Hardware Security Modules

Hardware Security Modules (HSMs) are tamper-resistant hardware devices that customers use
to safestore SWIFTNet Public Key Infrastructure (PKI) security profiles. The keys are generated
inside the HSM and stored encrypted in this device. SWIFT provides HSMs for use with
SWIFTNet PKI. The installation and configuration of the HSM is embedded in the SWIFTNet
Link. Access and use of the HSM is solely through the SWIFTNet Link .

HSM products

The following three HSM products store SWIFTNet PKI security profiles and are supported in
SWIFTNet Link:
• HSM token
a USB-based device which is supported in a Windows environment
• HSM card and card reader
a USB-based device that is supported in a Windows environment. It consists of an HSM card,
Cyberflex, and an HSM card reader for use with a smart card
• HSM box

A LAN-based device which is supported in a Windows, Sun Solaris or IBM AIX environment
An HSM card and an HSM token can store one SWIFTNet PKI security profile each. By default,
an HSM box can store up to 250 SWIFTNet PKI security profiles. Customers can order an
optional large certificate capacity license for their high-throughput class HSM boxes, this licence
allows customers to store up to 2500 SWIFTNet PKI security profiles.
The selection of the appropriate HSM is based on factors such as the SWIFTNet Link platform
type, the expected traffic volume, and the number of SWIFTNet PKI certificates. Users can
install multiples of the same type of HSM on a SWIFTNet Link.