Thales e-Security Payment HSM

payShield 9000は、全世界のカード決済トランザクションの約80%に利用されている決済用HSMです。

payShield 9000

決済用途に特化し設計されたpayShield 9000は、PINの保護や検証、取引の処理、モバイルおよび決済カードの発行、鍵管理などの作業を実行するHSMです。 ATMやPOSによるクレジットカードやデビットカードの取引をセキュアに保護します。

Payment HSM
多機能性

カード発行、モバイルプロビジョニングおよび決済取引処理に特化し設計された総合的なセキュリティを提供し、あらゆる決済用途に対応します。

コンプライアンスにかかる費用の削減

発行会社やプロセッサー、加盟店契約会社を対象として作られたソフトウェアオプションとプラットフォームを搭載。導入とメンテナンスの作業を効率化して、コンプライアンスにかかる費用を削減します。

高付加価値なサポートの提供

冗長ハードウェアや現場でサービス可能なコンポーネント、クラスタリングとフェイルオーバーへのサポート提供により、最大限の事業継続を支援します。

対応する暗号化アルゴリズム

対称

  • DESおよびトリプルDES(鍵長112ビット、168ビット)
  • AES(鍵長128ビット、192ビット、256ビット)

非対称

  • RSA(鍵長最大4096ビット)

ハッシュ処理

  • MD1
  • SHA-1
  • SHA-2
認証
  • FIPS 140-2 level 3
  • PCI HSM V1(一部の構成のみ対象)
  • APCA
  • MEPS
鍵管理サポート
  • Thales Key Block(X9 TR-31のスーパーセットであるANSI X9.24に準拠)
  • X9 TR-31 Key Block
  • RSA公開鍵
  • PINおよびデータ暗号化用のDUKPT
  • マスター/セッション鍵スキーム
  • Racalトランザクション鍵スキーム
  • AS2805
基本ソフトウェアパッケージ

様々な要件に適した基本ソフトウェアパッケージを提供しています。

オプションのソフトウェアライセンス

基本ソフトウェアパッケージに加え、オプションのライセンスを利用することで機能を拡張することができます。製品のライフサイクルにあわせて、いつでも個別に購入およびインストールすることが可能です。

アップグレード

取引量の増加に応じて、追加のHSMを導入し、処理負荷の増加に対応することが可能です。また、既存のHSMのアップグレード版を購入することも可能です。

リモート管理

payShieldのHSMは、専用のオプションライセンスを購入することでリモート管理が可能になり、運用コストを大きく削減することができます。

鍵管理デバイス(KMD)

KMDは、HSMを構成するコンポーネントから鍵を構築する、スタンドアロン型の携帯デバイスです。HSMに物理的に接続する必要はありません。

キャビネットとランナーのキット

固有のデータセンターのストレージ要件に最適なキャビネットを提供します。また、payShield 9000の側面に固定するランナーもオプションにてご購入いただけます。

交換用のロック(錠)と鍵

payShield 9000のフロントパネルには、堅固なロック2個と鍵が設置されています。 ロックまたは鍵を破損・紛失した場合は、タレスにてロックの交換と鍵の再発行を行います。

増設用スマートカード

payShield 9000には、空のLMKコンポーネントカード1セットのほか、テスト用のLMKカードが付属しています。複数のデータセンターにまたがる運用やセキュリティ要件に応じ、追加でカード6枚入りパックを購入いただくことも可能です。

Data Sheet : payShield 9000

Thales payShield 9000 is a hardware security (HSM) payment module that provides the cryptographic protection required for ATM, point of sale (POS), credit and debit card issuance, and processing Of transactions. Encryption and management functionality meets or exceeds the operational and security requirements of the major international card system, including American Express, Discover, JCB, MasterCard, UnionPay and Visa. It is deployed as an external peripheral for mainframes and servers running card issuance applications, mobile platform provisioning, and payment processing software for the electronic payment industry.

Download

Brochure : Payment Credential Issuing using payShield HSMs

Thales HSMs have been used for many years to prepare data for EMV chip cards, personalize the cards and help manage the complete lifecycle of the cryptographic keys and associated payment application credentials. payShield also supports the data preparation and provisioning of mobile devices, wearables and connected devices used to make payments. This document provides an overview of the payShield issuance functionality.

Download

Data Sheet : Key Management Device

The Thales e-Security Key Management Device (KMD) for payment HSMs is a compact, secure cryptographic device (SCD) that enables keys to be formed securely from separate components in a manner that is compliant with relevant security standards including X9 TR-39, ANSI X9.24-1 and PCI PIN Security. With its touch screen graphical user interface, the KMD is simple and intuitive to operate, and is compatible with the full range of Thales payment HSMs including the award-winning payShield 9000. The device configuration and management user interface complies with banking grade security best practices and the installed software is automatically validated for integrity prior to use. Upgrades are supported to meet future functional enhancements and security audit requirements.

