• No results found

Payment HSM Overview Transaction Processing and Card Issuance. Hermann Bauer Business Development

N/A
N/A
Protected

Academic year: 2021

Share "Payment HSM Overview Transaction Processing and Card Issuance. Hermann Bauer Business Development"

Copied!
12
0
0

Loading.... (view fulltext now)

Full text

(1)

Payment HSM Overview

Transaction Processing

and Card Issuance

Hermann Bauer

Business Development

(2)

General Purpose/PKI HSMs

XML PKCS#11 Microsoft CryptoAPI / CNG Java JCA/JCE OpenSSL

Customization Software Development Kit

International EFT/ Payment Processing (MKII)

Incl. Acquiring/Authorisation and Card Issuance

Incl. End-to-End Online Banking Security (OBM)

Australian Payment Processing (AMB/APCA) CAPS (US POS System) Hundreds of Customizations

ProtectServer line: Subset of Mark II Cmd Set as FM

Luna EFT

Luna SA, SP, IS

Payment/EFT Command Sets

General Purpose Cryptographic APIs

SafeNet HSM Product Line

Functionalities and Target Use

Protect Server Internal Express (PSIe) ProtectServer External (PSE)

Payment/EFT HSMs

Luna G5 and HSM Backup Device Luna PCI / PCI-X

Protect Server Internal Express (PSIe) ProtectServer External (PSE)

(3)

Luna EFT – Payment HSM

EFT/EMV (TP and CI) HSM

SafeNet’s current dedicated Payment HSM

Card Issuance and Transaction Processing Security Functionality

Positioned against Thales 8000/9000 series

Features/Characteristics

1U rack-mount size/dimension

Fast & high-assurance HSM card (common platform with Luna HSM line)

RoHS compliant

FIPS 140-2 level 3 certification (#1524)

PCI-HSM approved

APCA & Amex certification

PIN/Key Mailer on Laser Printer

USB ports for SW upgrades/key backups and PIN/Key Mailer Printing

Communications Interfaces

Low Speed

• Async

High Speed

• (Raw) Ethernet, TCP/IP over Ethernet

Performance Levels

Low (60), Medium (140,280), High (1200, 1600)

Visa PIN Verifies

Large Internal Key Store

HSM- and Host-stored Key Management

Different Command Sets

Mark II, AMB, CAPS, Custom

In-field Upgradeable

Performance, Connectivity, Command Sets

Integration with many Payment

products

(4)

Modern, up-to-date HSM architecture in 1U chassis

PCI-HSM and FIPS 140-2 level 3 certification

Flexible key management (HSM-stored key, host-stored keys or mix)

User-friendly & intuitive GUI-based administration and management

Large internal, configurable secure key storage (up to 9.999 slots per key type)

High performance throughput (up to 1600 tps)

In-field Upgradeability (functionalitly, performance, connectivity)

Combined Transaction Processing and Card Issuance/Personalisation support

Two NICs supporting fail-over and network redundancy (multi-pathing)

Smart Card based or Network-based Backup/Recovery of all (HSM-stored) Keys

Remote HSM administration

Multi-tenancy support (AES keys)

Device monitoring via SNMP v3

PCI-compliant auditing and logging

Comprehensive, Granular Load Sharing and Timeout/Error Handling (via host API)

No separate licenses, all included in standard package

Attractive pricing

Customization friendly

Great support and service

(5)

Luna EFT – Remote HSM Management

Remote HSM Management is provided in the form of a bootable image

The user authentication is done via SafeNet eToken 72K Pro

is a portable two-factor USB authentication token with advanced smart card technology.

Console operations

Key Processing operations

Configuration operations

(6)

Mark II – Payments Functionality

EMV Scripting

Visa Functions

MasterCard Functions

American Express Functions

CEPS functions (electronic purse)

3D Secure Support

Contactless (PayPass & PayWave)

AS2805.6.3 Support Functions

TR-31 Key Block

ZKA functions (Germany)

Italian ABI and debit support (Italy)

APACS Support (UK)

Online Banking Module

HSM status functions

Administrative functions

KM change functions

Transfer functions

EFT terminal functions (incl. DUKPT)

Remote ATM Initialization

Interchange Functions

PIN Management Functions

MAC Management (3DES, HMAC-SHA2, AES)

Data Ciphering Functions (3DES, AES, SEED, FPE)

PIN Issuing Functions (incl. PIN mailer)

EMV Card Issuance (Data Prep & Perso, e.g. GP)

EMV Transaction Processing (incl. CAP & DPA)

One of multiple Payment command sets for Luna EFT

International Payment Transaction Processing & Card Issuance functionality

Mark II functionality covers approx. 200 commands

(7)

ProtectServer Internal Express EFT

ProtectServer External EFT

Low-cost, low performance,

entry-level EFT HSM

Supported OS (all 32-bit and 64-bit)

Windows, Linux, Solaris, AIX

Performance Level

25 tps

Key Entry through host or PIN/Key

Entry Device

Admin utilities

Subset of Luna EFT Mark II facilities

(8)

