Physical Security

The HSM Dinamo uses physical security mechanisms to prevent access to its interior, thus guaranteeing its integrity by preventing unauthorized use, modification or replacement of HSM components. The mechanism used evidences, resists, detects and responds to attempted violations.

The HSM has a supervisor circuit that registers and responds to violations of the cryptographic boundary. The HSM's response is independent of the operating mode configured: if the device is on, the Server Master Key will be destroyed in the volatile memory and the device will immediately shut down; if the device is off, the supervisor circuit will record the violation. This circuit has an internal battery to maintain the volatile memory that stores critical safety parameters; a power management sub-circuit means that the battery charge only needs to be used when the device is disconnected from the AC power source and in the event of a breach the battery is disconnected.

Upon activation of the HSM following the violation, the operator will be notified of the event and will have the option to continue operating. The TAMPERED status is recorded and can only be removed by the HSM manufacturer.

The cryptographic border is made of steel, a rigid, resistant material that is opaque to visible light. Any unauthorized attempt to access the interior (such as drilling or cutting the material) will result in obvious damage to the HSM, indicating a breach.

The ventilation slots are built with offset parts to prevent physical access by probes or improper observation of the interior.

The only authorized means of physical access to the inside of the HSM is by removing the top maintenance cover. This cover is protected by sensors that detect attempts to remove it. Activating these sensors immediately starts the process of destroying unencrypted information in the memory and switching off the HSM if it is switched on; if the equipment is switched off, the supervisor circuit will record the violation. The device also has a temperature sensor for both the upper and lower levels.