This topic describes the interface specifications, encryption algorithms, and performance references for a dedicated Hardware Security Module (HSM).
Thales HSM
A Thales Hardware Security Module (HSM) is a physical device launched by Thales, a global digital security solutions company, designed to protect sensitive data and software applications. By offering robust encryption functions and access control, it ensures data security during storage, processing, and transmission. It is widely used across various industries, including finance, government, healthcare, and manufacturing.
Features | Description |
Standards | A Thales HSM complies with PCI DSS and FIPS 140-2 Level 3 standards, and also meets the requirements of domestic cryptographic certification and PCI PIN standards, ensuring the high level of security needed for device and key management. |
Local Master Key (LMK) | An LMK is a master key that is generated and stored within the local environment, and used for securing other keys or sensitive information. The Thales HSM allows for the expansion of the LMK quota through licensing. The supported quota ranges from 1 to 20. |
Calls Per Second (CPS) | CPS indicates the HSM's maximum capacity for processing commands calls each second. The Thales HSM's CPS quota can be enhanced through a license upgrade. The supported quota ranges from 25 to 10,000. Note This performance parameter provides approximate performance data for key block-related commands (such as PIN translation commands) in secure communication scenarios. Different commands may have various maximum calls per second. Some time-consuming commands, such as RSA key generation or message authentication code, hash, encryption, and decryption calculations for large amounts of data, are not covered by the CPS. |
TASS Crypto Engine HSM
A TASS Crypto Engine HSM is a secure hardware device featuring robust physical security measures. It delivers cryptographic services at the application layer for business systems through a dedicated key management system and an integrated encryption process flow. The TASS Crypto Engine HSM supports key management, message authentication, data encryption and data decryption, along with signature generation and verification, ensuring the security, effectiveness, integrity, and non-repudiation of data from creation to transmission, reception, and processing.
Beyond FIPS 140-2 Level 3 compliance, the TASS Crypto Engine HSM also supports Chinese cryptographic algorithms, aligning with national cryptography law and providing users with the flexibility to select suitable algorithms for their deployment needs.
Features | Description |
Interface specifications |
|
Encryption algorithms |
|
Performance references | Data communication protocol: TCP/IP. Maximum concurrent connections: 2,048. For test data of 32 bytes, the performance is as follows:
|