Thales e-Security Payment HSM

확장 가능한 payShield 9000은 세계에서 가장 광범위하게 사용되는 하드웨어 보안 모듈(HSM)이며, 모든 결제 카드 트랜잭션의 약 80%가 이 지불결제 HSM으로 이루어집니다

payShield 9000

결제 애플리케이션을 위해 특별히 설계된 Thales eSecurity의 payShield 9000은 PIN 보호 및 검증, 트랜잭션 처리, 모바일 및 결제 카드 발행, 키 관리 등의 작업을 수행하는 하드웨어 보안 모듈(HSM)입니다. payShield 9000 지불결제 HSM은 현금 자동 입출금기, POS 시스템, 신용 카드 및 현금 카드 트랜잭션을 위해 신뢰도 높은 보호를 제공합니다.

Payment HSM
입증된 역량 활용

카드 발급, 모바일 프로비저닝 및 결제 트랜잭션 처리를 위해 특별히 설계된 포괄적이며 인증된 보안을 제공합니다. 모든 주요 결제 애플리케이션에 대한 지원을 제공합니다.

규제 준수 비용 절감

구현 및 유지관리를 간소화하고 규제 준수 비용을 절감해줍니다. 발급사, 처리사 및 매입사를 위해 개별화된 유연한 플랫폼과 소프트웨어 옵션이 포함됩니다.

복구력 극대화

이중화된 하드웨어, 현장 지원 가능한 컴포넌트 및 클러스터링과 페일오버를 위한 지원을 제공하여 최고 수준의 비즈니스 연속성을 보장해줍니다.

지원 암호화 알고리즘


  • DES 및 Triple DES (키 길이 112 bit, 168 bit)
  • AES (키 길이 128 bit, 192 bit, 256 bit)


  • RSA (키 길이 최대 4096 bit)


  • MD1
  • SHA-1
  • SHA-2
  • FIPS 140-2 level 3
  • PCI HSM V1 (일부 설정에만 해당)
  • APCA
  • MEPS
키 관리 지원
  • Thales Key Block (ANSI X9.24와 호환; X9 TR-31의 상위 세트)
  • X9 TR-31 Key Block
  • RSA Public Key
  • PIN 및 데이터 암호화용 DUKPT
  • Master/Session Key Scheme
  • Racal Transaction Key Scheme
  • AS2805
기본 소프트웨어 패키지

Thales eSecurity는 고객사 설치 및 사용 요구사항에 밀접하게 부합되는 다양한 기본 소프트웨어 패키지를 제공합니다.

추가적인 소프트웨어 라이선스

기본 소프트웨어 패키지 이외에도, 옵션으로 제공되는 일련의 라이선스를 통해 더 많은 기능을 추가할 수 있습니다. 라이선스는 별도로 구매 가능하며 제품의 수명주기 내 언제나 설치할 수 있습니다.

성능 업데이트

트랜잭션의 볼륨이 증가하면 추가적인 HSM을 설치하여 늘어난 워크로드 요구사항을 충족할 수 있습니다. 또한 기존 HSM에 대한 성능 업그레이드를 구매할 수도 있습니다.

원격 관리

옵션으로 판매되는 전용 라이선스를 통해 각 payShield HSM을 원격 관리하여 운영 비용을 절감할 수 있습니다.

키 매니지먼트 디바이스(KMD)

KMD는 구성 요소로부터 키를 구축해주는 독립형 휴대 장치입니다. 이 장치는 높은 수준의 보안 방식을 사용하기 때문에 운영 HSM과의 물리적 연결이 필요하지 않습니다.

캐비닛 및 러너 키트

다양한 캐비넷 중 각 데이터센터의 스토리지 요구사항에 꼭 맞는 캐비넷을 선택할 수 있습니다. 옵션으로 제공되는 러너는 payShield 9000의 양측면에 맞는 키트로 제공됩니다.

교체용 잠금장치 및 키

payShield 9000은 보안 관리 절차의 일부로 전면 패널에 보안 수준이 높은 잠금장치 2개와 키를 사용합니다. 엄격하게 통제 및 등록된 이 제품들은 일반 시장에서는 구입할 수 없습니다. 잠금장치나 키가 손실 또는 분실되는 경우를 위해, Thales는 교체용 잠금장치와 키 공급 서비스를 제공합니다.

추가적인 스마트 카드

각 payShield 9000에는 빈 LMK 컴포넌트 카드 세트와 테스트용 LMK 카드 세트가 함께 제공됩니다. 다수의 데이터센터에서 운영 및 보안 요구사항을 충족할 수 있도록 6개 카드로 구성된 팩을 추가로 구매할 수도 있습니다.

Data Sheet : payShield 9000

Thales payShield 9000 is a hardware security (HSM) payment module that provides the cryptographic protection required for ATM, point of sale (POS), credit and debit card issuance, and processing Of transactions. Encryption and management functionality meets or exceeds the operational and security requirements of the major international card system, including American Express, Discover, JCB, MasterCard, UnionPay and Visa. It is deployed as an external peripheral for mainframes and servers running card issuance applications, mobile platform provisioning, and payment processing software for the electronic payment industry.


