Hardware security for applications
nShield Solo enables enterprises to add hardware protection to critical applications such as public key infrastructures (PKIs), databases, web and application servers. Using standard cryptographic interfaces, nShield Solo 
integrates readily with Microsoft Certificate Services (PKI), Entrust Authority Security Manager, RSA Certificate Manager, Oracle Database, Microsoft SQL Server, and many other applications. nShield Solo modules are available as tamper-resistant PCI and PCI Express expansion cards; the PCI variant is also compatible with PCI-X interfaces.
Cost-effective for stand-alone servers
When protecting cryptographic keys on one or only a few stand-alone servers, nShield Solo is the most cost-effective solution. However, organizations requiring scalability should consider nShield Connect, a network-attached HSM that can manage keys for up to 100 clients. nShield Solo and nShield Connect are fully compatible with each other and can therefore be managed as part of the same Security World infrastructure.
Security and acceleration for OEM appliances
Hardware vendors can benefit from enhanced security for their appliances by using nShield Solo, which delivers FIPS and Common Criteria compliance for their key management. Due to nShield Solo's hardware acceleration, they also take advantage of performance increases for cryptographic operations, such as SSL sessions or RSA signatures.
Enhanced security for integrated systems
Some integrated systems leverage hardware security modules for more than one security task. Here are some examples:
-
Government agencies use Thales HSMs to protect its public key infrastructure (PKI) with hardware security. Another agency uses nShield Solo to digitally sign electronic documents; it then uses the Time Stamping Option Pack on the same HSM to apply a time stamp to the document to ensure that the document retains its validity after the signing certificate expires. Thales HSMs also safeguards the keys in issuing systems to protect digital identities for passports and national ID cards. (Read government case study about Certicamara in Columbia, the Finnish Passport project, the French Ministry of Defense, and the Irish Department of Defense.)
-
Banks and financial services use payShield Cardholder Authentication for nShield to enable log-on to its online banking site using EMV-based authentication and reduce card-not-present fraud with 3-D-Secure. They use the same HSM to secure SSL private keys and accelerate SSL sessions on the webserver. (Read banking case studies about bgc in Sweden, BACS in the UK, and Alpha Bank.)
-
Technology companies protect their PKIs with Thales HSMs to generate certificates for users, laptops, servers, and other devices. High tech manufacturing companies also use certificates and the CodeSafe technology to safeguard against counterfeiting, knock-offs, and grey markets. Thales HSMs also protect the intellectual property of technology companies on production lines in untrusted locations. (Read case studies from the technology sector about Exostar and Microsoft.)
-
Retailers who need to comply with the Payment Card Industry Data Security Standard (PCI DSS) use Thales HSMs to reduce the chance of a credit card data breach and to lower their key management costs. (Read retail case study about Follett.)
-
Telecommunication companies use nShield Solo modules to decrypt information from their customer databases to collect data for electronic invoices and then digitally sign them using the same HSM. (Read telecommunications case study about si.mobil Vodafone.)
Remote management reduces costs
In situations where nShield Solo or nShield Connect HSMs are deployed at a remote site or in a lights-out data center, Remote Operator can be used with an nShield Solo card in the operator's machine to remotely provide credentials. This accelerates security administration and reduces travel costs.
Load balancing and high availability enable business continuity
nShield Solo can be deployed with clustered servers to enable load balancing and high availability. If used within the same Security World management infrastructure, updated key material is simultaneously made available to all modules.
Rack-mountable card readers for data centers
For customers deploying one or more nShield Solo modules in a 19" rack, the optional nShield SmartCard Reader Rackmount provides a practical and tidy solution to attach card readers in the data center.
Security World management lowers TCO
The Security World management software enables central management of nShield Solo, nShield Connect and netHSM to reduce setup and administration time. Security World enables remote operation of HSMs in lights-out data centers, disaster recovery even for total hardware replacements, and key sharing across HSMs and geographies. Keys and meta information can be automatically backed up without requiring additional hardware or on-site presence, reducing the total cost of operations.
Premium performance avoids bottlenecks
nShield Solo offers hardware acceleration for cryptographic operations, making it the world’s fastest HSMs with up to 6,000 signing transactions per second (TPS) with 1,024 RSA keys. Using RSA 2,048 bit keys, which the National Institute of Standards and Technology (NIST) recommends from 2010, nShield Solo excels with up to 3,100 TPS. Web servers, such as Microsoft IIS and Apache, can increase SSL throughput by off-loading handshake operations to the nShield Solo.
Elliptic curve cryptography is becoming increasingly popular. All nShield Solo cards can process elliptic curves inside the HSM, which requires the Elliptic Curve (ECC) Activation. nShield 500 offers especially good performance because it features hardware acceleration of elliptic curve operations.
Readily integrates with third-party applications
nShield Solo integrates with applications through standard interfaces including PKCS#11, Java Cryptography Extension (JCE), Microsoft CAPI and CNG.
nShield Solo is compatible with nShield Connect and netHSM products and can be upgraded to support additional features using various option packs. nShield Solo supports a broad range of operating systems, including Windows 2008/2003/Vista/XP, Linux Solaris, AIX and HP-UX.
CodeSafe protects data in hostile environments
All HSMs can protect key material against breaches, but most cannot actually protect your valuable data while it is in use. Data breaches have shown that Trojans or rogue administrators still have access to sensitive information on the host system after it has been decrypted by the HSM. The Thales CodeSafe technology enables you to process sensitive information inside the HSM so that it is never exposed on the host system. This enables you to run critical processes in hostile environments, for example:
- Where facilities cannot be physically secured
- Where you need to protect against rogue individuals with access to the host system
- Where host systems may be hacked or become infected by Trojans
Thales offers off-the-shelf CodeSafe applications as well as CodeSafe Developer Software to create custom applications. You must use nShield Solo variants complying with FIPS 140-2 Level 3 to run CodeSafe applications.
Delivers FIPS and Common Criteria
nShield Solo supports a broad range of public-key and symmetric algorithms, including a full Suite B implementation with optional, fully licensed elliptic curve cryptography (ECC). nShield Solo's security boundary is validated to FIPS 140-2 Level 3 and Common Criteria EAL 4+. nShield Solo modules are also available in FIPS 140-2 Level 2 variants at a lower price. Following security best practice and to enable compliance, it separates administrative and operational duties with two-factor authentication and dual control. These operator groups can segregate access to keys by application, role, division, or geography.
Ensure project success with Thales deployment services
Thales offers professional services to ensure a best practice implementation of Thales HSMs. Organizations can benefit from developer support to integrate Thales HSMs with custom applications or to develop custom applications to be executed on the HSM to process sensitive data.
Watch how easy it is to set up nShield Solo modules
Watch this video to see how to set up nShield Solo on a server. Specifically, you will learn how to:
- Generate a new Security World with nShield Solo
- Create the Administrator Card Set (ACS)
- Generate an Operator Card Set (OCS) using the CSP Install Wizard
- Verify that the installation was successful
Duration: 13:44 minutes
The video does not cover the integration of the actual application because the process differs by application.
See specifications >>