Hardware security modules (HSMs), just like smart cards, are hardware devices on which key material is securely stored and cryptographic functions can be performed using this key. HSMs are designed as PCI plug-in cards or as network-attached appliances – in which the corresponding PCI card also operates. Unlike smartcards, HSMs can store much more key material, often handle more cryptographic functions, are significantly faster than smartcards, and usually have more sophisticated rights management to access and use the key material.
We are using HSMs to store the keys of the certificate authorities of the PKI or for the secure storage of the key material together with privacyIDEA. Therefore we are using HSMs by Thales and Yubico/iQSol.