SlideShare a Scribd company logo

HSM (Hardware Security Module)

Download as PPTX, PDF
U
Umesh Kolhe

HSM stands for Hardware Security Module, which is a tamper-resistant physical device used to securely generate, store, and manage cryptographic keys and perform cryptographic operations. Payment industries commonly use specialized HSMs to protect keys and data for payment card personalization, transaction authorization, and verification. While HSMs provide high security, they are also expensive, so some companies offer HSM services running software that simulates an HSM's functions. The Thales Simulator is an open source software library that emulates the cryptographic functions of Thales HSM devices. It can be downloaded, installed, and configured to connect to over a network port to test applications designed to integrate with real HSM devices.

Software
1 of 7
Downloaded 33 times
1
2
Most read
3
4
5
Most read
6
7
Most read
HSM & HSM Simulator http://www.unpluggedmind.in
What is HSM? HSM stands for Hardware Security Module. It’s a tamper resistant and incredibly secure physical device which is used to generate/store cryptographic keys and perform cryptographic functions. It detects unauthorized access, trigger alarm and even can remove the cryptographic keys inside to protect the information. There are general purpose and specialized HSMs. Payment industry uses specialized HSM to protect cryptographic keys, sensitive data generation, and validation. Typically it undertakes following functions for payment card personalization and transaction authorization: – Sharing keys securely – Generate PVV, CVV for magnetic strip data – Generate and print PIN mailer – Encrypt/Decrypt/Re-Encrypt PIN block – Verify card security codes – Verify PIN – Verify EMV (chip) data It’s mandatory for industries like payments to use HSM which an expensive device. Hence there are many companies cropped up who offer HSM as a service. Use of HSM for cryptographic functions in payment is de facto and also endorsed by PCI council as part of PCI DSS. PCI also provides security requirement for HSM (link).
HSM (Thales) Simulator The Thales Simulator Library is an implementation of a software emulation of the Thales (formerly Zaxus, formerly Racal) RG7000 Hardware Security Module cryptographic device.
How to Install 1.Go to CodePlex, an open source project archive (https://archive.codeplex.com/?p=thalessim) and download. The source code is available on github (https://github.com/nickntg/thalessimulatorlibrary) as well, but you need to have all the tools to build the solution and then you can get your hands on the installer. 2.Extract downloaded file thalessim.zip. 3.Go to "thalessimwikidownloadWikidocs" directory. 4.Run the Thales Windows Simulator installer. 5.This will install the simulator as "Thales Simulator".
How to Use 1.Run the installed "Thales Simulator“ 2.The default configuration of the simulator is available in ThalesParameters.xml generally available in the installed directory (C:Program Files (x86)NTGThales Simulator) 3.The default port for the simulator is 9998. It can be changed in ThalesParameters.xml. 4.Open a socket and connect the simulator on port 9998. 5.Important!!! All messages need to be prefixed with a 2-byte header i.e; 0000. The purpose of this header is to be able to identify request/response pairs in a high-load scenario. If you send simultaneous requests to the simulator (or a real HSM for that matter), you need to be able to match the correct responses to original requests because they might not arrive in the original order. You can use the header to do that. Sample command for CVV verification is "CYU123456789012345678901234567890121234123456789012345;1212101", prefix it with 2-byte header before sending to the simulator i.e; "0000CYU123456789012345678901234567890121234123456789012345;1212101"
HSM (Hardware Security Module)
Thank You http://www.unpluggedmind.in

More Related Content

PPTX
HSM Basic Training
Md. Budrul Hasan Bhuiyan
 
PDF
RSA SecurID Access
MarketingArrowECS_CZ
 
PPT
Presentation sso design_security
Marco Morana
 
PDF
Secure Your Encryption with HSM
Narudom Roongsiriwong, CISSP
 
PDF
NIST 800-63 Guidance & FIDO Authentication
FIDO Alliance
 
PDF
Securing a Web App with Passwordless Web Authentication
FIDO Alliance
 
PPTX
IBM: Hey FIDO, Meet Passkey!.pptx
FIDO Alliance
 
PPTX
Identity Management
Venkatesh Jambulingam
 
HSM Basic Training
Md. Budrul Hasan Bhuiyan
 
RSA SecurID Access
MarketingArrowECS_CZ
 
Presentation sso design_security
Marco Morana
 
Secure Your Encryption with HSM
Narudom Roongsiriwong, CISSP
 
NIST 800-63 Guidance & FIDO Authentication
FIDO Alliance
 
Securing a Web App with Passwordless Web Authentication
FIDO Alliance
 
IBM: Hey FIDO, Meet Passkey!.pptx
FIDO Alliance
 
Identity Management
Venkatesh Jambulingam
 

What's hot (20)

PPT
6. cryptography
7wounders
 
PPTX
Digital signature(Cryptography)
Soham Kansodaria
 
PPTX
Key management
Brandon Byungyong Jo
 
PPTX
HSM Key change flow using thales
Galih Lasahido
 
PPTX
Diffie Hellman Key Exchange
SAURABHDHAGE6
 
PPT
Message Authentication Code & HMAC
Krishna Gehlot
 
PDF
Payment Hsm Payshield9000
Eugene Sushchenko
 
PPTX
Key Management and Distribution
Syed Bahadur Shah
 
PPTX
Cryptography
Jens Patel
 
PPTX
Cryptography and Information Security
Dr Naim R Kidwai
 
PPTX
Introduction to Public Key Infrastructure
Theo Gravity
 
PDF
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
PPTX
SSL And TLS
Ghanshyam Patel
 
