Hardware Security Modules

Hardware Security Modules (HSMs) are tamper-resistant hardware devices that customers use
to safestore SWIFTNet Public Key Infrastructure (PKI) security profiles. The keys are generated
inside the HSM and stored encrypted in this device. SWIFT provides HSMs for use with
SWIFTNet PKI. The installation and configuration of the HSM is embedded in the SWIFTNet
Link. Access and use of the HSM is solely through the SWIFTNet Link .

HSM products

The following three HSM products store SWIFTNet PKI security profiles and are supported in
SWIFTNet Link:
• HSM token
a USB-based device which is supported in a Windows environment
• HSM card and card reader
a USB-based device that is supported in a Windows environment. It consists of an HSM card,
Cyberflex, and an HSM card reader for use with a smart card
• HSM box

A LAN-based device which is supported in a Windows, Sun Solaris or IBM AIX environment
An HSM card and an HSM token can store one SWIFTNet PKI security profile each. By default,
an HSM box can store up to 250 SWIFTNet PKI security profiles. Customers can order an
optional large certificate capacity license for their high-throughput class HSM boxes, this licence
allows customers to store up to 2500 SWIFTNet PKI security profiles.
The selection of the appropriate HSM is based on factors such as the SWIFTNet Link platform
type, the expected traffic volume, and the number of SWIFTNet PKI certificates. Users can
install multiples of the same type of HSM on a SWIFTNet Link.


Creation of FIN Messages Page

Page Description ‘Create FIN Message’

Sender Logical Terminal (Top Right)The logical terminal that you want the message to be sent from. You can only send a messagefrom a logical terminal that is licensed for your installation. The value selected in SenderLogical Terminal determines the message syntax version to use.FIN Category (Top Right)You can select a message category from the ones that are available. Each category containsonly the messages that you are allowed to create (as defined in your operator profile).NameThe message type.IdentifierThe internal name of the message type.•DescriptionText that explains the business purpose of the message type.
•VersionMessage Creation StepsTo create a new FIN user-to-user or system message:From the Creation menu, select FIN Message: New.•Select a logical terminal from the Sender Logical Terminal drop-down list.•Select the appropriate message category in the FIN Category drop-down list.•The list of message types available in the selected category appears.

Message Header•In the message header, the identity of the sender and the receiver of the message is specified•We also provide information regarding the priority of the message, as well as other details that are relevant for the particular message.Procedure for completing message header:•In the Sender part, select a unit from the Unit drop-down list. This is the unit to which the message is assigned.•The Sender Logical Terminal field shows the logical terminal that you have selected in the•Click Type to select the type of correspondent sending the message: Institution, Department, or Individual.•The Institution field displays the sender institution BIC8 corresponding to the logical terminal as a read-only value
Message Body•You enter the text of the message in the message body. The layout of the message body varies according to the structure of the message.•The fields that appear depend on the message type selected•Complete the fields in their displayed sequence. Some parts of the body can be collapsed to ease navigation.To complete the body:•Complete all mandatory fields.•Complete any optional fields as needed.
Validate Messages
•You can validate a message on demand at any time and correct any errors or warnings before trying to route or dispose it. Alliance Messenger indicates the fields that contain errors and warnings in a Validation Report.For example, if errors regarding the business relationship between sender and receiver are detected, text in the Validation Report informs you accordingly.  This is an important tool

SWIFTNET LINK: Features and Functions

Basic functionality
The basic functionality of SWIFTNet Link includes transport, formatting, security, and service
management. Through the SWIFTNet Link single-window concept, customers have a re-usable
access infrastructure to SWIFTNet messaging services.

Technical features

SWIFTNet Link has the following features:
• technical interoperability
• application programming interfaces (APIs)
• application programming interface functions
• availability options
• security management

The role of SWIFTNet Link in the SWIFTNet architecture
The diagram illustrates the 3-layer SWIFTNet architecture. SWIFTNet Link resides in the
communication level, which is level 2 of the network model.

What Is SWIFTNet Link?

Business software applications use the SWIFTNet Link (SNL) application programming interface (API) to access and use SWIFTNet services. The SNL is the mandatory network interface to SWIFTNet. SWIFTNet requires SNL for all external interfaces. The SNL also includes background processes that support messaging, security, and service management functions. The SNL is incorporated into SWIFTAlliance WebStation and SWIFTAlliance Gateway (SAG).

SNL establishes a loosely coupled client/server relationship between business application components. Instead of directly invoking methods or functions, the interaction is message-oriented: structured messages are passed between client and server. A business application designed for SWIFTNet services generally consists of a set of clients and servers. The same client or the same server process can be started multiple times. Note that you cannot predict to which process instance of the same application an incoming message request will be delivered. Multiple threads within a client process can invoke the SwCall API function. A server process can have multiple threads as well; however, only one thread can invoke SwCallback. Client and server processes cannot be combined in the same process.

SNL provides a set of transport-level features designed for high availability and high throughput environments. These features include:
 Load balancing
 Location transparency and routing, shielding application components from the underlying transport technology
 Transport-level authentication and confidentiality, packaged within SNL and provided transparently to the application
 Security functions by which business application software may establish end-to-end security (user application to user application), when required.

In terms of programming at the source code level using C++ or Java, there are only two functions: SwCall and SwCallback. SwCall is used by client applications to access server applications through SWIFTNet. SwCallback is used by server applications to respond to clients through SWIFTNet.
The SwCall and SwCallback functions access the functionality of SWIFTNet by passing structured XML messages to and from SWIFTNet. At run-time, SNL includes both software libraries — the code of which executes within the same address space as business application client or server processes — and independent processes (daemons or services), which run in their own address spaces. The software libraries are accessible through the SNL APIs.

What Is SWIFTNet?

SWIFTNet is SWIFT’s advanced Internet protocol-based messaging platform. It offers
four complementary messaging services that provide the security, reliability and availability our customers expect.

What Is SWIFTNet?
As a general purpose, industry-standard solution for the financial industry, SWIFTNet provides an application-independent, single window interface to all the connected applications of all the institutions participating in the global financial community. Actual access is controlled by the business policy decisions of each Service Administrator, not by the technical limitations of the infrastructure.
SWIFTNet provides a basis for assuring business continuity and disaster recovery for the infrastructure of mission-critical financial applications that cross institutional boundaries. SWIFTNet is designed to satisfy institutional community requirements for interoperability of mission-critical financial software solutions.
To interconnected business applications, SWIFTNet provides the following:
Assurance of infrastructure reliability
Role-based and non-role-based access control
Correspondent and message authentication
Message integrity
Non-repudiation support
Message validation
Store and-forward


SWIFTNet Link is a SWIFT software product to access and use the SWIFTNet messaging
services, FIN, InterAct, FileAct, and Browse. SWIFTNet Link embeds the SWIFTNet PKI

SWIFTNet Link is designed to provide the following functionality:

• the necessary minimal functionality to access and use SWIFTNet messaging services over
the SWIFT secure IP network
• the technical interoperability at the customer end between the requestor application and the
network and between the secure IP network and the responder application.

SWIFTNet Link offers built-in transport-level features that include location transparency and
routing. These features are specifically for high-availability and high-throughput application

The diagram “An example of the SWIFTNet Link access to the SWIFT network and the
SWIFTNet messaging services” shows access from SWIFTNet Link to the SWIFT network and

to SWIFTNet messaging services.

%d bloggers like this: