Hardware security modules (HSMs) are used, among other things, in electronic payment background systems to perform sensitive cryptographic operations. The physical security properties of the HSM influence the requirements for the operating environment. With strong physical security mechanisms, organizational security measures can largely be dispensed with, whereas with weak physical security mechanisms, the environment must meet high security standards.
Criteria for the use of hardware security modules in electronic payment systems are defined by the Deutsche Kreditwirtschaft (DK) and the Payment Card Industry (PCI), among others. SRC is accredited as an assessor with DK and PCI to assess HSMs.
Our competence
SRC provides security opinions on hardware security modules and thus supports manufacturers of security modules, network operators and acquirers in proving the security requirements placed on them. SRC staff have conducted a variety of security investigations of hardware and the software of HSMs. Based on our knowledge of all aspects of the approval process, we not only uncover weak points, but also successfully guide our customers to their goal: on-time approval of their component.
In principle, it is possible to combine the assessment processes of different procedures, resulting in synergy effects for the manufacturer. For example, a PCI HSM evaluation can be extended to include audit aspects of DK.
If FIPS 140-2 certification is required, SRC will work with a partner laboratory that will perform the additional testing required for FIPS 140-2 certification, taking into account SRC’s testing results.
Our offer
SRC appraised
- Hardware and software of the HSM,
- System concepts, cryptographic techniques, random number generators, and protocols,
- Semiconductors (including testing resistance to side-channel attacks, such as Simple Power Analysis SPA and Differential Power Analysis DPA),
- Organizational measures during the development, production and operation of HSMs.