Hardware Security Module (HSM)

Protecting your messaging operations, HSM devices store your SWIFTNet PKI certificates and sign your SWIFT traffic securely

Choosing the HSM model to suit your needs

HSM tokens and HSM cards

If you have lower message volume requirements and manage a limited number of certificates, you may choose to use an HSM token or HSM card.

  • The HSM token is a hardware token which is inserted into the USB port of the PC hosting the SWIFTNet Link.
  • The HSM card is an Integrated Circuit Card that is inserted in a card reader connected to the PC hosting the SWIFTNet Link through a USB port.

To use your HSM, simply plug the HSM token into the USB port of your SWIFTNet Link, or insert the HSM card into the USB card reader supplied.

Both models can be removed from the PC hosting the SWIFTNet Link when not required. They can also easily be moved to another SWIFTNet Link while access to the SWIFTNet PKI certificate remains fully secure.

HSM boxes

Network-sharable, our HSM boxes offer scalability and resilience and are available with three different throughput classes to meet your needs – whether you’re a low, medium or high volume customer. The HSM box is a hardware box accessed over the local area network by SWIFTNet Link.

  • Boxes can be shared between multiple SWIFTNet Links.
  • Highly scalable, HSM boxes can support low to high throughput classes and store hundreds of certificates. Each certificate is stored in a separate partition with its own access control protection.
  • HSM boxes can be configured in a high-availability cluster, minimising downtime and preserving certificates in case of failure. The boxes own the same certificates and handle the traffic in parallel.

Contact your SWIFT account manager to find out more.