# Hardware Security Module A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. Main features of Hardware Security Module: - Physical device for managing keys and performing crytographic operations - Keys are typically non-exportable - Ofter provides tamper evidence and tempper resistance features - FIPS 140-2 certified A Hardware Security Module provide the highest security possible for classified information on an extremely high level, such as payment card data, personal information, applications and business critical information. ## Why do you need a Hardware Security Module? - FIPS 140 (The 140 series of Federal Information Processing Standards (FIPS) are U.S. government computer security standards that specify requirements for cryptography modules). The highest level of attainable is Security Level 4 (Overall), to which only one HSM has been successfully validated as of August 2018. - The hardware is to a large extent tamper proof. You cannot break into it, and it will detect and alarm when there is something wrong. - If an HSM is stolen and gets switched off, the cryptographic keys will be removed. Thus, it is a secure solution if you need to protect extremely sensitive information. ## Where Hardware Security Module  > The solution provides cloud-based hardware security modules (HSM) from IBM ## How to use Hardware Security Module  > Diagram show how to use Hardware Security Module in KYC design system We should use HSM as a Service or CloudHSM instead of buy a HSM because: - HSM as a Service provides HSM-grade key storage without the need for HSM. - It is quickly implemented and easily scales to support data, processes and geographic growth. - Cloud-friendly APIs: Provides support for PKCS #11, CNG, JCE, Key Management Interoperability Protocol (KMIP) and RESTful APIs for application development and integration. Sample code is also provided. - Connectivity: Available via public internet with access to multiple cloud service providers and network service providers. Also available via a private backbone network across global data centers. - We don't have experiments to install, choose and manage HSM devices. ## Cloud HSM service price - [AWS CloudHSM Pricing](https://aws.amazon.com/cloudhsm/pricing/) > $1.45 (hour/HSM) and we pay an hourly fee for each HSM you launch until you terminate the HSM. - [Google Cloud HSM pricing](https://cloud.google.com/hsm/) Pay for what you use example $0.15/10.000 operations "RSA 3072, RSA 4096"