A Hardware Security Module (HSM) is a physical device that can be installed on a network to derive cryptographic keys used to protect sensitive data. You can configure the Utimaco Atalla HSM to store the master secrets used to derive keys requested by SecureData key servers to protect and access data that is protected by SecureData. Keys derived from the master secrets are also used to protect sensitive data on the SecureData Management Console.
In addition to the Utimaco Atalla HSM, OpenText also supports Entrust nShield HSMs. A SecureData system can use either Atalla HSMs or nShield HSMs, but cannot use not both at the same time.
Atalla HSMs use a system image and configuration files designed specifically to work with
SecureData. After installing and configuring the Atalla HSMs, you configure the SecureData Appliances in your system to communicate with the HSMs. When communication is established, use the SecureData Management Console to create an Atalla HSM district.
Creating an Atalla HSM district initiates requests to create master secrets for cryptographic algorithms, including FPE, FFX, AES, IBE BF and IBE BB1. The request for creating master secrets is sent to the HSM via the Atalla HSM Connector. The Atalla Key Block (AKB) responses, returned by the HSM, contain the secrets encrypted with the Atalla HSM MFK (Master File Key). These secrets are stored in encrypted format in the SecureData Appliance.
When requests for keys are sent to a key server, it retrieves the encrypted secrets and any required public parameters from the SecureData Appliance. The key requests are then sent to the Atalla HSM via the Atalla HSM Connector. The HSM responses are returned to the Atalla HSM Connector, which routes them back to the key server from which the request