The SmartCard-HSM is truely universal and can be used with a large variety of applications.
Secure Web Login
Protect access to sensible information on your website with 2nd factor authentication.
Use a SmartCard-HSM as authentication token via the build-in device authentication PKI or use keys and certificates on a SmartCard-HSM for TLS/SSL client authentication.
Encrypt your e-mail using the S/MIME industry standard available in all major e-mail clients.
The SmartCard-HSM has been tested to work with Mozilla Thunderbird and Microsoft Outlook. Other e-mail clients with support for PKCS#11 or Microsoft CSP should work as well.
File Signing and Encryption
Starting with version 2.1, the GNU Privacy Guard (GnuPG) has build-in support for the SmartCard-HSM.
Use the gpgsm tool to sign, verify, encrypt and decrypt files or S/MIME messaging using your SmartCard-HSM.
Allow users to log into their workstation using a SmartCard-HSM.
Works with Kerberos in an Active Directory environment or using EIDAuthenticate
For Unix environments an integration with PAM and OpenSSH is available.
Protect your keys for remote access to your corporate network using a SmartCard-HSM.
Integration with the SmartCard-HSM has been sucessfully tested with OpenVPN. Other VPN clients supporting a PKCS#11 key store should work.
VeryCrypt allows you to store the key file on a SmartCard-HSM.
CA keys are very sensible. If compromised or lost, you probable need to shutdown your PKI.
Electronically Sign Documents
Electronic document workflows require electronic signatures to prove who created or approved a document.
Use a signature key on a SmartCard-HSM to sign documents using Acrobat Reader, Open Office / Libre Office or any other PDF reader supporting electronic signatures.
Most code signing tools support hardware token with a PKCS#11 or CSP minidriver. Store your code signing keys on a SmartCard-HSM and lock it away while not used.
Physical Access Control
With it's unique build-in device authentication PKI, a SmartCard-HSM has a cryptographically protected unique identity that can be verified in a fast authentication protocol.
An access control terminal can verify authenticity and identity of the device, create a secure communication channel and perform offline PIN verification. The coolPACS project has all the details.
Protect your domain name resolution using DNSSEC and a SmartCard-HSM as secure key store.
Luis D Espinoza Sanchez & Eberhard W Lisse held a session on using the SmartCard-HSM for DNSSEC at the 2015 ICAAN Meeting in Singapore.
Jan-Piet Mens wrote a nice article about integrating the SmartCard-HSM with PowerDNS and how to use a SmartCard-HSM for DNSSEC with BIND, Knot DNS and LDNS/NSD.
ePassports contain a chip that requires a terminal to authenticate before biometric data can be read.
The SmartCard-HSM can be used as key store at any level in the EAC-PKI (CVCA/DS/Terminal). See the EAC-PKI demo for details.
The SmartCard-HSM has build-in support for the secp256k1 Elliptic Curve, the cryptographic algorithm used by Bitcoin.
While your Bitcoins are in the network, spending your Bitcoins requires access to your private Bitcoin key. If someone manages to obtain a copy of your Bitcoin key, then he can spend your Bitcoins and you won't even know until it's too late.
The Smart=BTC project has implemented a Bitcoin Wallet based on a SmartCard-HSM.