- By Use Case
- By Industry
- By Compliance
- Services & Support
- Contact Us
nShield Solo HSMs are low-profile, embedded PCI-Express cards that provide cryptographic services to one or more applications hosted on a single server or appliance. These hardened, tamper-resistant cards perform encryption, digital signing and key generation on behalf of an extensive range of commercial and custom-built applications, including certificate authorities, code signing and more.
The nShield Solo series includes nShield Solo+ and the new high-performance nShield Solo XC, which offers superior asymmetric and symmetric performance and best-in-class elliptic curve cryptography (ECC) transaction rates.
Highly flexible architecture
Process more data faster
Protect your proprietary applications and data
In the past, high-security features tended to be cumbersome, adding effort and affecting performance. As a result, administrators were forced to make unfortunate tradeoffs between security on the one hand and performance and efficiency on the other. The nShield family of HSMs and its Security World key management architecture deliver both security and convenience by automating a number of important key management tasks and removing restrictions that would otherwise limit capacity or performance. These include:
The nShield Solo is available in PCIe form factors.
The nShield Solo is available in multiple performance variants: the 500, 2000, 4000, and 6000, which indicate their signing transactions per second for 1024 bit RSA. Additionally, model PCIe 6000+ is optimized for high performance elliptic curve cryptography (ECC). Please consult the nShield Solo data sheet for additional performance data.
The nShield Solo is available in FIPS 140-2 Level 2 and FIPS 140-2 Level 3 variants.
CodeSafe enables application developers to write programs that are securely loaded within the secure environment of an nShield HSM, protecting them from threats such as insider attacks, malware and Trojans that they would otherwise face on typical server platforms. CodeSafe provides an application “sand box” where code can be validated for integrity and authorized to execute in a tamper-resistant manner—ideal for applications residing in untrusted locations. The secure execution capability provides additional security features to enable fine-grained access control and authorization for the use of security critical resources that are protected on the device, such as private keys, non-volatile user memory, and hardware-secured time. Examples include digital meters, authentication agents, time-stamp engines, audit loggers, digital signature agents, and custom encryption processes. CodeSafe is available for all nShield FIPS 140-2 Level 3 certified HSMs excluding the nShield Edge.
CipherTools Developer Toolkit
With the CipherTools Developer Toolkit, developers can take full advantage of the advanced capabilities offered by the nShield HSM family when integrating HSMs with custom applications. It includes detailed tutorials and reference documentation, sample programs written in a range of high level languages, and additional versions of libraries to expand capabilities for integration with business applications beyond those that can be achieved by the standard application program interfaces (APIs).
Elliptic Curve Cryptography (ECC) Activation
nShield HSMs offer a large number of cryptographic algorithms as part of the standard feature set, including AES, DSA and RSA. For organizations wishing to use elliptic curve cryptography (ECC), an ECC Activation license is available. The optional activation license enables ECC operation on allnShield Solo and Connect models. For organizations that require significantly accelerated ECC, two additional nShield models are also available. The nShield Solo PCIe 6000+ and nShield Connect 6000+ deliver hardware-optimized ECC performance and come bundled with the ECC Activation license.
Database Security Option Pack
Databases often contain an organization’s most sensitive data. As a result, major database vendors have implemented native encryption in their database server products. The nShield Database Security Option Pack adds support for Microsoft’s Extensible Key Management (EKM) API. It enables organizations to better protect keys that protect sensitive data in Microsoft SQL Server 2008 deployments utilizing Transparent Data Encryption (TDE), manage keys across multiple databases and systems, and separate key management and database administration. Users of Oracle 11g TDE can take advantage of these features without requiring this option pack.
HSMs typically run in physically secure, lights-out data centers, often at several, redundant sites. Many organizations therefore find it impractical to gain physical access to the HSM for day-to-day operations. Remote Operator saves time and reduces travel costs by enabling users to present credentials to a remote HSM in a secure manner directly from their workstation.
Highly sensitive areas of government and enterprises with a strong interest in national security sometimes prefer to use proprietary, national cryptographic algorithms to protect their most sensitive information. Given these security concerns, it is advantageous to run such algorithms on a secure HSM platform. The KCDSA Activation enables South Korean agencies to use the Korean Certificate-based Digital Signature Algorithm (KCDSA) on an nShield HSM. nChiper recommends CodeSafe technology to organizations that wish to implement their own national algorithms on the protected HSM platform.
Smart Card Reader Rackmount
For organizations deploying one or more nShield Solo modules in a 19″ rack, the optional nShield Smart Card Reader Rackmount provides a practical and tidy solution to attach card readers in the data center. The nShield Smart Card Reader Rackmount is 1U in height and can be equipped with up to four smart card readers, which are shipped as standard with nShield Solo cards. Each unit is shipped with three blanking plates to cover any unused slots.
Below is a non-exhaustive list of applications that utilize these APIs and have been tested by nCipher partners and/or customers.
Soho Capital @PodomoroCity, 31st floor, Suite SC 3102-3103
Jl. Let. Jend. S. Parman Kav. 28
Jakarta Barat 11470, Indonesia
Tel: +62-21-29 181 383
Fax: +62-21-29 181 380
HalooDymar: +62-21-5577 0371
WhatsApp Business: +62-8778 042 4343