payShield Manager

The payShield Manager enables security teams to remotely manage payShield HSMs, yielding cost savings and operational efficiency

payShield Manager

payShield Manager is a remote management solution designed specifically for payShield 9000 HSMs. The solution enables remote operation of HSMs via a standard browser interface. With the solution, you can leverage smart card access control to establish secure connections with HSMs. payShield Manager enables key management, security configuration and software and license updates to be carried out remotely.

Top 10 reasons you can't live without remote HSM management

payShield Manager
Improve Efficiency

Manage HSMs across all sites from a single, central location. The solution streamlines software and license upgrades, and it features an intuitive interface that reduces risks of errors.

Gain Optimal Flexibility

payShield Manager gives you freedom to gain remote access from any location you choose, simplifying logistics. Remotely track HSM status, so your staff can quickly identify potential issues.

Establish Strong Control

Establish controls based on individual tasks and specific roles. Enforce strong access controls based on digital credentials, which is preferable to relying on physical keys.

User Interface
  • Standard browser (Internet Explorer, Chrome and Firefox)—offering an identical interface for both local and remote modes of operation.
  • Rapid navigation via intuitive menu system using web-based, accordion presentation style and simple parameter selection.
  • Virtual console provides support for customer-specific console commands.
Local and Remote Device Management
  • Online, offline, secure and authorized state operations, employing smart cards that are used as substitutes for physical keys during local and remote operations.
  • Local master key (LMK) management—generation, installation and migration.
  • Interface management—host, alarm, management and printer port settings.
  • Security configuration settings.
  • Loading of firmware and license files via HTTPS session.
  • Audit trail and error log management.
  • Diagnostic information—including utilization statistics, configuration settings and health check data.
  • Establish controls based on individual tasks and specific roles. Enforce strong access controls based on digital credentials, which is preferable to relying on physical keys.
  • Strong mutual authentication for establishing remote session.
  • Data encryption to protect all data between user smart cards and HSMs.
  • AES 256-bit session keys, ECC 521-bit certificates.
  • GlobalPlatform-compliant smart cards with Thales applet—secure distribution from approved source, not available on open market.
Smart Card Readers

payShield Manager requires one PC/SC compliant smart card reader to facilitate normal operation of the system. Readers can be ordered from Thales (which incorporate an integral PIN Pad to facilitate secure PIN/password entry) or sourced directly by the end user.

Additional Smart Cards

To supplement the 6 payShield Manager smart cards as part of the product shipment, additional packs of 6, 30 and 100 smart cards are available.

Data Sheet : payShield Manager

payShield Manager enables security teams to perform all tasks remote from data centers, reducing costs and delivering greater operational efficiency. payShield Manager is a hardware security module (HSM) management tool specifically designed for the Thales payShield 9000 HSM that operates in both local and remote modes via a standard browser interface. A secure connection to the HSM underpinned by smart card access control enables key management, security configuration and software/license updates to be carried out remotely from the data center.


Data Sheet : payShield 9000

Thales payShield 9000 is a hardware security (HSM) payment module that provides the cryptographic protection required for ATM, point of sale (POS), credit and debit card issuance, and processing Of transactions. Encryption and management functionality meets or exceeds the operational and security requirements of the major international card system, including American Express, Discover, JCB, MasterCard, UnionPay and Visa. It is deployed as an external peripheral for mainframes and servers running card issuance applications, mobile platform provisioning, and payment processing software for the electronic payment industry.


Data Sheet : Key Management Device

The Thales eSecurity Key Management Device (KMD) for payment HSMs is a compact tamper-resistant security module (TRSM) that enables keys to be formed securely from separate components in a manner that is compliant with relevant security standards including X9 TR-39, ANSI X9.24-1 and PCI PIN Security. With its touch screen graphical user interface, the KMD is simple and intuitive to operate, and is compatible with the full range of Thales payment HSMs including the award-winning payShield 9000. The device configuration and management user interface complies with banking grade security best practices and the installed software is automatically validated for integrity prior to use. Upgrades are supported to meet future functional enhancements and security audit requirements.

インタラクティブなデモを閲覧する デモ
ライブデモの申し込み デモの申し込み
スペシャリストへのコンタクト お問い合わせ