HSM, Tokenization Appliance, or both?


It is important to understand, that hardware security modules (or HSM) and tokenization appliances represent two types of devices which work together, but cannot replace each other.

A tokenization appliance is intended for implementation of vault functionality. However, some functions related to encryption and decryption of cardholder data, are “delegated” to the HSM. In order to communicate with a hardware security module, a tokenization appliance has a respective API. As PCI compliance requires encryption keys to be changed approximately once a month, a tokenization appliance has in-built key rotation functionality (which an HSM doesn’t have).

An HSM is, basically, intended for encryption and decryption of card numbers, verification of PINs and EMV cryptograms. However, without a tokenization appliance an HSM is unable to decrypt the data.

Together tokenization appliance and HSM enable you to implement a variety of cardholder data protection functions. These include not only tokenization, but point-to-point encryption (P2PE), processing of PINs, as well as card issuance.

 In order to implement vault functionality, it is not necessary to purchase a tokenization appliance. The other two options are licensing of vault software, compatible with your HSM, or developing it yourself.

 More information on tokenization appliances and HSM is available in the respective article on #Paylosophy.

HSM, Tokenization Appliance, or both? обновлено: January 13, 2016 автором: Katherine Pensatori

About UniPay Gateway

UniPay Gateway is the accomplished payment gateway software, being flexible and customizable it meets the requirements of the most demanding clients.

The choice of UniPay gateway is the choice of the reliable, time and industry tested payment solution, which can help your business to become more competitive and profitable.

Request Demo

Recent Press Releases