Hardware Security Modules (HSM) like smartcards are hardware devices that are used to store cryptographic key material in a secure way and to perform cryptographic operations with these keys within the hardware device. HSMs are either PCI cards or network attached appliances – in which a PCI card is running. In contrast to smartcards HSMs can store much more keys, are capable of a bigger variety of cryptographic functions, offer the possibility to backup the key material, are much faster and provide a sophisticated rights management to restrict the access to the key material.
We are using HSMs to store the keys of the certificate authorities of the PKI or for the secure storage of the key material together with privacyIDEA. Therefore we are using HSMs by Thales and Yubico/iQSol.