Personal security environment
The term Personal Security Environment (PSU) or English Personal Security Environment (PSE) refers to the art of information security to the area of a storage medium in which secret cryptographic keys , z. B. the private part of a key pair for asymmetric encryption , can be stored protected. This can be a symmetrically encrypted file ( software PSE ) or a special device ( hardware PSE ), e.g. B. a smart card , a USB stick or a hardware security module .
Access to the content of this PSU is only granted to those who have the correct password (for a software PSE) or the correct PIN . In the case of software PSEs, access protection is implemented by encrypting the secret key with the password; in the case of hardware PSEs with their own main processor (e.g. a smart card), it is usually through the access control implemented in the device .
For a hardware PSE with a main processor, protection can go even further. The secret key can usually not be read from the PSU at all; rather, the data to be encrypted are merely transmitted to the PSU, which only returns the encrypted data as a result. The secret key therefore remains in the PSU forever.
Hardware PSEs with a main processor can, unlike a software PSE, log the number of incorrect PIN entries due to their own processor and, in the event of a certain number of unsuccessful attempts, permanently prevent access to the key or even destroy the contents of the PSU (emergency deletion). Brute force attacks on a hardware PSE are therefore significantly more difficult than on a software PSE, which is therefore considered to be significantly less secure in the area of information security. In particular, only hardware PSEs may be used for qualified signatures .