Default banner

payShield Manager

The payShield Manager enables security teams to remotely manage payShield HSMs, yielding cost savings and operational efficiency

payShield Manager

payShield Manager offers local and remote management options designed specifically for payShield 10K and payShield 9000 HSMs. The solution enables remote operation of HSMs via a standard browser interface. With the solution, you can leverage smart card access control to establish secure connections with HSMs. payShield Manager enables key management, security configuration and software and license updates to be carried out remotely.

  • Benefits
  • Specifications
  • Accessories

Improve efficiency

Manage HSMs across all sites from a single, central location. The solution streamlines software and licence upgrades, and it features an intuitive interface that reduces risks of errors.

Gain optimal flexibility

payShield Manager simplifies logistics by giving you freedom to gain remote access from any location you choose. Remotely track HSM status, so your staff can quickly identify potential issues.

Establish strong control

Establish controls based on individual tasks and specific roles. Enforce strong access controls based on digital credentials, which is preferable to relying on physical keys.

User interface

  • Standard browser (Internet Explorer, Chrome and Firefox) - offering an identical interface for both local and remote modes of operation
  • Rapid navigation via intuitive menu system using web-based, accordion presentation style and simple parameter selection
  • Virtual console provides support for customer-specific console commands

Local and remote device management

  • Online, offline, secure and authorised-state operations, employing smart cards that are used as substitutes for physical keys during local and remote operations
  • Local master key (LMK) management – generation, installation and migration
  • Interface management – host, alarm, management and printer port settings
  • Security configuration settings
  • Loading of firmware and licence files via HTTPS session.
  • Audit trail and error log management
  • Diagnostic information – including utilisation statistics, configuration settings and health check data

Security

  • Establish controls based on individual tasks and specific roles. Enforce strong access controls based on digital credentials, which is preferable to relying on physical keys
  • Strong mutual authentication for establishing remote session
  • Data encryption to protect all data between user smart cards and HSMs
  • AES 256-bit session keys, ECC 521-bit certificates
  • GlobalPlatform-compliant smart cards with Thales applet – secure distribution from approved source, not available on open market

HSM compatibility

  • payShield 10K - software built on base V1.0 or later
  • payShield 9000 - software built on base V3.0 or later

Smart card readers

payShield Manager requires one PC/SC compliant smart card reader to facilitate normal operation of the system. Readers (which incorporate an integral PIN Pad to facilitate secure PIN/password entry) can be ordered from Thales or sourced directly by the end user.

Smart cards

Packs of 6, 30 and 100 smart cards are available for use with payShield Manager.