What is a Hardware Security Module (HSM)?

Hardware security modules (HSMs) are hardened, tamper-resistant hardware devices that secure cryptographic processes by generating, protecting, and managing keys used for encrypting and decrypting data and creating digital signatures and certificates. HSMs are tested, validated and certified to the highest security standards including FIPS 140-2 and Common Criteria. 

HSM 使组织能够:

What is HSM as a service?

HSM as a service is a subscription-based offering where customers can use a hardware security module in the cloud to generate, access, and protect their cryptographic key material, separately from sensitive data. The service offering typically provides the same level of protection as an on-premises deployment, while enabling more flexibility. Customers can transfer CapEx to OpEx, enabling them to only pay for the services they need, when they need them./p>

nShield as a Service uses dedicated FIPS 140-2 Level 3 certified nShield HSMs. The offering delivers the same features and functionality as on-premise nShield HSMs, combined with the benefits of a cloud service deployment. This allows customers to fulfill their cloud first objectives and leave the maintenance of these appliances to the experts at Entrust.


信任根 (RoT) 是在加密系统中始终可以信任的源。 由于加密安全性依赖密钥来加密和解密数据,并执行生成数字签名和验证签名等功能,因此,RoT 方案通常包括一个强化的硬件模块。 一个主要的例子是硬件安全模块 (HSM),它在其安全环境中生成和保护密钥并执行加密功能。

由于出于所有意图和目的,在计算机生态系统之外均无法访问该模块,因此该生态系统可以信任它从信任根模块收到的密钥和其他加密信息是真实的且经授权的。 随着物联网 (IoT) 的激增,这一点尤其重要,这是因为要避免黑客入侵,计算生态系统的组件需要一种方法来确定其收到的信息是真实的。 RoT 保障数据和应用程序的安全性,有助于在整个生态系统中建立信任。

RoT is a critical component of public key infrastructures (PKIs) to generate and protect root and certificate authority keys; code signing to ensure software remains secure, unaltered and authentic; and creating digital certificates for credentialing and authenticating proprietary electronic devices for IoT applications and other network deployments.

What is random number generation?

Random number generation (RNG) refers to the random numbers created by an algorithm or device.

When the source of entropy for a random number generator is derived from software-based measurements, it cannot be guaranteed that the entropy will not be predictable, or able to be influenced. An HSM uses a hardware-based source of entropy for its RNG, that has been verified to provide a good source of entropy in all normal operating conditions.