nShield solo

La familia nShield de los HSM de uso general

Los módulos de seguridad hardware (HSM) nShield brindan una solución segura para generar claves de cifrado y firma, y crean firmas digitales, datos de cifrado y más.

Qué hacen los HSM nShield

Los HSM nShield ofrecen un entorno de seguridad fortalecido que resguarda el procesamiento de cifrado, la generación y protección de claves, el cifrado, entre otros. Disponible en tres factores de forma certificados según FIPS 140.2, los HSM nShield admiten una variedad de situaciones de instalación.


BENEFICIOS CLAVE
Arquitectura poderosa

Todos los HSM nShield se integran con la singular arquitectura Security World de Thales. Con esta tecnología probada, puede combinar diferentes modelos HSM nShield para crear un ecosistema unificado que brinde escalabilidad, una perfecta conmutación por error y equilibrio de carga.

Rendimiento y versatilidad

Con los HSM nShield, usted solo compra lo que necesita para cumplir sus requisitos de rendimiento específicos. nShield Connect y Solo están disponibles en tres modelos que ofrecen diversos niveles de rendimiento, incluida una amplia variedad de opciones ECC que brindan velocidades de transacciones líderes en el sector.

Proteja sus datos y aplicaciones patentadas

Los HSM Connect y Solo de nShield no solo protegen sus claves y datos confidenciales, sino que además brindan un entorno seguro para ejecutar aplicaciones confidenciales. La opción CodeSafe le permite ejecutar un código dentro de los límites de nShield, lo cual resguarda sus aplicaciones y los datos que se procesan en ellas.


USOS DEL PRODUCTO
Infraestructuras de claves públicas

Los HSM nShield generan y protegen claves raíz y de entidades de certificación (CA), lo cual permite respaldar las PKI en una variedad de casos de uso.

Firma de código

Los HSM nShield firman el código de su aplicación, de modo que puede confiar en que su software continúa siendo seguro, auténtico y sin alteraciones.

Certificados digitales

Los HSM nShield crean certificados digitales para certificar y autenticar los dispositivos electrónicos patentados para las aplicaciones loT y demás implementaciones en la red.

nShield Solo HSMs

nShield Solo HSMs are low-profile, embedded PCI-Express cards that provide cryptographic services to one or more applications hosted on a single server or appliance. These hardened, tamper-resistant cards perform encryption, digital signing and key generation on behalf of an extensive range of commercial and custom-built applications, including certificate authorities, code signing and more.

The nShield Solo series includes nShield Solo+ and the new high-performance nShield Solo XC, which offers superior asymmetric and symmetric performance and best-in-class elliptic curve cryptography (ECC) transaction rates.

Highly flexible architecture

All nShield HSMs integrate with the unique Security World architecture from Thales. With this proven technology, you can combine different nShield HSM models to build a unified ecosystem that delivers scalability, seamless failover and load balancing.

Process more data faster

nShield Solo HSMs support some of the highest cryptographic transaction rates in the industry, making them ideal for enterprise retail, IoT and other environments where throughput is critical. The nShield Solo XC offers our highest transaction performance rates and features host-side virtualization support.

Protect your proprietary applications and data

nShield Solo HSMs don’t just protect your sensitive keys and data; they also provide a secure environment for running sensitive applications. The CodeSafe option lets you execute code within nShield boundaries, protecting your applications and the data they process.

Certified hardware solutions

Thales has earned a broad set of certifications for nShield products. These certifications help our customers to demonstrate compliance while also giving them the assurance that their nShield HSMs meet stringent industry standards.

Security compliance:

  • FIPS 140-2 Level 2 and Level 3
  • Common Criteria EAL4+ (AVA_VAN.5) for nShield Solo+ models
  • Recognition of nShield Solo+ as a Qualified Signature Creation Device (QSCD)

Safety and environmental standards compliance:

  • UL, CE, FCC, C-TICK, Canada ICES
  • RoHS2, WEEE
High transaction rates

Compared to competitive HSMs, nShield Solo HSMs boast faster elliptic curve cryptography (ECC) transaction rates, as well as high RSA transaction rates. ECC, one of the most efficient cryptographic algorithms, is particularly favored where low power consumption is crucial, such as applications running on small sensors or mobile devices. nShield Solo HSMs are excellent solutions for securing IoT devices as well as traditional enterprise applications.

