Documente Academic
Documente Profesional
Documente Cultură
DRAFT
This document provides customers with an overview of the key features that SWIFT will introduce
with the HSM usability evolution and their high-level schedule.
Simplify installation
Current The installation process includes multiple manual operations, in particular for
situation the PED functions such as inserting different PED keys multiple times
Objective To optimize user interactions by limiting manual operations such as PED key
insertions, PED prompts and PIN requests to a minimum
Objective To make new and reset boxes accessible with a Remote PED over the network
without the need to access the data centre, by making it possible to initialize a
Remote PED secret on a box in default or reset state over the network
Objective To consolidate all separate keys on one unified PED token when centralized
responsibility for all PED roles on one team or person is desired
To continue to support also the current multi-keys scheme when segregated
responsibility per PED role is preferred
Objective To initialize a partition without requiring any PED operation (under the control
of the HSM admin)
To combine the HSM function Initialize partition with the Alliance Gateway
function Delete certificate within the Admin GUI
To simplify the management of certificates when operating multiple data
centers.
Objective To automate the recovery for a list of certificates through an Alliance Gateway
function run by the SWIFTNet security officers. Such function will combine the
2 steps (set up for recovery and recover) and transparently process initial
secrets for each certificate.
Accounts Synchronisation
Current User accounts and passwords are defined and maintained on each box of a
situation cluster separately. Any update to an account or a password only concerns the
box on which it was changed and, unless also updated on the other boxes,
these will have different account configurations and different password
lifecycles
Objective To synchronize user accounts & passwords, policies and SNL registration
information automatically between all members of the HSM cluster
Objective To make it possible to schedule regular backups of the HSM box content.
- A PED operation will be required to schedule the backups,
- Once scheduled, each backup will run without a PED operation,
- A history of backups will be kept on the box available for restoration if
needed.
Objective To support a higher network latency limit for HSM clusters dedicated for
Browse / WebAccess flows for which throughput requirements are limited
To allow boxes of such an HSM cluster to be distributed over distant data
centres, thereby making the same user certificates useable over multiple data
centres
Benefits Limit the number of certificates required per user for cost efficiency and
operational simplification purposes.
Timeline