1.2 Security World and HSM Modules

The vital component of the M-HSM server is the HSM module. The HSM module carries out cryptographic operations involving protected security keys. All data is stored outside the module on the disk of the host system in encrypted form. Every module is associated with the Security World (see the Secure Production Programming Solution (SPPS) User Guide) that combines a set of keys giving module access to the information in the database located on the PC side. The Security World can be replicated to multiple HSM servers, if needed. The HSM module is controlled through standard nCipher nShield software that includes hardware drivers and low-level components providing access to the services inside the module. Custom SEE firmware (algorithms related to the protocols implemented in Microchip devices) and known as the SEE Machine is stored on the disk of the host PC, and is loaded into the module as part of the power-up process.