The HSM 8000 (Host Security Module) series of equipment provides cryptographic functions to support network and point-to-point data security. Acting as a peripheral to a Host computer, the HSM provides the cryptographic facilities required to implement key management, message authentication and Personal Identification Number (PIN) encryption in real time online environments. The HSM is made physically secure by locks, electronic switches and tamper-detection circuits.
HSM 8000 Front view showing normal operation
The HSM supports a number of standard functions and can be customised to perform client-specific cryptographic functions. Standard functions include:
· Verifying and generating Personal Identification Numbers (PINs) such as those used with bank accounts and credit cards.
· Generating encrypted card values such as Card Verification Values (CVVs) for the plastic card industry.
· PIN solicitation, to obtain a new PIN from a card holder (against a reference number).
· Generating keys for use in Electronic Funds Transfer Point Of Sale (EFTPOS) systems.
· Key management in non-EFTPOS systems.
· Generating and verifying Message Authorization Codes (MACs) for messages transferred via telecommunications networks.
The HSM is normally online to the Host and does not require operator monitoring or intervention. The HSM performs cryptographic processing in response to commands from the Host. The Host sends command messages, which consist of command codes and other fields that are required by the HSM in order to process the commands. The HSM processes the command messages and generates response messages, which also contain a variable number of fields (depending on the message type). Some commands, mainly involving plain text data, are entered by the user via the associated HSM Console.