1.2 Security World and HSM Modules

The most important component of the U-HSM server is the HSM module. The HSM module carries out cryptographic operations involving protected security keys. All data is stored outside the module on the disk of the host system in encrypted form. Every module is associated with the Security World (see the nShield Edge and Solo User Guide for Windows) that combines a set of keys giving module access to the information in the database located on the PC side. The same Security World can be replicated to multiple HSM servers, if needed. The HSM module is controlled through standard nCipher nShield software that includes hardware drivers and low-level components providing access to the services inside the module. Custom SEE firmware (algorithms related to the protocols implemented in Microchip devices) known as the SEE Machine is stored on the disk of the host PC, and is loaded into the module as part of the power-up process.