| CPC G06Q 20/02 (2013.01) [G06F 9/547 (2013.01); G06Q 20/38215 (2013.01); G06Q 20/4097 (2013.01)] | 18 Claims |
|
1. A payment Hardware Security Module (HSM), comprising:
a first interface configured to allow remote access to the payment HSM over a communication network by at least one remote end-user entity running at least one payment application adapted to use critical resources protected in the payment HSM when said payment HSM is physically hosted in a data center accessible through said communication network;
a second interface supported by a given communication channel over the communication network and configured to allow for main, operational management of the payment HSM by the at-least one remote end-user entity;
a third interface supported by a communication channel over the communication network being distinct and physically isolated from the given communication channel of the second interface, and configured to allow secure access to the payment HSM by a third-party entity, distinct from the at-least one remote end-user entity, for Out-Of-Band (OOB) management of the payment HSM by the third-party entity; and
a processor configured to implement a resident, remotely configurable provisioning state-machine for management of provisioning of the payment HSM for service to one or more end-user entities, through one or more transitioning methods under control of the third-party entity over the third interface as part of the OOB management,
a memory on which are stored machine-readable instructions that, when executed by the processor, cause the processor to additionally perform said remote access allowed by said first interface, said main, operational management allowed by the second interface, and said secure access allowed by the third interface.
|