AWS CloudHSM ã¯ãã¯ã©ãŠãããŒã¹ã®ããŒããŠã§ã¢ã»ãã¥ãªãã£ã¢ãžã¥ãŒã« (HSM) ã§ããããã«ãããAWS ã¯ã©ãŠãã§æå·åããŒãç°¡åã«çæããŠäœ¿çšã§ããããã«ãªããŸããCloudHSM ã§ãFIPS 140-2 ã®ã¬ãã« 3 èªèšŒæžã¿ã® HSM ã䜿çšããŠãæå·åããŒã管çã§ããŸããCloudHSM ã«ãã£ãŠãPKCS#11ãJava Cryptography Extensions (JCE)ãMicrosoft CryptoNG (CNG) ã©ã€ãã©ãªãšãã£ãæ¥çæšæºã® API ã䜿çšããŠãã¢ããªã±ãŒã·ã§ã³ãæè»ã«çµ±åã§ããŸãããŸããCloudHSM ã¯èŠæ Œã«ãæºæ ããŠããã®ã§ã忥çã«å©çšå¯èœãªä»ã®ã»ãšãã©ã® HSM ã«ããŒããã¹ãŠãšã¯ã¹ããŒãã§ããããã«ãªããŸããCloudHSM ã¯ãããŒããŠã§ã¢ã®ããããžã§ãã³ã°ããœãããŠã§ã¢ãžã®ãããé©çšãé«å¯çšæ§ãããã¯ã¢ãããšãã£ãæéã®ããã管çã¿ã¹ã¯ãèªååããå®å
šãããŒãžãåã®ãµãŒãã¹ã§ãããŸããCloudHSM ã¯ããªã³ããã³ãã§ HSM ã®ãã£ãã·ãã£ãŒã远å ããã³åé€ããããšã§ãç°¡åã«ã¹ã±ãŒã«ã§ããŸããåæãã¯å¿
èŠãããŸããã
å®å
šæ§ã«åªãã HSM ã§ã®æå·åããŒã®çæãšäœ¿çš
AWS CloudHSM ã«ãã£ãŠãFIPS 140-2 ã®ã¬ãã« 3 ã«æºæ ãã HSM ã§ãæå·åããŒãçæããã³äœ¿çšã§ããããã«ãªããŸããCloudHSM ã§ã¯ãäžæ£äœ¿çšé²æ¢çãæœããã HSM ãžã® Amazon Virtual Private Cloud (VPC) å
ã§ã®å°çšã·ã³ã°ã«ããã³ãã¢ã¯ã»ã¹ã䜿ã£ãŠãããŒãä¿è·ããŸãã
åæãã®ãªãåŸé課éå¶
AWS CloudHSM ã§ã¯ãå¿
èŠãªæã«å¿
èŠãªå Žæã§ HSM ã®ãã£ãã·ãã£ãŒãããããžã§ãã³ã°ããããã«ãHSM ããªã³ããã³ãã§èµ·åããã³åæ¢ã§ããŸããåæãã¯å¿
èŠãããŸããã
æ¥çåºæºã§æ§ç¯ããããªãŒãã³ãª HSM ã®äœ¿çš
AWS CloudHSM ã䜿çšãããšãPKCS#11ãJava Cryptography Extensions (JCE)ãMicrosoft CryptoNG (CNG) ã©ã€ãã©ãªãšãã£ãæ¥çæšæºã® API ã䜿çšããŠãã«ã¹ã¿ã ã¢ããªã±ãŒã·ã§ã³ãçµ±åã§ããŸãããŸããããŒãä»ã®åžè²©ã® HSM ãœãªã¥ãŒã·ã§ã³ã«è»¢éããŠãAWS å
å€ã«ããŒãç°¡åã«ç§»è¡ããããšãã§ããŸãã
æå·åããŒã®å¶åŸ¡ã®ç¶æ
AWS CloudHSM ã§ã¯ããŠãŒã¶ãŒãäœæã㊠HSM ã®ããªã·ãŒãèšå®ããããã«ãå®å
