Thales nShield Solo
January 2010 – Thales nShield Solo is the only answer. Thales nShield Solo is a family of embedded, general-purpose HSMs for servers and appliances that safeguard encryption and digital signing keys and that can optionally run custom applications on the module to protect data in use. It protects encryption and signing keys on servers in a highly secure, tamper-resistant hardware module. It is compatible with platforms offering PCI, PCI-X and PCI Express interfaces.
1. Hardware security for applications
nShield Solo enables enterprises to add hardware protection to critical applications, Public Key Infrastructures (PKIs), Databases, web, and application servers.
Using standard cryptographic interfaces, nShield Solo integrates readily with:
• Microsoft Certificate Services (PKI)
• Entrust Authority Security Manager
• RSA Certificate Manager
• Oracle Database
• Microsoft SQL Server, and many other applications.
2. World’s fastest cryptographic operations
nShield Solo offers up to 6,000 signing transactions per second (TPS) with 1,024 RSA keys. Using RSA 2,048 bit keys, which the National Institute of Standards and Technology (NIST) recommends from 2010, nShield Solo excels with up to 3,100. Web servers, such as Microsoft IIS and Apache, can increase SSL throughput by off-loading operations to the nShield Solo.
3. Readily integrates with third-party application
nShield Solo integrates with applications through standard interfaces including PKCS#11, Java Cryptography Extension (JCE), Microsoft CAPI and CNG.
nShield Solo supports a broad range of operating systems, including Windows 2008/2003/Vista/XP, Linux Solaris, AIX and HP-UX.
4. CodeSafe protects data in hostile environments
All HSMs can protect key material against breaches, but most cannot actually protect your valuable data while it is in use. Data breaches have shown that Trojans or rogue administrators still have access to sensitive information on the host system after it has been decrypted by the HSM. The Thales CodeSafe technology enables you to process sensitive information inside the HSM so that it is never exposed on the host system. This enables you to run critical processes in hostile environments, for example:
• Where facilities cannot be physically secured
• Where you need to protect against rogue individuals with access to the host system
• Where host systems may be hacked or become infected by Trojans
5. Delivers FIPS and Common Criteria
nShield Solo supports a broad range of public-key and symmetric algorithms, including a full Suite B implementation with optional, fully licensed elliptic curve cryptography (ECC). nShield Solo’s security boundary is validated to FIPS 140-2 Level 3 and Common Criteria EAL 4+.
6. Enhanced security for integrated systems
Some integrated systems leverage hardware security modules for more than one security task.
• Government agencies use Thales HSMs to protect its public key infrastructure (PKI) with hardware security, and to digitally sign electronic documents; it then uses the Time Stamping Option Pack on the same HSM to apply a time stamp to the document to ensure that the document retains its validity after the signing certificate expires. It also safeguards the keys in issuing systems to protect digital identities for passports and national ID cards. (References: Certicamara in Columbia, the Finnish Passport project, the French Ministry of Defense, and the Irish Department of Defense).
• Banks and financial services use nShield to enable log-on to its online banking site using EMV-based authentication and reduce card-not-present fraud with 3-D-Secure. They use the same HSM to secure SSL private keys and accelerate SSL sessions on the webserver. (References: bgc in Sweden, BACS in the UK, and Alpha Bank)
• Technology companies protect their PKIs with Thales HSMs to generate certificates for users, laptops, servers, and other devices. High tech manufacturing companies also use certificates and the CodeSafe technology to safeguard against counterfeiting, knock-offs, and grey markets. Thales HSMs also protect the intellectual property of technology companies on production lines in untrusted locations. (References: Exostar and Microsoft)
• Retailers who need to comply with the Payment Card Industry Data Security Standard (PCI DSS) use Thales HSMs to reduce the chance of a credit card data breach and to lower their key management costs. (Reference: Follett)
• Telecommunication companies use nShield Solo modules to decrypt information from their customer databases to collect data for electronic invoices and then digitally sign them using the same HSM. (Reference: Si Mobil Vodafone)