What is the difference between a General Purpose (GP) HSM, Cloud HSM and Payment HSM?

As the term implies, a GP HSM is used to secure general data through encryption. It might be used to encrypt databases, to sign documents and certificates, and to support PKI infrastructures.

A Payment HSM is designed specifically for the card payments sector. It has specific facilities for processing data types such as PINs, PANs, CVVs, tokens, and key components. Its performance is optimised for high-volume symmetric encryption of small data elements. A Payment HSM also needs to undergo security approval by the Payment Card Industry Security Standards Council (e.g. PCI SSC). Payment HSMs can be used for some GP tasks, but they are not optimised for this. There have been attempts to enable GP HSMs to be used for payments, but these have not been successful.

The term “Cloud HSM” is a general term to indicate a HSM which is not located on the user’s premises but is accessed remotely in a data centre which is in the public Cloud, or in a private Cloud.

Share this entry: