nShield Solo Options and Accessories
The nShield Solo is available in multiple performance variants as follows:
- FIPS-pending Solo XC models: XC Base, XC Mid, and XC High
- FIPS-certified Solo+ models: 500+ and 6000+
Please consult the nShield Solo data sheet for performance data.
The nShield Solo+ is available in FIPS 140-2 Level 2 and Level 3 variants. The nShield Solo XC is FIPS-pending.
CipherTools Developer Toolkit
Using the CipherTools Developer Toolkit, developers take full advantage of the advanced integration capabilities available for the nShield HSM family when applying custom applications. The Toolkit includes detailed tutorials, reference documentation, sample programs written in a range of high level languages, and additional libraries to expand capabilities for integration with applications beyond those that can be achieved by the standard application program interfaces (APIs).
CodeSafe enables developers to execute applications within the nShield HSM, protecting them from threats such as insider attacks, malware, and Trojans that they would be vulnerable to on typical server platforms. CodeSafe provides a “sand box” where code can be validated for integrity—ideal for applications residing in untrusted locations. CodeSafe provides fine-grained access control for security-critical resources that are protected on the device, such as private keys and non-volatile user memory. Sample applications include digital meters, authentication agents, time-stamp engines, audit loggers, digital signature agents, and custom encryption processes. CodeSafe is available for all nShield FIPS 140-2 Level 3 certified HSMs excluding the nShield Edge.
Elliptic Curve Cryptography (ECC) Activation
nShield HSMs offer a large number of cryptographic algorithms as part of the standard feature set, including AES, DSA and RSA. For organizations wishing to use ECC, an ECC Activation license is available. The optional activation license enables hardware-optimized ECC operation on nShield Solo HSMs.
Database Security Option Pack
Databases often contain an organization's most sensitive data. As a result, major database vendors have implemented native encryption in their database server products. The nShield Database Security Option Pack adds support for Microsoft’s Extensible Key Management (EKM) API. It enables organizations to better protect the keys that protect sensitive data in Microsoft SQL Server deployments using Transparent Data Encryption (TDE), manage keys across multiple databases and systems, and separate key management and database administration. More information >>
Time Stamp Option Pack
Secure time stamps help organizations verify that certain data existed at a certain point in time and has not been manipulated since that time. This is critical for applications including digital archives, public key infrastructures, code signing, notary services, patent applications, lottery, as well as betting and gaming. The Time Stamp Server from Thales is a turnkey solution for organizations that want a ready-to-use time stamping solution. For organizations looking for an OEM solution or who want to combine time stamping with other HSM functionality, the Time Stamp Option Pack enhances nShield Solo 500 to support standardized time stamps. The Time Stamp Option Pack is available for nShield Solo FIPS 140-2 Level 3 certified HSMs only (not for nShield Solo FIPS 140-2 Level 2 certified HSMs). Organizations looking to add time-stamping features in custom applications can benefit from the Time Stamping Developer Software.
payShield Cardholder Authentication for nShield
To protect against credit card and online banking fraud, many financial institutions have implemented additional security measures for card-not-present transactions. payShield Cardholder Authentication for nShield complements other Thales payments products by enabling organizations to authenticate the cardholder through various means, such as Chip and PIN (CAP) for online banking transactions, and 3-D Secure, also known as Verified by Visa and MasterCard SecureCode. This option integrates with cardholder authentication solutions including ActivIdentity, Arcot, Bell ID and Gemalto. Organizations with advanced requirements can also use the payShield Developer Software to produce customer solutions.
HSMs typically run in physically secure, lights-out data centers, often in several, redundant sites. Many organizations therefore find it impractical to gain physical access to the HSM for day-to-day operations. Remote Operator saves time and reduces travel costs by enabling users to present credentials to a remote HSM in a secure manner directly from their workstation.
Highly sensitive areas of government and enterprises with a strong interest in national security sometimes prefer to use proprietary, national cryptographic algorithms to protect their most sensitive information. Given these security concerns, it is advantageous to run such algorithms on a secure HSM platform. The KCDSA Activation enables South Korean agencies to use the Korean Certificate-based Digital Signature Algorithm (KCDSA) on an nShield HSM. Thales recommends CodeSafe technology to organizations that wish to implement their own national algorithms on the protected HSM platform.
Remote Administration lets you manage your HSMs—including adding applications, upgrading firmware, checking status, and more—from your location, and whenever you choose. Remote Administration lets you eliminate travel to data centers for routine HSM management, helping to cut costs and optimize your resources. Remote Administration helps you to:
- Cut travel costs
- Reduce downtime
- Eliminate the risk of carrying cards to remote locations
Remote Administration Kits, which enable the feature, contain one or more Trusted Verification Devices (TVDs) (secure, custom card readers), Remote Administration Cards (smart cards), and client software. Kits are sized and priced based on the number of HSMs in the estate.
More details available here.
Smart Card Reader Rackmount
For organizations deploying one or more nShield Solo modules in a 19" rack, the optional nShield Smart Card Reader Rackmount provides a practical and tidy solution to attach card readers in the data center. The nShield Smart Card Reader Rackmount is 1U in height and can be equipped with up to four smart card readers, which are shipped as standard with nShield Solo cards. Each unit is shipped with three blanking plates to cover any unused slots.
* Only one of these CodeSafe applications can be run on a single HSM.