payShield TMD offers secure, flexible and efficient key management for payment HSMs. It is a compact, intuitive, self-contained secure cryptographic device (SCD) that enables you to perform symmetric key management tasks including securely forming keys from separate components or splitting existing keys retrospectively into new components. payShield TMD generates and shares keys in a manner that is compliant with relevant security standards, including X9 TR-31, ANSI X9.24-1 and PCI PIN Security.
Unlike traditional approaches, these critical key management tasks can be carried out without any physical connection to a production HSM, providing greater operational flexibility without compromising security. For example, a single payShield TMD can form keys for multiple payment HSMs distributed across multiple data centres, enabling large payment processors to create and distribute thousands of Key Encrypting Keys (KEKs) or Zone Master Keys (ZMKs) in a timely and secure manner while eliminating data entry errors.
Each payShield TMD shares one or more Master ZMKs (MZMKs) with the HSMs to facilitate secure exchange of key material. payShield TMD does not require access to the Local Master Keys (LMKs) used by the production HSMs. Keys exchanged between a payShield TMD and an HSM are encrypted under the appropriate MZMK.
Leverage our unique QR code method for key import and export to streamline the process and eliminate data entry errors common in legacy approaches.
Perform all sensitive key management tasks in a secure remote location 24x7. No need to book data centre slots or have physical access to production HSMs.
Take advantage of our standard-based management approach for keys and components when sharing keys with HSMs from multiple vendors.
The payShield Trusted Management Device (TMD) from Thales is a compact, intuitive, self-contained secure cryptographic device (SCD) that enables you to securely manage symmetric keys. TMD generates keys in a manner that is compliant with relevant security standards, including...
payShield 10K is a payment hardware security module (HSM) used extensively throughout the global payment ecosystem by issuers, service providers, acquirers, processors and payment networks. It plays a fundamental security role in securing the payment credential issuing, user...
Increasingly the payments industry standards are demanding more secure solutions for the manual entry of key components into hardware security modules (HSMs). The complexity of physically gathering IT resources inside data centers for key ceremonies, so they can access a...
