Storing of keys in an HSM is just the start. One has to make sure that they can only be used by adhering to certain rules attached to every key. This makes it impossible for corrupted or hacked applications (or admins) to use the keys, dramatically reducing the risk of having your assets stolen. The Securosys Primus HSM supports adding such rules securely inside the HSM. The feature is named “Smart Key Attributes” (SKA) and can be used for a wide application spectrum, including – but not limited to – for digital signature services according to eIDAS, authorization of blockchain transactions, and much more.
To make the implementation of SKA’s easier, the Securosys Transaction Security Broker provides a REST API and internal state management. It is a standalone engine, which connects to an external database instance and integrates the SKA-enabled Securosys Primus HSM – and is thus uncritical for security, since all security relevant operations are carried out in the HSM.
The TSB can also be used without SKA to provide a REST API for the Securosys Primus HSM.