Variable Use and High Performance
HSMs have a wide range of uses in providing data security. In application fields including e-health, industry, automotive, smart metering or bring-your-own-key (BYOK), HSMs act as a key repository that safeguards access to data and IT infrastructures.
In industry, hardware security modules are primarily used to protect public key infrastructures (PKIs), virtual environments and cloud architectures. Here the focus lies on secure network encryption of critical infrastructures within connected production facilities.
In this field, a wide range of authentication mechanisms and encryption and decryption are used to protect operating and application data transmitted between data centers, offices, machines, and central or distributed control centers. A similarly important role falls to unambiguous authentication of facilities, machines and people. This also ensures protection of business-critical applications (e.g. databases, servers, security appliances).
In the field of healthcare, HSMs are significant primarily for the telematics infrastructure (TI), e.g. that of the new electronic health card (eGK) in Germany. The main objective here is to enable cross-system registration, processing and transmission of patient data between trusted participants such as physicians, care providers, medical practices, hospitals, pharmacies and health insurers within a secure network.
Effective protection mechanisms based on individual encryption and anonymization techniques executed by HSMs ensure that only authorized persons and devices can access patient data, e.g. insurance master data and emergency data, as well as information generated and stored by telemedicine applications like a patient’s pacemaker or ECG.
In the automotive sector, HSMs are used in smart connected car management. An ever-growing array of sensors, components and devices is being connected to software applications and controlled via electronic modules so as to enable system-wide exchange of information on operating conditions and other relevant vehicle data.
HSMs support the industry in connecting these components with one another and with the vehicle environment, and in securing communication between the various control devices. They ensure that individual vehicle functions cannot be manipulated or deactivated via unauthorized access by third parties (e.g. by way of upload of malware to a control device). They also prevent changes in vehicle properties or functions (e.g. chip tuning, falsification of the odometer reading) and protect personal driver data generated via externally connected devices such as smartphones.
M2M & IoT
Use of HSMs in the M2M/IoT field primarily involves cases in which enterprises wish to secure the internet-based information flow between the enterprise and smart connected products used by that enterprise’s clients. Here HSMs manage the mutual identification and authentication of users, devices and components and verify access privileges.
HSMs provide component protection by way of a secure connection to the manufacturer’s servers and verifying system integrity to unequivocally ensure that the “thing” sending the data is in fact the thing it purports to be. Vice versa, they also verify that the device receiving the data is actually a device permitted to receive such information.
The use of intelligent meters for electricity, gas, water, district heating, etc. and their connection to a smart grid means that a great amount of sensitive energy data is registered, stored and exchanged by data processing units, meters and intelligent household devices.
HSMs protect these critical infrastructures. Embedded in smart meter gateways, they serve to store individual, customer-related keys and provide encryption mechanisms for secure data transmission. HSMs are thus an efficient means for securing devices in the field.
Bring Your Own Key (BYOK)
HSMs can also be used for the reliable implementation of security guidelines and access controls. For example, they can ensure that users can only access a certain cloud-based application and/or the data contained therein if they log on e.g. via a smartcard or security token.
In addition, HSMs can be deployed to secure data processing and storage in the cloud – without leaving encryption to the cloud provider.