payShield Manager offers local and remote management options designed specifically for payShield 10K and payShield 9000 HSMs. The solution enables remote operation of HSMs via a standard browser interface. With the solution, you can leverage smart card access control to establish secure connections with HSMs. payShield Manager enables key management, security configuration and software and license updates to be carried out remotely.
Manage HSMs across all sites from a single, central location. The solution streamlines software and license upgrades, and it features an intuitive interface that reduces risks of errors.
Gain Optimal Flexibility
payShield Manager simplifies logistics by giving you freedom to gain remote access from any location you choose. Remotely track HSM status, so your staff can quickly identify potential issues.
Establish Strong Control
Establish controls based on individual tasks and specific roles. Enforce strong access controls based on digital credentials, which is preferable to relying on physical keys.
- Standard browser (Internet Explorer, Chrome and Firefox) – offering an identical interface for both local and remote modes of operation
- Rapid navigation via intuitive menu system using web-based, accordion presentation style and simple parameter selection
- Virtual console provides support for customer-specific console commands
Local and Remote Device Management
- Online, offline, secure and authorized-state operations, employing smart cards that are used as substitutes for physical keys during local and remote operations
- Local master key (LMK) management – generation, installation and migration
- Interface management – host, alarm, management and printer port settings
- Security configuration settings
- Loading of firmware and license files via HTTPS session.
- Audit trail and error log management
- Diagnostic information – including utilization statistics, configuration settings and health check data
- Establish controls based on individual tasks and specific roles. Enforce strong access controls based on digital credentials, which is preferable to relying on physical keys
- Strong mutual authentication for establishing remote session
- Data encryption to protect all data between user smart cards and HSMs
- AES 256-bit session keys, ECC 521-bit certificates
- GlobalPlatform-compliant smart cards with Thales applet – secure distribution from approved source, not available on open market
- payShield 10K – software built on base V1.0 or later
- payShield 9000 – software built on base V3.0 or later
Smart Card Readers
payShield Manager requires one PC/SC compliant smart card reader to facilitate normal operation of the system. Readers (which incorporate an integral PIN Pad to facilitate secure PIN/password entry) can be ordered from Thales or sourced directly by the end user.
Packs of 6, 30 and 100 smart cards are available for use with payShield Manager.