A Hardware Security Module (HSM) box in the SWIFT context is a secure device used to manage cryptographic keys and perform security operations, such as signing and encryption for SWIFT transactions. Let’s evaluate each option:
•Option A: Private keys
This is correct. The primary function of an HSM box in the SWIFT environment is to securely store and manage private keys, which are part of the Public Key Infrastructure (PKI) used for asymmetric cryptography. Private keys are used for signing messages to ensure authenticity and integrity, and for decryption to maintain confidentiality. The HSM protects these private keys from unauthorized access, aligning with CSCF Control "1.3 Cryptographic Failover," which mandates the use of HSMs to safeguard cryptographic materials. SWIFT documentation specifies that private keys are stored within the HSM, while public keys are distributed separately (e.g., via certificates).
•Option B: Public keys
This is incorrect. Public keys are not stored in the HSM box. Instead, they are embedded in PKI certificates and distributed to other parties (e.g., SWIFT or counterparties) for verification and encryption purposes. The HSM’s role is to protect the sensitive private keys, not to store public keys, which are openly shared as part of the PKI ecosystem.
•Option C: Both private and public keys
This is incorrect. While the HSM may temporarily handle public keys during cryptographic operations (e.g., for certificate validation), its primary and secure storage function is limited to private keys. Storing both types of keys is not a standard practice in SWIFT’s HSM usage, as public keys are managed outside the HSM in certificate repositories or directories.
Summary of Correct Answer:
The HSM box stores private keys (A), ensuring the security of cryptographic operations in the SWIFT environment.
References to SWIFT Customer Security Programme Documents:
•SWIFT Customer Security Controls Framework (CSCF) v2024: Control 1.3 mandates HSMs for storing private keys securely.
•SWIFT Security Guidelines: Details the HSM’s role in managing private keys for PKI operations.
•SWIFT HSM Documentation: Confirms that private keys are stored in the HSM, with public keys managed externally.
========
Submit