Cryptographic architecture

A hardware-based cryptographic system consists of three general components:

>One or more hardware security modules (HSMs) for key processing and storage.

>High-level cryptographic API software. This software uses the HSM's cryptographic capabilities to provide security services to applications.

>Access provider software to allow communication between the API software and the HSMs.

Operating in network mode, a standalone ProtectServer Network HSM Plus can provide key processing and storage.

In network mode, access provider software is installed on the machine hosting the cryptographic API software. The access provider allows communication between the API and the SafeNet ProtectServer Network HSM Plus over a TCP/IP connection. The HSM can therefore be located remotely, improving the security of cryptographic key data

The figure below depicts a cryptographic service provider using the ProtectServer Network HSM Plus in network mode.

Figure 1: ProtectServer Network HSM Plus implementation


Customer Support Portal

SafeNet ProtectToolkit 5.9 Product Documentation  06 January 2020  Copyright 2009-2020 Thales. All rights reserved.