|
|
Building on the SWIFNet Phase2 common security infrastructure, SWIFT has extended the use of SWIFTNet PKI certificates stored on HSMs to the live traffic of the other SWIFT messaging services: InterAct and FileAct. Thanks to this upgrade, customers benefit from the same security level on InterAct and FileAct as the one that was established for FIN.
Since the end of October 2009, all customers using the InterAct and FileAct messaging services must use SWIFTNet PKI certificates with 2048 bits long keys stored on HSMs to sign live traffic.
As of the 3rd of April 2010, SWIFT will reject all InterAct and FileAct live traffic that is not signed by a 2048 certificate with policy ID 1.3.21.6.2.
If you still have 1024 bits keys certificates (including disk certificates, certificates used in a disaster environment or not currently in use), please move these to your HSM without delay with the appropriate policy ID 1.3.21.6.2.
If some certificates are obsolete, then we recommend you to revoke them to stop the invoicing of the certificate maintenance.
This important upgrade brings all services to the same security level as FIN, while strengthening the authentication process. According to international cryptographic best practices, such as NIST 800-78-1, it is necessary to sign business traffic with 2048 bit long keys certificates.
The upgrade is very simple.
Moving a certificate to HSM is a straight forward process. As a Security Officer, all you have to do is initiate a certificate recovery and select policy ID 1.3.21.6.2. This automatically upgrades the length of the associated keys to the required length (2048 bits). The certificate recovery must be performed outside of business hours.