PKI Key and Certificate Security
Secure storage and protection of private keys is integral to the security of the Asymmetric Key Cryptography used in a PKI. If a Certificate Authority's (CA's) root key is compromised, the credibility of financial transactions, business processes, and intricate access control systems is adversely affected.
Therefore, in a PKI environment – particularly one integral to business processes, financial transactions, or access controls – it is essential that private keys be guarded with the highest level of security possible via a dedicated security device -- a hardware security module (HSM). Thales provides these solutions on-premises with the marketing leading Thales Luna HSMs, and as a service in the cloud with its groundbreaking Thales Data Protection On Demand - a cloud-based HSM.
HSMs for PKI Encryption Key Management
Organizations deploy Thales's HSMs, which work in conjunction with a host CA server to provide a secure hardware storage location for the CA's root key or subordinate CAs' private keys. It is separately managed and stored outside of the operating system software, thus preventing theft, tampering, and access to the secret key material.
Thales HSM Highlights:
- FIPS 140-2 validation
- Hardware-secured key generation, storage, and backup
- Hardware-secured digital signing
- PKI-authenticated software updates
- Host-independent, two-factor authentication
- Enforced operational roles
Explore Thales MobilePKI solutions
"Security is so important to our clients. We needed a solution that would provide the level of trust our customers were demanding. Thales solutions not only provided the security we were looking for but did so in a way that won't hinder the development and expansion of our business. Our overall experience was very positive."
- Maxim Shelemekh, Head of IT Risk and Control at ProminvestBank
Read the Case Study
Learn more about HSMs