Download

Data Sheet : payShield Manager

payShield Manager enables security teams to perform all tasks remote from data centers, reducing costs and delivering greater operational efficiency. payShield Manager is a hardware security module (HSM) management tool specifically designed for the Thales payShield 9000 HSM that operates in both local and remote modes via a standard browser interface. A secure connection to the HSM underpinned by smart card access control enables key management, security configuration and software/license updates to be carried out remotely from the data center.

Download

PCI Approvals for payShield 9000 FAQ

payShield 9000 is independently certified against security standards including FIPS 140-2 and PCI HSM. This FAQ document helps answer questions on broader PCI compliance and how payShield 9000 assists in such efforts.

Download

Case study : CreditCall

CreditCall, a leading payment gateway service provider, saw a huge opportunity to reach a new market with an innovative, mobile point-ofsale (POS) credit card payment technology. In years past, it was difficult for certain types of merchants to utilize mobile POS systems. The technology was expensive – smaller merchants often couldn’t afford the costs or want the long term contractual commitments. Traditional POS equipment requires a physical network connection meaning merchants who provided products or services away from an office or retail location were forced to either operate on a cash basis, missing out on the convenience and security that credit card payments offered, or rent expensive and bulky GPRS terminals. With the enormous popularity of mobile devices, CreditCall envisioned an opportunity to bring face-to-face card payment solutions to a whole new category of smaller businesses and micro-merchants by incorporating portable, low cost card reader devices that could connect wirelessly via (merchant-owned) tablets and smartphones to remote payment gateways. Mobile businesses like gardeners, plumbers and electricians could now accept credit card payments on-site at their customers’ homes. This solution now stands to replace conventional POS systems in certain environments, with low cost readers and mobile device-based application software. This significantly reduces cost and complexity, paving the way for widespread adoption by all types of merchants, not just micro-merchants.

Download

Case study : Mint Payments

With the decline of cash payments, merchants of all sizes are increasingly looking for a flexible, cost effective and secure payments solution to accept EFTPOS (electronic funds transfer at point of sale) and credit card transactions on the go. It is no longer just the established bank acquirers and third party processors that want to offer card-based payment solutions to merchants, with telcos and other service providers looking to integrate card payments into their solutions or expand their current offerings. Together with the increasing desire for integrators to develop payment functions into their mobile apps, a solution supporting secure card acceptance without the traditional merchant POS device installation, configuration and security audit complexity is urgently needed.

Download

Case study : Royal Gate

ROYALGATE, saw a tremendous market opportunity. The trend towards flexibility and mobility was clear – it wasn’t just micro-merchants, doorto-door salesmen and mobile businesses that wanted flexibility to accept card payments anywhere. Larger businesses like restaurants, retail sites and events companies were looking to add value and improve customer service by moving payment transactions away from traditional cashier scenarios and to wherever the customer wanted to pay.

Download

Case study : Swiftch

Swiftch, a nimble start-up company, saw an opportunity to be a part of this cashless society by providing innovative, simple and secure card-based acceptance solutions to all levels of merchants and acquirers. The biggest challenge was to choose an industry leading partner who would be able to assist in delivering a flexible, secure and scalable hardware infrastructure, compliant with the stringent Payment Card Industry Data Security Standard (PCI DSS) security requirements.

Download

Solution brief : Miura

Mobile payment card acceptance solution using Miura Shuttle and Thales payShield 9000. The Thales payShield 9000 HSM is used by the PSP to provide a card scheme certified method for remotely deploying the cryptographic keys required by the Miura Shuttle device for PIN and data encryption and to perform the secure decryption of the payment transaction data prior to onward transmission to the acquirer.

Download

Solution brief : Proxama

Learn how Proxama and Thales simplify NFC payment provisioning and transaction processing while retaining maximum control through Host Card Emulation (HCE) and tokenization. Proxama provides issuers with the flexibility to either enable NFC payment functions in an existing mobile app or wallet, such as mobile banking using Proxama’s HCE Kernel, or to use the Proxama development service to create a bespoke payment app or wallet. The Proxama system uses Thales payShield 9000 HSMs to secure communications with the mobile device to guarantee that the credentials necessary to perform transactions are protected at all times during the delivery and replenishment processes.

Download

Solution brief : Verisoft

Learn how to balance risk and security in mobile payments Build and deploy a complete end-to-end HCE ecosystem quickly and securely with a hardened root of trust. Thales payShield HSM integrates with D8 HCE Server to ensure encryption and secure storage of the keys used to generate EMV cryptograms for issued tokens. - Cover the complete end-to-end ecosystem for HCE-based payments - Separate mobile and card PANs in common customer accounts - Leverage Google Play store for mobile application downloads - Use certified HSMs throughout system to deliver maximum key protection.

Download

インタラクティブなデモを閲覧する デモ
ライブデモの申し込み デモの申し込み
スペシャリストへのコンタクト お問い合わせ