Root of Trust (RoT) is a source that can always be trusted within a cryptographic system. RoT contains highly reliable hardware, firmware, and software components that perform specific, critical security functions. Because roots of trust are inherently trusted, they must be secure by design. Roots of trust provide a firm foundation from which to build security and trust. Because cryptographic security is dependent on keys to encrypt and decrypt data and perform functions such as generating digital signatures and verifying signatures, RoT schemes generally include a hardened hardware module. A principal example is the hardware security module (HSM) which generates and protects keys and performs cryptographic functions within its secure environment.

An electronic transaction can be considered secure if one or several of the following criteria
can be met:

  • Authenticity: We can assure the origin of the transaction (e.g. the person that signed an electronic document).
  • Integrity: We can ensure that the transaction has not been tampered (e.g. the electronic signature)

Because an HSM is for all intents and purposes inaccessible outside the computer ecosystem, that ecosystem can trust the keys and other cryptographic information it receives from the root of trust module to be authentic and authorized. This is particularly important as the Internet of Things (IoT) proliferates, because to avoid being hacked, components of computing ecosystems need a way to determine information they receive is authentic. The RoT safeguards the security of data and applications and helps to build trust in the overall ecosystem.

Roots of Trust is a critical component of any Public-Key Infrastructure (PKI) to generate and protect Trust Anchor (Certificate Authority) and Certificate Authority keys; CodeSigning to ensure software remains secure, unaltered and authentic; and creating certificates for credentialing and authenticating proprietary devices and other network deployments.

PKI uses cryptographic techniques based in public/private key pairs—two keys with a unique mathematical relationship. Public-key cryptography works in such a way that a message encrypted with the public key can only be decrypted with the private key, and, conversely, a message signed with a private key can be verified with the public key. This technology is the foundation to build the four pillars of transaction security: confidentiality, authentication, integrity, and nonrepudiation.

Related Products

Related Articles

Yubico Launches YubiHSM 2: The World’s Smallest and Best Price/Performance Hardware Security Module, Providing Root of Trust for Servers and Computing Devices

October 31st, 2017|

PALO ALTO, CA – October 31, 2017 – Yubico, the leading provider of authentication and encryption hardware devices for the modern web, today launched the YubiHSM 2, a new, cost-effective Hardware Security Module (HSM) for servers and IoT gateways. The

SPYRUS, Inc. Security Products to Meet DFARS 252.204-7012 Deadline for the Protection of Controlled Unclassified Information (CUI)

October 16th, 2017|

SAN JOSE, CA--(Marketwired - Oct 16, 2017) - SPYRUS, Inc. today announced the immediate availability of SPYRUS® security products supporting the December 31, 2017 DFARS Clause 252.204-7012 deadline for "Safeguarding Covered Defense Information and Cyber Incident Reporting." Recent guidance from

« Back to Glossary Index