Prism has been producing Payments Hardware Security Modules (HSMs) for over twenty six years. Each new generation HSM model is an evolution from the previous generation, and in this way, Prism has built up a significant set of skills in the design, development, manufacturing and support of HSMs.
Certification Track Record:
- Due to the certification of our HSMs, a high degree of assurance is provided for customers.
- Customers’ security needs are met.
- Prism proactively continues to update its HSM products to meet industry and certification body security requirements as they evolve.
- 2025 – TSM530 PCI HSM V4.0 approval
- 2022 – TSM500i-NSS V1.2 hardware model with CE compliance (IEC 62368-1, EN 55032 & EN 55035 standards)
- 2021 – Updated TSM500i PCI HSM v3.0 approval
- 2019 – TSM250 USB PCI HSM v3.0 approval
- 2018 – TSM500i PCI HSM v3.0 approval (First globally)
- 2013 – TSM500i PCI HSM v2.0 approval (First globally)
- 2010 – TSM500 FIPS140-2 approval with level 4 physical and level 3 overall
- 2004 – TSM410 FIPS140-2 approval with level 4 physical and level 3 overall (First in the southern hemisphere for level 4)
Payments Market Applications:
- For more than twenty years Prism payments HSMs have been used by EFT switches, acquiring and issuing institutions.
- Payments HSMs are plug-in compatible with Postilion® RealTime and Traderoot® software platforms used in payment markets and iZealiant’s 3D Secure Access Control Server (ACS).
- Resources such as tutorials, documentation and development support packs, are available for those starting a new bank or switch.
- The HSMs command set for the banking/EFT environment provides functionality for:
- PIN translation.
- Generation and verification of PIN verification values/offsets (Visa PVV and IBM3624 algorithms).
- Generation and verification of card verification values (VISA CVV, CVV2 and MasterCard CVC).
- Point to Point Encryption (P2PE): ACI Postilion P2PE (V3 block format) and Ingenico BPS Format Preserving Encryption (FPE) P2PE messages.
- Online EMV transaction processing authorisation requests, secure messaging including PIN change for Visa and MasterCard cards.
- Dynamic number (DN) and data authentication code (DAC) verification supported for MasterCard cards.
- Secure key exchange of TDES and AES keys between HSMs using TR-31 and/or ISO20038 key blocks.
- Generation and verification Message Authentication Codes (MAC).
- Data encryption and decryption.
- Key management schemes include:
- Derived Unique Key per Transaction (DUKPT)
- Master/Session
- Distribution of symmetric (TDES) keys under the asymmetric key (RSA)
- ZKA Key Management (PIN encryption and MACing) used by Routex (BP & Oil Co. partners)
Mobile Operators and m-commerce:
- Prism HSMs are used by multiple mobile operators in Africa and South America.
- Applications include in Prism Virtual Top Up (VTU) system <link to VTU on Prism website> and Wireless Internet Gateway (WIG) solution.
- HSMs used in this environment.
Key Injection Facilities, Trust Centres And Key Management Systems:
- For sixteen years, Prism HSMs have been used in key injection/trust centre solutions provided to banks and device suppliers to allow them to inject keys into PED/Pinpad/Terminal devices.
Pin Mailer System:
- Prism has a cost-effective PIN mailer solution using a dot matrix printer which is cost effective for smaller institutions.
- It is compatible with Postilion Postcard®.
EMV Card Data Preparation:
- Prism HSMs have been used to generate EMV card preparation data for over 12 million MasterCard branded SASSA beneficiary cards.
Other Functionality Available:
- RSA key generation, signing, verification supporting RSASSA PKCS1-v1.5 and RSASSA PSS formats.
- Elliptic Curve key generation, ECDSA signing, ECDSA verification.
- HMAC (support using SHA1 through to SHA512).
- Dynamic CVV.
Excellent Price Performance Value:
- Various performance levels from 20 TPS to 600 TPS are available with pricing linked to performance.
- Our products are cost effective which appeals to developing countries.
- There are no additional licensing costs as all features for EFT switches/issuers/acquirers for online transaction processing are included in the EFT firmware.
- HSM performance can be upgraded onsite at the customer’s premises.
- The result is the lowest overall total cost of ownership compared to other HSM brands.
Remote Key Loading:
- The HSM cryptographically pairs with the Prism KLD, which is a secure Key Component Entry Device (KCED), to establish a secure session with end-to-end 256 bit AES encryption.
- The pairing mechanism and end-to-end encryption provides secure communication allowing the Prism KLD to be used with a local connection to the HSM or remotely from the HSM.
- Configuring the HSM with a remote KCED license enables remote use of the Prism KLD.
- When using the Prism KLD remotely the crypto officers and key custodians to gather at a different location to where the HSM is physically located.
- This is more convenient and simplifies the key loading process without sacrificing any security.
Ease of Use:
- With the comprehensive documentation supplied, it is a straightforward process to manage and configure the TSM500i using a web browser-based interface.
General Purpose HSM and Custom Firmware Development:
- Prism can also do custom firmware development to add new functionality to meet customer requirements.
- Furthermore, supporting software for HSMs is developed and supplied.
Warranty and Support:
- Prism provides a 1-year hardware warranty with the option of an extended hardware warranty or service agreement.