{"id":5134,"date":"2022-03-16T15:47:25","date_gmt":"2022-03-16T07:47:25","guid":{"rendered":"https:\/\/www.progreso.com.sg\/newsite\/?post_type=all_news&p=5134"},"modified":"2022-03-16T16:34:38","modified_gmt":"2022-03-16T08:34:38","slug":"hardware-security-modules-hsm-digital-identities","status":"publish","type":"all_news","link":"https:\/\/www.progreso.com.sg\/newsite\/all_news\/hardware-security-modules-hsm-digital-identities\/","title":{"rendered":"Blog: Understanding the Role of Hardware Security Modules in Digital Identities for Humans"},"content":{"rendered":"\t\t
\n\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

On 23 July 2014, the European Union established\u00a0eIDAS<\/a>\u00a0(electronic IDentification, Authentication and trust Services) that regulates electronic transactions, electronic signatures, involved bodies, and their embedded processes. Having taken effect on 1 July 2016, eIDAS provides a safe way for users to perform actions such as electronic funds transfers or transactions with government agencies.<\/p>

eIDAS created standards for trust services to ensure that digital identities, including those for humans remain secure with the presumption of integrity, and are exclusively linked to the individual, entity, or machine through cryptographic protections. Such strict eIDAS standards require the security that\u00a0hardware security modules (HSMs)<\/a>\u00a0offer. Here we will examine the role that HSMs play in securing digital identities for humans.<\/p>

Digital Identity with eIDAS<\/h2>

One of the greatest things to come out of eIDAS is it has provided the means to facilitate secure and seamless electronic transactions across EU member state borders and ideally with non-EU countries. A digital identity opens the door for a person with an officially authenticated identity to conduct business electronically, including signing legal or financial documents. However, this means first securing an electronic identification.<\/p>

As defined under eIDAS, an \u201celectronic identification” means the process of using person identification data in electronic form uniquely representing either a natural or legal person, or a natural person representing a legal person.<\/p>

For an electronic identification to be performed, the process of authentication. According to eIDAS, this is \u201can electronic process that enables the electronic identification of a natural or legal person, or the origin and integrity of data in electronic form to be confirmed.\u201d This process is performed through a trust service provider (TSP). A TSP is an entity that provides and preserves digital certificates that are used to authenticate digital identities.<\/p>

Role of HSMs with Digital Identity<\/h2>

The Common Criteria Protection Profile \u2013 Cryptographic Module for Trust Service Providers outlines the security requirements that TSPs must follow with their authentications services under eIDAS. A cryptographic module, such as an HSM is required to generate and\/or protect the secret keys and other sensitive data and control the use of such data for one or more cryptographic services to support TSP trust services.<\/p>

An HSM that is Common Criteria-certified according to the eIDAS Protection Profile (PP) EN 419 221-5 \u201cCryptographic Module for Trust Services\u201d allows trust service providers to be in compliance with the policy and its security requirements. Such HSMs:<\/p>