Data Sheet : Key Management Device

The Thales e-Security Key Management Device (KMD) for payment HSMs is a compact, secure cryptographic device (SCD) that enables keys to be formed securely from separate components in a manner that is compliant with relevant security standards including X9 TR-39, ANSI X9.24-1 and PCI PIN Security. With its touch screen graphical user interface, the KMD is simple and intuitive to operate, and is compatible with the full range of Thales payment HSMs including the award-winning payShield 9000. The device configuration and management user interface complies with banking grade security best practices and the installed software is automatically validated for integrity prior to use. Upgrades are supported to meet future functional enhancements and security audit requirements.


Data Sheet : payShield Manager

payShield Manager enables security teams to perform all tasks remote from data centers, reducing costs and delivering greater operational efficiency. payShield Manager is a hardware security module (HSM) management tool specifically designed for the Thales payShield 9000 HSM that operates in both local and remote modes via a standard browser interface. A secure connection to the HSM underpinned by smart card access control enables key management, security configuration and software/license updates to be carried out remotely from the data center.


PCI Approvals for payShield 9000 FAQ

payShield 9000 is independently certified against security standards including FIPS 140-2 and PCI HSM. This FAQ document helps answer questions on broader PCI compliance and how payShield 9000 assists in such efforts.


Case study : CreditCall

CreditCall, a leading payment gateway service provider, saw a huge opportunity to reach a new market with an innovative, mobile point-ofsale (POS) credit card payment technology. In years past, it was difficult for certain types of merchants to utilize mobile POS systems. The technology was expensive – smaller merchants often couldn’t afford the costs or want the long term contractual commitments. Traditional POS equipment requires a physical network connection meaning merchants who provided products or services away from an office or retail location were forced to either operate on a cash basis, missing out on the convenience and security that credit card payments offered, or rent expensive and bulky GPRS terminals. With the enormous popularity of mobile devices, CreditCall envisioned an opportunity to bring face-to-face card payment solutions to a whole new category of smaller businesses and micro-merchants by incorporating portable, low cost card reader devices that could connect wirelessly via (merchant-owned) tablets and smartphones to remote payment gateways. Mobile businesses like gardeners, plumbers and electricians could now accept credit card payments on-site at their customers’ homes. This solution now stands to replace conventional POS systems in certain environments, with low cost readers and mobile device-based application software. This significantly reduces cost and complexity, paving the way for widespread adoption by all types of merchants, not just micro-merchants.


Case study : Mint Payments

With the decline of cash payments, merchants of all sizes are increasingly looking for a flexible, cost effective and secure payments solution to accept EFTPOS (electronic funds transfer at point of sale) and credit card transactions on the go. It is no longer just the established bank acquirers and third party processors that want to offer card-based payment solutions to merchants, with telcos and other service providers looking to integrate card payments into their solutions or expand their current offerings. Together with the increasing desire for integrators to develop payment functions into their mobile apps, a solution supporting secure card acceptance without the traditional merchant POS device installation, configuration and security audit complexity is urgently needed.


Case study : Royal Gate

ROYALGATE, saw a tremendous market opportunity. The trend towards flexibility and mobility was clear – it wasn’t just micro-merchants, doorto-door salesmen and mobile businesses that wanted flexibility to accept card payments anywhere. Larger businesses like restaurants, retail sites and events companies were looking to add value and improve customer service by moving payment transactions away from traditional cashier scenarios and to wherever the customer wanted to pay.


Case study : Swiftch

Swiftch, a nimble start-up company, saw an opportunity to be a part of this cashless society by providing innovative, simple and secure card-based acceptance solutions to all levels of merchants and acquirers. The biggest challenge was to choose an industry leading partner who would be able to assist in delivering a flexible, secure and scalable hardware infrastructure, compliant with the stringent Payment Card Industry Data Security Standard (PCI DSS) security requirements.


Solution brief : Miura

Mobile payment card acceptance solution using Miura Shuttle and Thales payShield 9000. The Thales payShield 9000 HSM is used by the PSP to provide a card scheme certified method for remotely deploying the cryptographic keys required by the Miura Shuttle device for PIN and data encryption and to perform the secure decryption of the payment transaction data prior to onward transmission to the acquirer.


Solution brief : Proxama

Learn how Proxama and Thales simplify NFC payment provisioning and transaction processing while retaining maximum control through Host Card Emulation (HCE) and tokenization. Proxama provides issuers with the flexibility to either enable NFC payment functions in an existing mobile app or wallet, such as mobile banking using Proxama’s HCE Kernel, or to use the Proxama development service to create a bespoke payment app or wallet. The Proxama system uses Thales payShield 9000 HSMs to secure communications with the mobile device to guarantee that the credentials necessary to perform transactions are protected at all times during the delivery and replenishment processes.


Solution brief : Verisoft

Learn how to balance risk and security in mobile payments Build and deploy a complete end-to-end HCE ecosystem quickly and securely with a hardened root of trust. Thales payShield HSM integrates with D8 HCE Server to ensure encryption and secure storage of the keys used to generate EMV cryptograms for issued tokens. - Cover the complete end-to-end ecosystem for HCE-based payments - Separate mobile and card PANs in common customer accounts - Leverage Google Play store for mobile application downloads - Use certified HSMs throughout system to deliver maximum key protection.


인터랙티브 동영상 시청하기 자세히 보기
라이브 데모 예약하기 예약하기
전문가와 상담하기 연락하기