Overview of HSM Configuration
HID Global provides identity assurance solutions to manage security credentials In the context of ActivID, a credential is a collection of one or more credential elements that together provide some form of digitally provable identity. In the context of PIV, a credential refers to the completed PIV card itself. that are populated in smart cards during the device issuance process. These security credentials (cryptographic keys) control access to smart cards during management operations (such as card application loading and personalization). ActivID Key Management System (KMS) and ActivID Credential Management System (CMS) are complementary products that ensure secure management and issuance of smart cards.
ActivID KMS enables the setup, management, maintenance, backup, and update of Hardware Security Modules (HSMs). HSMs securely store cryptographic key materials and are similar to large-storage, multi-session smart cards. However, unlike smart cards, they are used mainly on the server side of a system.
ActivID KMS ensures that HSMs are loaded with the appropriate cryptographic key materials. These keys are necessary for the ActivID CMS to take possession of the cards and, in turn, personalize the card applications that are securely loaded by ActivID CMS. Cryptographic key materials are sensitive information in the security chain. These keys must be exchanged, stored, and populated in a secure manner. A FIPS Federal Information Processing Standard 140-certified HSM is required to meet a high-security level solution. The following figure shows the interaction between ActivID CMS, and the HSM unit.
ActivID KMS, ActivID CMS, and HSM Interaction