HSM for Dummies User Management API: This API is used to access all the functions necessary to create and manage users and their corresponding roles in the HSM. For today’s function interfaces for HSMs, such as PKCS#11, the designing committees realize some of the key management and user management functions over the command interface. Unfortunately, developers have mixed different APIs here, which can result in security vulnerabilities in the device if application programmers don’t implement it properly. Now we take a look at the APIs of HSMs from the viewpoint of the calling application. We start with a definition of the security API: The security API enables non-trusted code run within an application to access the sensitive resources of an HSM in a secure manner. It’s the interface between running processes on the host system and the HSM. Examples of security APIs are the interface between the (tampersecure) chip on a smartcard (trusted) and the card reader (not trusted); the interface between a cryptographic hardware security module (trusted) and the host server (not trusted); and the Google Maps API (an interface between a server and Google, trusted) and the rest of the internet. An HSM interface has the following primary features: Implementation of the security policy for external access to the secured area. Protection of the security area from commands, irrespective of parameters and command sequences. This means that when the code on the host system is compromised or erroneous, it has no effect on the HSM or the critical data. Overview of the Current Interfaces for HSMs We now come to the current HSM interfaces. We first introduce the interfaces with international standardization. 22
HSM_for_Dummies
To see the actual publication please follow the link above