Hardware security module

A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. Humans have tried to establish and maintain confidential lines of communication for millennia, rarely with enduring success. During World War II governments and military organizations invested heavily in encryption systems (cryptographic 'defense') and code breaking (cryptographic 'offense'). However, civilian and commercial adoption of encryption systems lagged considerably, in large part due to legal and regulatory constraints. As global trade and the financial industry flourished after World War II, and as national economic security became more strategic, commercial exploitation of strong encryption emerged as a national imperative in the United States and in several other countries. The work of Mohamed Atalla (alias Martin Atalla) in the early 1970s led to the use of high security modules. He invented a high security module dubbed the 'Atalla Box', a security system which encrypted PIN and ATM messages, and protected offline devices with an un-guessable PIN-generating key. He founded Atalla Corporation (now Utimaco Atalla) and introduced the 'Atalla Box' in 1973. Fearful that Atalla would dominate the market, banks and credit card companies began working on an international standard. The later IBM 3624 adopted a similar PIN verification process. The Atalla Box is still widely used, as of 2016. By 1998 an estimated 70% of all ATM transactions in the United States were routed through specialized Atalla hardware modules, and by 2003 the Atalla Box secured 80% of all ATM machines in the world, increasing to 85% as of 2006. In the 1970s, the U.S. National Bureau of Standards (NBS) sponsored a standardization process for cryptographic algorithms to be available for civilian use. IBM submitted its Data Encryption Standard (DES) on a royalty free basis for the NBS's consideration (and U.S. National Security Agency review), and the U.S. declared DES the U.S. commercial symmetric-key encryption algorithm standard in 1977. Within the same year IBM introduced the IBM 3845, the world's first generally commercially available (i.e. civilian) HSM that was directly attached (via IBM's channel I/O architecture) to general purpose IBM computers, including IBM mainframes. The IBM 3845 included secure key entry devices (cards and PIN pads) for master key loading, random number generation capabilities for seeding, and persistent storage for key materials. IBM introduced enabling software, notably a predecessor to IBM's Integrated Cryptographic Service Facility (ICSF), to allow application programmers to take advantage of the HSM's services. The IBM 3845 helped launch and secure modern electronic banking, such as national and international Automatic Teller Machine and payment card networks. IBM quickly introduced a second generation IBM 3845 HSM that supported both DES and TDES. Other vendors then also introduced various HSMs, also based initially on DES then TDES.