nShield Solo Options and Accessories
The nShield Solo is available in multiple performance variants as follows:
- FIPS-pending Solo XC models: XC Base, XC Mid, and XC High
- FIPS-certified Solo+ models: 500+ and 6000+
Please consult the nShield Solo data sheet for performance data.
The nShield Solo+ is available in FIPS 140-2 Level 2 and Level 3 variants. The nShield Solo XC is FIPS-pending.
CipherTools Developer Toolkit
Using the CipherTools Developer Toolkit, developers take full advantage of the advanced integration capabilities available for the nShield HSM family when applying custom applications. The Toolkit includes detailed tutorials, reference documentation, sample programs written in a range of high level languages, and additional libraries to expand capabilities for integration with applications beyond those that can be achieved by the standard application program interfaces (APIs).
CodeSafe enables developers to execute applications within the nShield HSM, protecting them from threats such as insider attacks, malware, and Trojans that they would be vulnerable to on typical server platforms. CodeSafe provides a “sand box” where code can be validated for integrity—ideal for applications residing in untrusted locations. CodeSafe provides fine-grained access control for security-critical resources that are protected on the device, such as private keys and non-volatile user memory. Sample applications include digital meters, authentication agents, time-stamp engines, audit loggers, digital signature agents, and custom encryption processes. CodeSafe is available for all nShield FIPS 140-2 Level 3 certified HSMs excluding the nShield Edge.
Elliptic Curve Cryptography (ECC) Activation
nShield HSMs offer a large number of cryptographic algorithms as part of the standard feature set, including AES, DSA and RSA. For organizations wishing to use ECC, an ECC Activation license is available. The optional activation license enables hardware-optimized ECC operation on nShield Solo HSMs.
Database Security Option Pack
Databases often contain an organization's most sensitive data. As a result, major database vendors have implemented native encryption in their database server products. The nShield Database Security Option Pack adds support for Microsoft’s Extensible Key Management (EKM) API. It enables organizations to better protect the keys that protect sensitive data in Microsoft SQL Server deployments using Transparent Data Encryption (TDE), manage keys across multiple databases and systems, and separate key management and database administration. More information >>
Time Stamping Option Pack
The Time Stamping Option Pack and optional Time Stamping Developer Software used with nShield Solo 500/500+ HSMs helps companies securely verify the times of important events for a variety of applications. For more information, please click here.
payShield Cardholder Authentication for nShield
To protect against credit card and online banking fraud, many financial institutions have implemented additional security measures for card-not-present transactions. payShield Cardholder Authentication for nShield complements other Thales payments products by enabling organizations to authenticate the cardholder through various means, such as Chip and PIN (CAP) for online banking transactions, and 3-D Secure, also known as Verified by Visa and MasterCard SecureCode. This option integrates with cardholder authentication solutions including ActivIdentity, Arcot, Bell ID and Gemalto.
Highly sensitive areas of government and enterprises with a strong interest in national security sometimes prefer to use proprietary, national cryptographic algorithms to protect their most sensitive information. Given these security concerns, it is advantageous to run such algorithms on a secure HSM platform. The KCDSA Activation enables South Korean agencies to use the Korean Certificate-based Digital Signature Algorithm (KCDSA) on an nShield HSM. Thales recommends CodeSafe technology to organizations that wish to implement their own national algorithms on the protected HSM platform.
Remote Administration lets you manage your HSMs—including adding applications, upgrading firmware, checking status, and more—from your location, and whenever you choose. Remote Administration lets you eliminate travel to data centers for routine HSM management, helping to cut costs and optimize your resources. Remote Administration helps you to:
- Cut travel costs
- Reduce downtime
- Eliminate the risk of carrying cards to remote locations
Remote Administration Kits, which enable the feature, contain one or more Trusted Verification Devices (TVDs) (secure, custom card readers), Remote Administration Cards (smart cards), and client software. Kits are sized and priced based on the number of HSMs in the estate.
More details available here.
Smart Card Reader Rackmount
For organizations deploying one or more nShield Solo modules in a 19" rack, the optional nShield Smart Card Reader Rackmount provides a practical and tidy solution to attach card readers in the data center. The nShield Smart Card Reader Rackmount is 1U in height and can be equipped with up to four smart card readers, which are shipped as standard with nShield Solo cards. Each unit is shipped with three blanking plates to cover any unused slots.
* Only one of these CodeSafe applications can be run on a single HSM.