Payshield 9000: The Hardware Security Module That Secures The World'S Payments
Payshield 9000: The Hardware Security Module That Secures The World'S Payments
Payshield 9000: The Hardware Security Module That Secures The World'S Payments
com
payShield 9000
The hardware security module
that secures the world’s payments
payShield 9000
• Delivers comprehensive, certified security specially
designed for cards and mobile secure elements
• Provides off-the-shelf support for all major payment applications
• Maximizes business continuity with high resilience features
• Reduces the cost of compliance with a choice of software
options tailored for issuers, processors and acquirers
• Offers a range of scalable, high performance models
Technical Specifications • ATM Remote Key Loading
• Mastercard OBKM key management
Designed specifically for payment applications, payShield 9000 • Integration with all major payment authorization and
from Thales is a proven hardware security module (HSM) that switching applications
performs such tasks as PIN protection and validation, transaction
processing, mobile and payment card issuance, and key
management. The solution delivers high assurance protection for
Management facilities
automated teller machine (ATM) and point of sale (POS) credit • Secure Host Communications option for TLS authenticated
and debit card transactions. sessions on Ethernet host port
• payShield Manager for secure local and remote management
Key management standards • CipherTrust for secure remote monitoring
• Key Management Device (KMD) option to form keys
• Key management compliant with ASC X9.24 Parts 1, 2 and 3 from components
• ASC X9 TR-31 Key Block support • Console interface for ‘dumb’ terminals
• ASC X9 TR-34 Asymmetric Key Management • SNMP including traps
• Utilization statistics, health check diagnostics and error logs
Cryptographic algorithms
• DES and Triple-DES key lengths 112 & 168 bit Security features
• AES key lengths 128 bit, 192 bit, 256 bit • Multiple master keys options
• RSA (up to 4096 bits) • Two-factor Authentication (2FA) of security officers using
• FIPS 198-1, MD5, SHA-1, SHA-2 smart cards
• Dual control authorization – keys or cards
Performance options • Tamper-resistance exceeding requirements of PCI HSM
• Range of performance options up to 1500 tps and FIPS 140-2 Level 3
• Multi-threading to optimize performance • Detection of cover removal in addition to alarm triggers for
motion, voltage and temperature
Host connectivity • Device ‘hardening’ – ability to disable functions not required
• Asynchronous (v.24, RS-232) by the host application
• TCP/IP & UDP (1Gbps) – dual ports • Audit trails
• FICON
Physical characteristics
Certifications / validations • Form factor : 2U 19” rack mount
• Cryptographic module certified to FIPS: 140-2 Level 3 • Dimensions: 85 x 478 x 417mm (3.35 x 18.82 x 16.42”)
(key erasure on tamper), 6, 81, 180-3, 186-3, 198, • Weight: 7.5kg (16.5lb) with dual PSU
NIST SP800-20, SP800-90(A) • Electrical Supply: 100 to 240V AC Universal input,
• PCI HSM certified versions available 47 to 63 Hz.
• APCA, GBIC, MEPS • Dual power supply option on all models
• Power Consumption: 100W (maximum)
Financial services standards • Operating Temperature: 0 deg C to 40 deg
• ISO: 9564, 10118, 11568, 13491, 16609 • Humidity: 10% to 90% (non-condensing
• ANSI: X3.92, X9.8, X9.9, X9.17, X9.19,
X9.24, X9.31, X9.52, X9.97 About Thales
• ASC X9 TR-31, X9 TG-3/TR-39 The people you rely on to protect your privacy rely on Thales to
• APACS 40 & 70 protect their data. When it comes to data security, organizations
• AS2805 Pt 14 are faced with an increasing amount of decisive moments.
Whether the moment is building an encryption strategy, moving
Card payments support to the cloud, or meeting compliance mandates, you can rely on
Thales to secure your digital transformation.
• American Express/Mastercard/VISA PIN and Card
© Thales - May 2019• FR V3