI | 1756-ENBT | 1336-WB110 | AS-B875-002 | C4001011100 | CP-9200SHSVA |
| 5136-RE-VME | 1756-IB16 | 1391-DES45 | AS-P892-000 | C6001011100 | CP-A-RU |
| 5302-MBP-MCM4 | 1756-IB32 | 1394-AM04 | ASSY-11994R13 | CACR-02-KIBA | CPCI-6020TM |
| 5466-258 | 1756-IF8H | 1420-V2P-ENT | AZ05-0-0-1 | CB801 | CR-GENO-M6400R3 |
| 5466-316 | 1756-L61 | 1492-SPM1C630 | B3EA-HENF315147R1 | CB06551-PRD-B040SSIB-63 | CU-8593-IND.A 2 |
| 5466-409 | 1756-L71 | 1732E-OB16M12DR | B5EC-HENF105077R1 | CB6687-2L | CU-8593-INDA |
| EMERSON | A6500-CC | EMERSON | 1C31203G01 | EMERSON | KJ2005X1-MQ1 |
| EMERSON | 9199-00120 | EMERSON | A6500-UM | EMERSON | 12P6381X022 |
| EMERSON | PR6426010-140+CON021916-200 | EMERSON | VE3008 | EMERSON | VE3008 |