PPTX
Machine Learning for Threat Detection
Napier University
 
PDF
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
PPT
Rsa
ismaelhaider
 
PPT
RC4&RC5
Mohamed El-Serngawy
 
PDF
Authenticated Encryption Gcm Ccm
Vittorio Giovara
 
PDF
Asymmetric Cryptography
UTD Computer Security Group
 
PPTX
Secure Socket Layer (SSL)
Samip jain
 
6. cryptography
7wounders
 
Digital signature(Cryptography)
Soham Kansodaria
 
Key management
Brandon Byungyong Jo
 
HSM Key change flow using thales
Galih Lasahido
 
Diffie Hellman Key Exchange
SAURABHDHAGE6
 
Message Authentication Code & HMAC
Krishna Gehlot
 
Payment Hsm Payshield9000
Eugene Sushchenko
 
Key Management and Distribution
Syed Bahadur Shah
 
Cryptography
Jens Patel
 
Cryptography and Information Security
Dr Naim R Kidwai
 
Introduction to Public Key Infrastructure
Theo Gravity
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
SSL And TLS
Ghanshyam Patel
 
Machine Learning for Threat Detection
Napier University
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Rsa
ismaelhaider
 
RC4&RC5
Mohamed El-Serngawy
 
Authenticated Encryption Gcm Ccm
Vittorio Giovara
 
Asymmetric Cryptography
UTD Computer Security Group
 
Secure Socket Layer (SSL)
Samip jain
 
Ad

Recently uploaded (20)

PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PPTX
Introduction to Artificial Intelligence
lohedi9363
 
PDF
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
PDF
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
PPTX
Online Work Permit System for Fast Permit Processing
SHEQ Network Limited
 
PDF
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
PDF
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
PPTX
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
PDF
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
PPTX
history of c programming in notes for students .pptx
Vijayakumari829030
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PPTX
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
PPTX
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PDF
top salesforce developer skills in 2025.pdf
CloudMetic
 
PDF
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
PDF
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
PDF
System and Network Administraation Chapter 3
jaramharo
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
Introduction to Artificial Intelligence
lohedi9363
 
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
Online Work Permit System for Fast Permit Processing
SHEQ Network Limited
 
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
history of c programming in notes for students .pptx
Vijayakumari829030
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
top salesforce developer skills in 2025.pdf
CloudMetic
 
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
System and Network Administraation Chapter 3
jaramharo
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
Ad

HSM (Hardware Security Module)

  • 1. HSM & HSM Simulator http://www.unpluggedmind.in
  • 2. What is HSM? HSM stands for Hardware Security Module. It’s a tamper resistant and incredibly secure physical device which is used to generate/store cryptographic keys and perform cryptographic functions. It detects unauthorized access, trigger alarm and even can remove the cryptographic keys inside to protect the information. There are general purpose and specialized HSMs. Payment industry uses specialized HSM to protect cryptographic keys, sensitive data generation, and validation. Typically it undertakes following functions for payment card personalization and transaction authorization: – Sharing keys securely – Generate PVV, CVV for magnetic strip data – Generate and print PIN mailer – Encrypt/Decrypt/Re-Encrypt PIN block – Verify card security codes – Verify PIN – Verify EMV (chip) data It’s mandatory for industries like payments to use HSM which an expensive device. Hence there are many companies cropped up who offer HSM as a service. Use of HSM for cryptographic functions in payment is de facto and also endorsed by PCI council as part of PCI DSS. PCI also provides security requirement for HSM (link).
  • 3. HSM (Thales) Simulator The Thales Simulator Library is an implementation of a software emulation of the Thales (formerly Zaxus, formerly Racal) RG7000 Hardware Security Module cryptographic device.
  • 4. How to Install 1.Go to CodePlex, an open source project archive (https://archive.codeplex.com/?p=thalessim) and download. The source code is available on github (https://github.com/nickntg/thalessimulatorlibrary) as well, but you need to have all the tools to build the solution and then you can get your hands on the installer. 2.Extract downloaded file thalessim.zip. 3.Go to "thalessimwikidownloadWikidocs" directory. 4.Run the Thales Windows Simulator installer. 5.This will install the simulator as "Thales Simulator".
  • 5. How to Use 1.Run the installed "Thales Simulator“ 2.The default configuration of the simulator is available in ThalesParameters.xml generally available in the installed directory (C:Program Files (x86)NTGThales Simulator) 3.The default port for the simulator is 9998. It can be changed in ThalesParameters.xml. 4.Open a socket and connect the simulator on port 9998. 5.Important!!! All messages need to be prefixed with a 2-byte header i.e; 0000. The purpose of this header is to be able to identify request/response pairs in a high-load scenario. If you send simultaneous requests to the simulator (or a real HSM for that matter), you need to be able to match the correct responses to original requests because they might not arrive in the original order. You can use the header to do that. Sample command for CVV verification is "CYU123456789012345678901234567890121234123456789012345;1212101", prefix it with 2-byte header before sending to the simulator i.e; "0000CYU123456789012345678901234567890121234123456789012345;1212101"