šãªãã£ãã«ãéã㊠HSM ã«ã¢ã¯ã»ã¹ã§ããŸããCloudHSM ã䜿ã£ãŠçæããã³äœ¿çšããæå·åããŒã«ã¢ã¯ã»ã¹ã§ããã®ã¯ãã客æ§ãæå®ãã HSM ãŠãŒã¶ãŒã®ã¿ã§ããAWS åŽããæå·åããŒãèªèããããšãæå·åããŒã«ã¢ã¯ã»ã¹ããããšã¯ã§ããŸããã
匷åãªèªèšŒã§ããŒãä¿è·
AWS CloudHSM ã§ã¯ã管çãããŒç®¡çã®éèŠãªæ©èœã«äœ¿çšããã¯ã©ãŒã©ã èªèšŒããã客æ§ãæäŸããããŒã¯ã³ã䜿çšããå€èŠçŽ èªèšŒ (MFA) ããµããŒãããŠããŸãã
管çãç°¡å
AWS CloudHSM ã¯ãããŒããŠã§ã¢ã®ããããžã§ãã³ã°ããœãããŠã§ã¢ãžã®ãããé©çšãé«å¯çšæ§ãããã¯ã¢ãããšãã£ãæéã®ããã管çã¿ã¹ã¯ãèªååãããããŒãžãåã®ãµãŒãã¹ã§ãããªã³ããã³ãã§ã¯ã©ã¹ã¿ãŒãã HSM ã远å ããã³åé€ããããšã§ãç°¡åã«ãã£ãã·ãã£ãŒãã¹ã±ãŒã«ã§ããŸãã
Secure Sockets Layer (SSL) ãš Transport Layer Security (TLS) ã¯ããŠã§ããµãŒããŒã®ã¢ã€ãã³ãã£ãã£ã確èªããã€ã³ã¿ãŒããããéããŠã»ãã¥ã¢ãª HTTPS æ¥ç¶ã確ç«ããããã«äœ¿çšãããŸããAWS CloudHSM ã䜿çšããããšã§ãŠã§ããµãŒããŒã® SSL/TLS åŠçããªãããŒãããããšãã§ããŸãããŠã§ããµãŒããŒã® SSL/TLS åŠçã« CloudHSM ã䜿çšããã°ãCloudHSM å
ã«ãããŠã§ããµãŒããŒã®ãã©ã€ããŒãããŒãä¿åããããšã§ããŠã§ããµãŒããŒã®è² æ
ã軜æžããã»ãã¥ãªãã£ã匷åã§ããŸãã
å
¬ééµåºç€ (PKI) ã§ã¯ãèªèšŒå± (CA) ãããžã¿ã«èªèšŒãçºè¡ããä¿¡é Œããããšã³ãã£ãã£ã§ãããã®ãããªããžã¿ã«èªèšŒã¯ãå人ãŸãã¯çµç¹ãèå¥ããããã«äœ¿çšãããŸããAWS CloudHSM ã䜿çšãããšããã©ã€ããŒãããŒãä¿åããèªç€Ÿã®èªèšŒãçºè¡ããçºè¡ CA ãšããŠæ©èœããããšãã§ããŸãã
AWS CloudHSM ã䜿çšãããšãTransparent Data Encryption (TDE) ããµããŒããã Oracle ããŒã¿ããŒã¹ãµãŒããŒã®ããã«ãTDE ãã¹ã¿ãŒæå·åããŒãä¿åã§ããŸããTDE ã䜿ãã°ããµããŒã察象㮠Oracle ããŒã¿ããŒã¹ãµãŒããŒã§ãããŒã¿ããã£ã¹ã¯ã«ä¿åããåã«æå·åã§ããŸãããã ããAmazon RDS for Oracle ã§ã¯ãCloudHSM ã䜿ã£ã TDE ããµããŒãããŠããŸããã
AWS CloudHSM ã¯ç°¡åã«äœ¿çšãéå§ã§ããŸããã³ã³ãœãŒã«ã®ãã¥ãŒããªã¢ã«ã«æ²¿ã£ãŠæ°åã¯ãªãã¯ããã ãã§ãæåã®ãã£ã¬ã¯ããªããããã€ã§ããŸãã

