Hardware security module

[1] These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server.

[citation needed] HSMs are used for real time authorization and authentication in critical infrastructure thus are typically engineered to support standard high availability models including clustering, automated failover, and redundant field-replaceable components.

Due to the critical role they play in securing applications and infrastructure, general purpose HSMs and/or the cryptographic modules are typically certified according to internationally recognized standards such as Common Criteria (e.g. using Protection Profile EN 419 221-5, "Cryptographic Module for Trust Services") or FIPS 140 (currently the 3rd version, often referred to as FIPS 140-3).

However, with performance ranges from 1 to 10,000 1024-bit RSA signatures per second, HSMs can provide significant CPU offload for asymmetric key operations.

To address this issue, most HSMs now support elliptic curve cryptography (ECC), which delivers stronger encryption with shorter key lengths.

On January 27, 2007, ICANN and Verisign, with support from the U.S. Department of Commerce, started deploying DNSSEC for DNS root zones.

Safeguarding private keys is essential to maintain the security of blockchain processes that utilize asymmetric cryptography.

The synergy between HSMs and blockchain is mentioned in several papers, emphasizing their role in securing private keys and verifying identity, e.g. in contexts such as blockchain-driven mobility solutions.