payShield 9000 v3.0 – Product Announcement
payShield Manager is an HSM management tool that operates in both local and remote modes via a consistent standard browser interface.
payShield Manager enables security teams to perform all tasks remote from data centers, reducing costs and delivering greater operational efficiency. It is a hardware security module (HSM) management tool specifically designed for the Thales payShield 9000 HSM that operates in both local and remote modes via a standard browser interface. A secure connection to the HSM underpinned by smart card access control enables key management, security configuration and software/license updates to be carried out remotely from the data center. Flexibility to check the operational status of any HSM is also provided via a dedicated, restricted operator role.
• Reduces operating costs by eliminating the need to manage HSMs inside data centers
• Provides 24 x 7 management even when local physical access to HSMs is not available
• Offers convenient method for regular monitoring checks by restricted users
• Scales easily to support a large estate of HSMs deployed across multiple locations
• Operates seamlessly with VPNs, anti-virus software and firewalls
• Adapts rapidly to evolving organizational needs through management of a white list for device access
*Customers with support contracts will automatically get a free migration to the most suitable new base package that covers their needs when they are upgrading software on an HSM already deployed.
For more information please download payShield 9000 Manager brochure.
Additional New Features in v3.0
• Host Card Emulation (HCE) support
Until the introduction of V3.x base software Thales offered support for the latest Visa, MasterCard and American Express cloud based payments or HCE solutions.
• Triple-length variant LMK
The variant Local Master Key (LMK) that traditionally has been used in the payShield software is a double length key (112 bits), V3.x software provides an additional option to utilize a triple length variant LMK (168 bits).
• PAN tokenization
Many of the new mobile payments schemes are using tokenized PANs rather than the real PANs as part of the transaction authorization. The existing PIN block translation and PIN block verification host commands have been upgraded to enable either real PANs or tokenized PANs to be used.
• TR-31:2010 support
The various TR-31 key block host command have been expanded to support the latest version of the TR-31 specification. Many of the latest mPOS terminals make use of this new specification.