Awaiting product image

nShield Connect HSMs

nShield Connect HSMs are certified hardware security appliances that deliver cryptographic services to a variety of applications across the network. nShield HSM appliances are hardened, tamper-resistant platforms that perform such functions as encryption, digital signing, and key generation and protection. With their comprehensive capabilities, these HSMs can support an extensive range of applications, including certificate authorities, code signing and more.Remote configuration eliminates costly trips to the data center

The latest nShield Connect XC models offer an optional serial port that allows enterprises to eliminate costly repeat trips to the data center. Remote Configuration capabilities include:

  • Initiating and changing an HSM’s network settings, e.g. IP address
  • Supporting provider/tenant deployment models where the nShield HSM appliance can be easily configured by the provider before passing control of the HSM to a tenant. Separation of roles ensures the cryptographic key material is not exposed to the provider.
  • Purging key material and decommissioning the nShield HSM appliance at the end of a usage cycle in preparation for its next deployment.

Technicians simply need to rack and cable the nShield HSM appliance and connect a serial concentrator in the data center to prepare the nShield Connect XC for full remote configuration and administration. This reduces the need for trained resources in the data center and provides customers more efficiency and control over their HSMs.

Tech Specs

Certified Hardware Solutions

Entrust has earned a broad set of certifications for nShield products. These certifications help our customers to demonstrate compliance while also giving them the assurance that their nShield HSMs meet stringent industry standards.

Security Compliance

  • FIPS 140-2 Level 2 and Level 3
  • USGv6 accreditation
  • eIDAS and Common Criteria EAL4 + AVA_VAN.5 and ALC_FLR.2 certification against EN 419 221-5 Protection Profile, under the Dutch NSCIB scheme
    • Can form the basis of an EN 419 241-2 certified remote signing system for eIDAS.
    • Compliant with BSI AIS 31 for true and deterministic random number generation
  • Common Criteria EAL4+ (AVA_VAN.5) for nShield Connect+ models
  • Recognition of nShield Connect+ as a Qualified Signature Creation Device (QSCD)
  • ICP Brazil certification to NSC3 level
  • Singapore CSA NITES certification for nShield Connect XC models

Safety and Environmental Standards Compliance

  • UL, CE, FCC, RCM, Canada ICES
  • RoHS2, WEEE

High Transaction Rates

nShield HSMs boast high elliptic curve cryptography (ECC) and RSA transaction rates. ECC, one of the most efficient cryptographic algorithms, is particularly favored where low power consumption is crucial, such as applications running on small sensors or mobile devices.

Wide Support for APIs, Cryptographic Algorithms and OSs

Supported APIs

  • PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI/ CNG and Web Services (requires Web Services Option Pack)

Supported Cryptographic Algorithms

  • Asymmetric public key algorithms: RSA, Diffie-Hellman, ECMQV, DSA, KCDSA, ECDSA, ECDH, Edwards (X25519, Ed25519ph)
  • Symmetric algorithms: AES, AES-GCM, ARIA, Camellia, CAST, RIPEMD160 HMAC, SEED, Triple DES
  • Hash/message digest: SHA-1, SHA-2 (224, 256, 384, 512 bit), HAS-160
  • Full Suite B implementation with fully licensed ECC including Brainpool and custom curves
  • Elliptic Curve Key Agreement (ECKA) available via Java API and nCore APIs
  • Elliptic Curve Integrated Encryption Scheme (ECIES) available via Java API, PKCS#11 and nCore APIs
Chat with us