Yubico Introduces YubiHSM to Protect Secrets on Servers

PALO ALTO, Calif. and STOCKHOLM, Apr. 06, 2011 — Yubico, the company behind the popular authentication token YubiKey, today presents a new approach for protecting secrets on authentication servers. The new innovation is named YubiHSM, has the form of a USB key and is designed to protect a server at a yet unmatched simplicity and low cost.

 

Hundreds of thousands of servers around the world are storing sensitive user data and cryptographic secrets related to users. A rapidly increasing number of these servers are being attacked remotely via the Internet, where user data becomes compromised. Despite the growing need for secure servers, the high cost for Hardware Security Modules (HSMs), with a typical price tag starting at 15,000 US Dollars, leaves the vast majority of servers with a low level of protection.

Yubico solved its own security needs by developing an “HSM Light” in the form of a small USB device where sensitive user data and cryptographic operations are moved out from the server to the external device. This approach protects the sensitive information from being remotely compromised. The initial response from partners and security experts convinced the Yubico innovators to offer the YubiHSM to a broader audience.

Yubico is inviting its developer’s community to refine the YubiHSM and define the functionality set of the final product. Developers who would like to contribute with applications and the further development of the open source client software can today apply to get a free beta YubiHSM from Yubico.

“Many universities are running Kerberos and SAML servers, vulnerable for remote attacks. The YubiHSM is an innovative solution, addressing basic security needs at an affordable cost,” says Stefan Wold, Systems Architect at Stockholm University, and one of the developers who has been selected to join the YubiHSM beta program.

The community development will result in a launch of the YubiHSM 1.0, offered in the Yubico web store for 500 US Dollars. 

For more information about the YubiHSM beta program, please click here.

 

About Yubico

Yubico sets new global standards for simple and secure access to computers, mobile devices, servers, and internet accounts.

The company’s core invention, the YubiKey, delivers strong hardware protection, with a simple touch, across any number of IT systems and online services. The YubiHSM, Yubico’s ultra-portable hardware security module, protects sensitive data stored in servers.

Yubico is a leading contributor to the FIDO2WebAuthn, and FIDO Universal 2nd Factor open authentication standards, and the company’s technology is deployed and loved by 9 of the top 10 internet brands and by millions of users in 160 countries.

Founded in 2007, Yubico is privately held, with offices in Sweden, UK, Germany, USA, Australia, and Singapore. For more information: www.yubico.com

Press RoomPress Room

Share this article:


  • Breaking down Australia’s plan to combat AI-driven phishing scamsAcross Australia, cybercrime continues to be a major challenge impacting businesses, critical infrastructure and consumers alike. The use of AI by bad actors across the spectrum of cybercrime is on the rise, and as a result, credential phishing scams are becoming increasingly sophisticated. AI is effectively helping to lower the cost of phishing and increase […]Read moreAIAPACAustraliaphishing
  • 5 fast cybersecurity tips to clean up your digital lifeWith today being Identity Management Day, now is the perfect time to take stock of your online presence, update security settings, and ensure that your personal data remains protected from cyber threats like phishing. We’re also seeing increasing concerns of DeepSeek and other AI tools around data privacy making these kinds of attacks more successful […]Read morebest practices
  • Navigating the PCI DSS 4.0 transition and meeting compliance with phishing-resistant YubiKeysIn just a few days, on March 31, 2025, decision makers in industries that involve payment processing – including financial services, retail & hospitality and telecommunications – are tasked to finalize the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0. This deadline marks a critical juncture for all organizations handling payment card […]Read moreNISTPCI DSSPCI DSS 4.0
  • Building cyber resilience with Yubico and MicrosoftIn today’s digital landscape, cyber threats are evolving at an unprecedented pace: every second, a phishing attack takes place. In fact, over 80% of these attacks are the result of stolen login credentials and almost 70% of phishing attacks relied on AI last year alone. Recent data from Microsoft Entra also reveals a staggering increase […]Read moreMFA mandatesMicrosoft