Payment SW Vendors – HSM Integration

Payment Software Vendor Product Name Business Region Served

ACI Base24-eps + TSS Global ACI / EPS ASx EE ACI / S1 Postilion Global ACI / S2 Systems ON/2, OpeN/2 MEA ACI / Distra e-switch Global AJB Software RTS Americas

Arius Asoft EMEA

Banksoft BPS (Banksoft Pre-Personalisation System) EMEA BPC (Banking Production Centre) SmartVista Global Compass Plus Tranzware Online, Card Factory EMEA, APAC CR2 BankWorld EMEA CSFI u/SWITCHWARE Global CubeIQ AlphaPIN EMEA Distra e-switch APAC, EMEA FIS / EFunds / Oasis Technology Connex, IST/Switch Global HPS PowerCARD EMEA Interblocks iSuite iSwitch APAC, MEA Interpro Switch Americas i-Sprint USO, AccessMatrix UAS MEA

IWI Net+1 APAC

N&TS ACFS EMEA OMA Emirates EFT POS Application MEA

OpenWay Way4 EMV Issuance EMEA, APAC Opus / ECS Electra EFT Switch APAC, EMEA RS2 BankWorks EMEA

S2M SELECT EMEA

Silverlake SIBS APAC SmartSoft/CardTek Ocean EMEA Sparkassen IT Solution Payment Switch EMEA

Sungard CardPro Americas, APAC Tallyho Online Switch Module Americas, APAC

TAS CARD EMEA

TECS TECS Payment System EMEA TietoEnator TransMaster EMEA TPS Iris (Phoenix), Access, Sentinel EMEA TSYS CTL ONLINE, PRIME, NCRYPT Global Collis EMV Host Toolkit, PVT Global Barnes International CPT 3000 EMV PVT EMEA

(9)

Role of HSM in Card Issuance Environment

Bank

HSM Government

Issuer

Card Application

Management System Data Preparation System

Card Manufacturer

OS + Card Application HSM HSM

Card Production System

Personalisation System

Personalizer / Personalization Bureau

KEK KEK KMC KMC

Chip Manufacturer

OS + App encrypted file(s) 9

(10)

Card Issuance Vendors – HSM Integration

Smart Card Vendors

Card Management, Perso and Data Prep

Software Vendors

Personalisation Equipment

Vendors

Gemalto

BellID / ACI

OpenWay

Datacard

G&D

Cryptomathic

TSYS CardTech

NBS

Oberthur

UbiQ

BPC

Mühlbauer

Safran Morpho (Sagem) Datacard / DCS

Compass Plus

Atlantic Zeiser / Böwe-CardTec

ST

CardTek/SmartSoft Banksoft

CIM

Nagra

CardHall/Pronit

Maurer Electronics

Trüb

AustriaCard

OTI

Data Preparation/Personalisation/Card Management Systems

Integration with/Supplier to all Major Smart Card, Card Mgmt, Data Preparation Personalisation SW

and Personalisation Equipment Vendors

via Luna EFT or PSIe or PSE

(11)

Major SafeNet HSM Deployment Areas

Application Space

HSM Product

Customers & Partners

PKI & Authentication

Luna SA

Luna PCI/PCI-E

Luna G5

Luna CA4

Symantec (VeriSign),

GlobalSign, Entrust, Microsoft,

RSA, SafeLayer, OpenTrust,

Kinectis, EJBCA/PrimeKey,

Nexus, …

Card Issuance

ProtectServer Internal Express

ProtectServer External

G&D, Gemalto, Oberthur,

Morpho, DataCard, Mühlbauer,

BellID, Cryptomathic, CardHall,

OpenWay, BPC, TSYS,

Compass Plus, …

Wholesale Payments

Luna IS

Luna SA

Luna SP

SWIFT (ww)

SIX (Swiss Payment Systems),

Retail Payments

Luna EFT

Banks and Processors (ww)

ACI, FIS, OpenWay, TSYS

BPC, Compass Plus, HPS,…

(12)

References

Related documents

In the Credit Card Processing with Element solution, when you are accepting a payment for a credit card transaction, typically when a customer is present with their card or using

When simulating scenarios with a very large number of network participants, typical microscopic approaches become quickly reach their limits. Applications that are time critical

Fin If you like the - coup de théâtre for Poirot, it’s the summing up, I mean, that is, because he could - I mean, Agatha Christie could - have had Poirot come in, into

This report covers information about the market share of the global digital asset management market by geography based on the three key regions of the Americas, EMEA, and APAC.. The

The report covers the Americas, and the APAC and EMEA; it also covers the global converged infrastructure market landscape and its growth prospects in the coming years.?. - Nutanix -

Card-based payment transaction: a service based on a payment card scheme’s infrastructure and business rules to make a payment transaction by means of any card,

No matter what size or type of business – whether you run a retail store, restaurant, health care office or delivery service – we have the perfect solution to simplify your

Westpac Internet Payment Solution Plus (WIPS Plus) is a secure online credit card payment solution that enables you to process credit card payments in a ‘card not