nShield Solo Models 500+ XC Base 6000+ XC Mid XC High
RSA Signing Performance (tps) for NIST Recommended Key Lengths
2048 bit 150 430 3000 3500 8600
4096 bit 80 100 500 850 2025
ECC Prime Curve Signing Performance (tps) for NIST Recommended Key Lengths
256 bit 540 680 2400 5500 16,000
Wide support for APIs, cryptographic algorithms and OSs

Supported APIs

  • PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI, and CNG

Supported Cryptographic Algorithms

  • Asymmetric public key algorithms: RSA, Diffie-Hellman, ECMQV, DSA, KCDSA, ECDSA, ECDH
  • Symmetric algorithms: AES, AES-GCM, ARIA, Camellia, CAST, RIPEMD160 HMAC, SEED, Triple DES
  • Hash/message digest: SHA-1, SHA-2 (224, 256, 384, 512 bit), HAS-160
  • Full Suite B implementation with fully licensed ECC including Brainpool and custom curves

nShield HSMs offers support for the majority of these cryptographic algorithms as part of the standard feature set. For organizations wishing to use ECC or South Korean algorithms, optional activation licenses are needed.

Operating Systems

  • Windows and Linux
  • nShield Solo+ additionally supports Solaris, IBM AIX, HP-UX and virtual environment AIX LPARs.
  • nShield Solo XC also supports virtual environments Citrix XenServer 6.5, VMware ESXi 5.5, and Windows Server 2012R2 Hyper-V.
Reliability
Model MTBF (hours)
Solo XC 726,461
Solo+ 1,105,978

Calculated at 25C operating temperature using Telcordia SR-332 “Reliability Prediction Procedure for Electronic Equipment" MTBF Standard.

Performance ratings and options

To meet the performance needs of your application, Thales e-Security provides a variety of nShield Connect models.

Client licenses

nShield Connect HSMs ship with three client licenses, each allowing a connection to an IP address. Additional licenses are available for purchase. The maximum number of client licenses supported varies by nShield Connect model as shown in the table below.

Max # Client Licenses per Connect Model XC Base/ 500+ XC Mid/ 1500+ XC High/ 6000+
Maximum Client Licenses 10 20 100
CodeSafe

CodeSafe is a powerful, secure environment that lets you execute applications within the secure boundaries of nShield HSMs. Sample applications include digital meters, authentication agents, digital signature agents and custom encryption processes. CodeSafe is available with FIPS 140-2 Level 3 certified nShield Solo and nShield Connect HSMs.

Remote Administration Kits

Remote Administration Kits

nShield Remote Administration lets operators manage distributed nShield HSMs—including adding applications, upgrading firmware, checking status, re-booting and more—from their office locations, reducing travel and saving money. Remote Administration Kits contain the hardware and software needed to set up and use the tool. These kits are available for nShield Solo and nShield Connect HSMs.

CipherTools Developer Toolkit

The CipherTools Developer Toolkit is a set of tutorials, reference documentation, sample programs and additional libraries. With this toolkit, developers can take full advantage of the advanced integration capabilities of nShield HSMs. In addition to offering support for standard APIs, the toolkit enables you to run custom applications with nShield HSMs.

Database Security Option Pack

Databases often contain an organization's most sensitive data. To help customers protect their data, major database vendors have implemented native encryption in their products. The nShield Database Security Option Pack adds support for Microsoft’s Extensible Key Management (EKM) API, helping organizations to better protect the keys that safeguard sensitive data in Microsoft SQL Server.

nToken

nToken

Security teams that want to strongly authenticate their nShield Connect HSM clients can use nTokens PCIe cards to do hardware-based host identification and verification.

Elliptic Curve Cryptography (ECC) activation

The ECC activation license enables EC-DH, EC-DSA and EC-MQV to be used on an nShield HSM.

KCDSA activation

With the KCDSA activation license, you can use the Korean Certificate-based Digital Signature Algorithm (KCSDA) as well as HAS-160, SEED and ARIA algorithms on an nShield HSM.

Slide rails

Slide Rails

Thales offers optional slide rails that let users mount nShield Connect in a 19" rack without a shelf. Thales recommends that customers use these slide rails exclusively as parts from other manufacturers may not be compatible.

Keyboard

Keyboard

Many functions of nShield Connect HSMs can easily be executed using the touch wheel at the front of the unit. Thales offers an optional USB keyboard for even greater ease of use.

Field replaceable parts

nShield features parts that operators can replace in the field, without downtime. These parts include the following:

  • Power supply unit (PSU)
  • Dual, hot-swap power supplies.

  • Replacement fan tray
  • Redundant, field-replaceable fans.