Hardware security module

The functions of an HSM are:

• onboard secure cryptographic key generation
• onboard secure cryptographic key storage, at least for the top level and most sensitive keys, which are often called master keys
• key management
• use of cryptographic and sensitive data material, for example, performing encryption or digital signature functions
• offloading application servers for complete asymmetric and symmetric cryptography.

CA HSMs

In PKI environments, the HSMs may be used by certification authorities (CAs) and registration authorities (RAs) to generate, store, and handle asymmetric key pairs.

SSL/TLS HSMs

Performance critical applications that have to use HTTPS (SSL/TLS), can benefit from the use of an SSL Acceleration HSM by moving the RSA operations, which typically requires several large integer multiplications, from the host CPU to the HSM device.

Bank HSMs

HSMs support both general-purpose functions and specialized functions required to process transactions and comply with industry standards.

Source: Hardware security module

References

• Understanding Hardware Security Modules (HSMs)
  The hardware security module (HSM) is a special “trusted” network computer performing a variety of cryptographic operations: key management, key exchange, encryption etc.
• FIPS 140-3
• Magic Quadrant for Endpoint Protection Platforms
• AWS
  • Improve Your Web Server’s Security with SSL/TLS Offload in AWS CloudHSM
  • How SSL/TLS Offload with AWS CloudHSM Works