Hardware security modules (HSM) are used, among other things, in the background systems of electronic payment trans­ac­tions for carrying out sensitive crypto­graphic opera­tions. The physical security properties of the HSM influence the require­ments for the appli­cation environment. With strong physical security mecha­nisms, organi­za­tional security measures can be largely dispensed with, while the environment must meet high security standards with weak physical security mechanisms.
Criteria for use in electronic payment systems of hardware security modules are defined by the German Banking Industry (DK) and the Payment Card Industry (PCI), among others. SRC is approved as an assessor at DK and PCI for the assessment of HSMs.

Our compe­tence

SRC provides security assess­ments for hardware security modules and supports manufac­turers of security modules, network operators and acquirers in proving the security require­ments placed on them. SRC employees have conducted a variety of safety inves­ti­ga­tions of hardware and software of HSMs. Due to our knowledge of all aspects of the approval process, we not only uncover weak points, but also success­fully lead our customers to their goal: the timely approval of their components.
In principle, it is possible to combine the assessment processes of different processes so that synergy effects result for the manufac­turer. For example, a PCI HSM evalu­ation can be extended to include auditing aspects of DK.
If FIPS 140–2 certi­fi­cation is required, SRC works with a partner laboratory that performs the additional tests required for FIPS 140–2 certi­fi­cation, taking into account SRC’s test results.

Our offer

SRC reviews

• Hardware and software of the HSM,
• System concepts, crypto­graphic methods, random number gener­ators and protocols,
• Semicon­ductors (including testing resis­tance to side channel attacks, such as Simple Power Analysis SPA and Differ­ential Power Analysis DPA),
• Organ­i­sa­tional measures during the devel­opment, production and operation of HSMs.