A conventional hardware security module (HSM) is a hardware device (e.g., a stand-alone appliance, a PCI card, a USB module, etc.) which electronically connects to a computer system to provide data encryption/decryption services without revealing its encryption/decryption keys. The software running on the computer system typically obtains these encryption/decryption capabilities through an API or network services.
FIPS 140-2 is a standard which defines various security levels (i.e., requirements) for HSMs. For example, an HSM which is provisioned for FIPS 140-2 Security Level 2 may include a tamper-evident coating or seal so that the coating or seal must be broken in order to obtain physical access to the keys/parameters within the HSM. As another example, an HSM which is provisioned for FIPS 140-2 Security Level 3 may include circuitry that “zeroizes” the keys/parameters within the HSM if the HSM is physically opened.