payShield 9000 Options & Accessories
payShield 9000 Options
Base Software Packages
Each payShield 9000 is configured with one of a selection of base software packages that closely reflect the intended usage of the product. The range of packages currently supported includes functionality relevant to transaction processing, magnetic stripe card issuing, EMV card issuing, point-to-point encryption (P2PE), mobile point-of-sale (mPOS), and mobile payments.
In additional to the base software package, additional functions can be added through a series of optional licenses which can be purchased independently and installed at any time throughout the product lifecycle. The functionality supported by the various optional licenses includes secure host communications, user authentication, data protection, enhanced key management (including multiple LMK support), regional payment options, high performance RSA key generation, and PIN/key mailer printing.
payShield 9000 is available in a range of performance levels. As transaction volumes grow the customer has the option to deploy additional HSMs to meet the higher load requirements or if applicable purchase a performance upgrade for an existing HSM. The performance upgrade has the advantage of requiring just an upgraded software license to be applied with no physical hardware changes necessary.
As an alternative to the Local HSM Manager supplied as standard with payShield 9000 (which requires a direct physical connection to the HSM), Remote HSM Manager is a separate standalone system (running on a remote PC/laptop) which provides the ability to perform all administration tasks remote from the data center and without the need for the security team to be in the physical presence of the HSM.
The Key Management Device (KMD) is a standalone handheld device that supports the forming of a key from its constituent components in a highly secure manner without the need to have a physical connection to a production HSM.
Security Resource Manager (SRM) for Tandem Host Systems
The Tandem SRM is a software application that runs on the Tandem host system and is the interface between the host payment application and the bank of HSMs. Its main purpose is to provide load balancing and resilience, enabling the host application to communicate through a simple interface to the SRM without having to manage the complexity of multiple HSMs – they will appear as a logical single HSM resource.
The IBM SRM is a software application that runs on the IBM host system and is the interface between the host payment application and the bank of HSMs. Its main purpose is to provide load balancing and resilience, enabling the host application to communicate through a simple interface to the SRM without having to manage the complexity of multiple HSMs—they will appear as a logical single HSM resource.
Additional Smart Cards
Each payShield 9000 is shipped with a set of blank LMK component cards together with test LMK cards. Additional packs of 6 cards are available to assist with individual user configurations where a large number of cards are necessary to meet operational and security requirements across multiple data centers. All smart cards can be used with all current and legacy Thales payment HSMs – payShield 9000, HSM 8000 and RG7000.
Cabinets and Runner Kits
Customers can choose from a wide range of cabinets of different heights to suit their individual data center storage requirements. Complementary runners are available as kits to fit to the sides of the payShield 9000.
Replacement Locks and Keys
payShield 9000 uses two highly secure locks with associated keys on the front panel as part of the security administration procedures. The items are tightly controlled and registered and are not available on the open market. Thales provides a lock replacement and additional key supply service where for example locks are damaged or keys are lost.
payShield 9000 makes use of USB ports on its rear panel to provide connectivity for peripherals such as consoles and printers. In the legacy range of payment HSMs RS232 D-Type or Centronics parallel printer ports were supplied. For customers needing to reuse legacy cables, Thales is able to provide adapters to convert the end of the cables to the USB format.