Skip to main content

Hardware Security Module (HSM)

Securing your messaging flows

Hardware Security Module (HSM)

Enhance your SwiftNet operations with our HSM, safeguarding PKI credentials for secure data exchange. It provides comprehensive cryptographic key protection, available in two models tailored to your specific security needs: HSM boxes and HSM tokens.

Benefits

Different models to suit your needs
Different models to suit your needs
With two different models available, you can choose an HSM based on your traffic volumes and the level of resilience and scalability you require.
Integrated solution
Integrated solution
Installation and configuration are embedded in SwiftNet Link, which triggers the HSM’s signing operations and monitors correct functioning.
High level of protection
High level of protection
HSMs provide significantly more security than disk-based certificates as the private keys are generated and stored encrypted inside the HSM.

Learn more about Hardware Security Module (HSM)

Talk to one of our Account Managers

Features

  • HSM boxes

    Network-sharable, our HSM boxes offer scalability and resilience and are available with three different throughput classes to meet your needs – low, medium or high-volume. The HSM box is a hardware box accessed over the local area network by SwiftNet Link.

    Boxes can be shared between multiple SwiftNet Links.

    Highly scalable, HSM boxes can support low to high throughput classes and store hundreds of certificates. Each certificate is stored in a separate partition with its own access control protection.

    HSM boxes can be configured in a high-availability cluster, minimising downtime and preserving certificates in case of failure. The boxes have the same certificates and handle the traffic in parallel.

    Contact your Account Manager to find out more.

  • HSM tokens

    If you have lower message volume requirements and manage a limited number of certificates, you can choose to use an HSM token.

    • The HSM token is a hardware token, inserted into the USB port of the PC hosting the SwiftNet Link.

    To use your HSM, plug the HSM token into the USB port of your SwiftNet Link.

    You can remove your HSM token from the PC hosting the SwiftNet Link when not required. You can also move it to another SwiftNet Link, while access to the SwiftNet PKI certificate remains fully secure.

HSM Refresh Programme 2023-2025 

 The current Hardware Security Module (HSM) boxes will reach end-of-life in 2025. To help ensure safe and continuous operations on our network, we’re launching a programme to swap existing boxes for updated models. 

We started in early 2023 and will continue until end 2025. Complying with this programme is mandatory for members of our community, but we’ll be on hand to help along the way. 

Key takeaways 

HSM boxes play an integral role in our security architecture. They enforce the confidentiality and integrity of data exchanged between us and our clients by storing the PKI certificates used for signing and encryption.  

The Thales Luna IS6 boxes have a life expectancy of 8 to 10 years and were first introduced to our community in 2013. 

The ongoing HSM refresh programme will run until end 2025. This will ensure that all impacted customers are upgraded well before their current model reaches end-of-life. 

We’ll subsidise 75% of the one-time overall cost, including delivery costs, for the new HSM boxes if you make your switch on time. 

Get started with HSM refresh

Loading...