スクウェアがEntrust nShield HSMを導入し、サイバー攻撃者と互角に戦う
この導入事例では、SquareがEntrust nShield Solo XCハードウェア・セキュリティ・モジュールを暗号の信頼基盤として使用してモバイル決済カードリーダーを保護し、PCI DSS順守の効率化をどのように実現したかをご紹介します。
The subsidiary of Block Inc. chose Entrust nShield Solo XC hardware security modules to serve as cryptographic anchors for Square’s mobile payment card readers, enabling secure transactions, data integrity, and compliance with data security standards, including the Payment Card Industry Data Security Standard (PCI DSS).
The San Francisco-based Square was founded in 2009 with a mission to build tools that make commerce easier and more accessible to all. The company’s point-of-sale (POS) software and mobile payment card readers for smartphones and tablets enable merchants to accept card payments in a secure manner without the complexity and cost of managing traditional fixed POS systems. The origin of the now substantial global mobile POS (mPOS) card acceptance market can legitimately be traced back to Square.
As with all companies, data integrity and the security of transactions are mission-critical factors. However, Square has a rather unique philosophy in the way it approaches its security architecture. Most attackers try to exfiltrate data so that they can work in the seclusion of their own systems. Square’s environment was architected from the very outset to prevent that from happening, incorporating hardware security modules (HSMs) as a required element.
ビジネスにおける課題
The numerous regulatory bodies in Square’s sector dictated the need for the selected HSM to be compliant with a wide range of government and payment industry mandates that meet stringent security requirements. Square conforms to multiple standards, including the Payment Card Industry Data Security Standard (PCI DSS).
In addition to making reliability a primary objective, the Square team closely focused on the selection of any component in its architecture capable of compromising data integrity, performance, or the seller experience.
Technical Challenge
The uniqueness and value proposition of Square’s offerings have made the company a resounding success and this has influenced the design criteria for the infrastructure. Square opted to handle scalability at the application layer and this created the need to be able to conveniently move keys between HSMs.
A key factor for selecting the optimal HSM for the Square implementation was a module’s ability to process vast amounts of data. Square profiled its software to understand how many authentication code operations and how many encryption calls were taking place, and replicated this to test HSM performance.
当社のEntrust製品の使用歴は長く、ビジネスの基本ツールとしてEntrustのソリューションを使用し続けることは非常に快適であると感じています。
Neal Harris
Security Engineering Manager, Square
ソリューション
Square’s technical team performed a rigorous evaluation of multiple vendors and selected the Entrust nShield® Solo HSM because of its compelling performance across the full suite of tests. The Entrust solution’s inherent ability to scale – enabled by the seamless sharing of cryptographic keys across HSMs without user intervention or complex key cloning activities – was another of the many standout features.
The success of the Entrust nShield Solo HSM in the cryptographic anchor role has since paved the way for their use in injecting keys into Square’s readers to authenticate the devices. Entrust HSMs are a critical part of the process that provides every Square product with its own unique key.
成果
The fundamental value of the HSM-centric crypto-anchor approach has remained sound over an extended period of time. Several years since Square decided to use Entrust nShield HSMs, the choice of Entrust as a partner continues to hold valid.
The requirement to regularly conduct both internal and external audits can frequently be very labor-intensive and time-consuming. However, the presence of the FIPS-certified Entrust nShield HSM can contribute to streamlining the process.
For example, during its Payment Card Industry Data Security Standard (PCI DSS) audit, Square specifically highlighted that its data is protected by an encryption key, located in the Entrust nShield HSM. The inclusion adds to the volume of evidence provided to the auditors to demonstrate that any potential issues are being handled in a robust and compliant manner.
Entrust nShieldハードウェア・セキュリティ・モジュールを5年間使用していますが、常にすばらしく信頼性が高いと感じています。 HSMに多くのコードを追加しましたが、必要としていたパフォーマンスを発揮し、堅牢性の高い基盤であることが証明されました。
Neal Harris
Security Engineering Manager, Square
関連製品とサービス
Entrust nShield HSM
FIPS-certified, tamper-resistant devices for secure cryptographic processing, key generation and protection, encryption, key management, and more.
nShield Solo HSMs
FIPS-certified, PCI-Express card-based hardware security modules that deliver cryptographic key services to applications hosted on individual servers and appliances.
Entrustプロフェッショナルサービス
Unmatched expertise in the optimal deployment of Entrust solutions, and both architecting and implementing crypto solutions for the world’s most security-conscious organizations.
フォームにご記入いただくと、nShieldハードウェアセキュリティモジュールがお客様のデジタルセキュリティのユースケースをどのように実現できるかについて、当社の専門スタッフがご相談に応じます。
概要
Business Need
- Contribute to the overall ease of attaining multi-agency compliance
- Absolute reliability
- Comply with the Payment Card Industry Data Security Standard (PCI DSS)
Technology Need
- Ability to handle throughput and scale to support business objectives
- Make crypto-anchor architecture a reality
ソリューション
Result
- High cryptography throughput rates
- Elevated protection through crypto-anchor deployment
- Streamlined compliance process
- Rock-solid foundation for layered code