Thales Host Security Module 8000

The Host Security Module is:
Used for 70% of the world's card transactions
Used by all major card associations
Used for ATM, POS, corporate banking, card issuing, funds transfer and stock/share trading
Easily customised for user applications
Available with support for a wide range of connectivity options and transaction protocols.
Available in various speed variants to give required transaction throughput.
Triple DES capable, using two and three keys, for all functions including the processing of PIN blocks.
Integrated within all major financial industry solution providers applications. Certified to the most rigorous security standards.

Visa/MasterCard/American Express PIN and Card Verification Functions
EMV 3.1.1, EMV 4.0 and 4.1 transaction processing and secure messaging (including PIN Change)
Remote Key Loading for NCR and Diebold ATMs
Triple-DES DUKPT and Australian Transaction Key schemes
RSA key generation, signing and verification
Async, Ethernet, SNA supported on all models
ESCON option available
Message Encryption
Comprehensive Auditing Functionality
Europay Security Platform (ESP)

Typical HSM Applications
ATM Interchange
The HSM is designed for the ATM interchange environment and is in use in many of the worlds major ATM interchange networks. The HSM can be customized to suit individual networks and, if needed, the particular requirements of each member of the network. The wide and growing variety of host interfaces in the HSM means that the needs of each member's system can be readily accommodated. In particular, the AMEX, MasterCard and VISA commands are an integral part of all standard functionality.

EFTPOS
The HSM supports a number of EFTPOS (Electronic Funds Transfer at Point of Sale)
systems in use around the world. Many of the key management concepts required to secure EFTPOS, such as the Racal Transaction Key scheme, were pioneered by Thales and implemented in the HSM. Single and Triple-DES versions of the Derived Unique Key Per Transaction and Australian Transaction Key schemes are also available.


Card Production Facility
The HSM is suitable for use within the client card production area. It can provide a secure means of generating cryptographic card values such as VISA's CVV (Card Verification Value), MasterCard's CVC (Card Verification Code) and American Express CSC (Card Security Code) as well as securely generating PINs and PIN mailers.

Chip Card Support
The HSM supports Credit/Debit and Electronic Purse chip card applications from Visa and MasterCard. The standard HSM software provides transaction processing commands for EMV 3.1.1, EMV 4.0 and 4.1 based systems.

Electronic Purse
The HSM can support VISA Cash, CLIP, and VCEPS processing, enabling card holders to securely reload value to their cards from an ATM or card reload terminal.

Data Integrity
The integrity of information transmitted around and stored within systems is of paramount importance to its users. The integrity of information generated at remote terminals can be secured, using message authentication codes (MACs). The HSM is compatible with WebSentry and Smart Card terminals. A number of applications such as Cash Management and Bond Reconciliation can be secured in this way.

HSM Features
Performance Options
As the banking and financial industries continue to move toward PIN-based and Smart Card security systems, the demand for higher transaction speeds has never
been greater. In its high speed variant, the HSM provides industry leading performance (800 Triple-DES PIN Block translate functions per second), significantly reducing transaction processing time and lowering the cost per transaction.

Flexible Key Management System
In practice, the security offered by any application is only as good as the key management system designed for it. The HSM supports a variety of key management schemes, including Master/ Session Key, Racal Transaction Key, Australian Transaction Key, DUKPT, and Public Key.

RSA Public Key Support
The HSM offers a high-speed Public Key subsystem. RSA Public Key cryptography is used for two primary functions:
1. To generate and verify digital signatures
2. To distribute DES keys encrypted under
an RSA Public Key
The HSM supports RSA key lengths from 320 to 2048 bits. This feature allows the HSM to be used in systems where different key lengths are used for different functions, such as digital signatures and key management. In addition, it protects an organisations technology investment, as the industry is expected to increase key length requirements to keep ahead of increased threats.

 The HSM is a tamper-resistant device that provides the cryptographic facilities necessary for securing transactions in financial networks. The HSM is used to secure a multitude of financial applications around the world ranging from ATM and POS networks to interbank funds transfer and share dealing systems. It is available in various performance variants with a wide range of interface options and protocols allowing connection to all types of host system.