IBASEC is used for the SIC and euroSIC payment systems as well as for the securities clearing and settlement system SECOM at SIX. Within the framework of the Swiss financial center infrastructure, the Swiss Value Chain, it guarantees the unadulterated transmission of messages, ensures their unambiguousness as well as the indisputable dispatch and receipt thereof. It is thereby impossible to read messages during their transmission.
The primary requirements and expectations that are met with this unique hardware and software combination are the following:
- Messages must be transmitted unadulterated
- The message sender must be evident
- Sending and receiving of messages cannot be disputed
- Messages must be protected from unauthorized eavesdropping
IBASEC consists of a software application (security server software) and a hardware component (HSM = Hardware Security Module: SafeNet Luna). The security server software constitutes the interface between the gateway application and HSM. Most of the cryptographic operations take place in the HSM; however, some are also conducted through the security server software.
The security and integrity of the payments are guaranteed by means of an electronic signature. When a payment leaves the ordering bank, a signature is generated in the bank's internal IBASEC and attached to the payment. When this payment arrives at SIX, the signature is checked in IBASEC by SIX and a new electronic signature is generated within the same work step. This signature accompanies the payment until it in turn leaves SIX. At that point, the internal signature is checked and at the same a signature is generated for the payment recipient. This signature is checked once the payment arrives at the payment recipient's financial institution. This ensures that the payment is seamlessly protected from manipulation the entire way from the sender to the recipient. The payment is also encrypted. This means that its contents are also unrecognizable as long as it is processed through Finance IPNet.
To ensure that the signatures are unique to each financial institution, at least one key for each logical SIC, euroSIC and SECOM connection must have been exchanged for each financial institution or service office, which means that while the IBASEC from SIX knows all keys, the IBASEC of a financial institution only knows its own.
The development and maintenance of IBASEC are provided by Biveroni Batschelet Partners AG. Key administration is conducted by the SIX Interbank Clearing Operations Center.