nShield Connect HSMs are certified hardware security appliances that deliver cryptographic services to a variety of applications across the network. These hardened, tamper-resistant platforms perform such functions as encryption, digital signing, and key generation and protection. With their comprehensive capabilities, these HSMs can support an extensive range of applications, including certificate authorities, code signing and more.
The nShield Connect series includes nShield Connect+ and the new, high-performance nShield Connect XC, which offers superior asymmetric and symmetric performance and best-in-class elliptic curve cryptography (ECC) transaction rates.
- Highly flexible architecture. nShield Connect HSMs integrate with the unique Security World architecture from Thales. With this proven technology, you can combine different nShield HSM models to build a unified ecosystem that delivers scalability, seamless failover and load balancing.
- Process more data faster. nShield Connect HSMs support some of the highest cryptographic transaction rates in the industry, making them ideal for enterprise, retail, IoT and other environments where throughput is critical. The nShield Connect XC offers our highest transaction performance rates.
- Protect your proprietary applications and data. nShield Connect HSMs don’t just protect your sensitive keys and data; they also provide a secure environment for running sensitive applications. The CodeSafe option lets you execute code within nShield boundaries, protecting your applications and the data they process.
Certified hardware solutions
Thales e-Security has earned a broad set of certifications for nShield products. These certifications help our customers to demonstrate compliance while also giving them the assurance that their nShield HSMs meet stringent industry standards.
- FIPS 140-2 Level 2 and Level 3
- USGv6 accreditation
- Common Criteria EAL4+ (AVA_VAN.5) for nShield Connect+ models
- Recognition of nShield Connect+ as a Qualified Signature Creation Device (QSCD)
- UL, CE, FCC, C-TICK, Canada ICES
- RoHS2, WEEE
High transaction rates
Compared to competitive HSMs, nShield Connect HSMs boast faster elliptic curve cryptography (ECC) transaction rates, as well as high RSA transaction rates. ECC, one of the most efficient cryptographic algorithms, is particularly favored where low power consumption is crucial, such as applications running on small sensors or mobile devices. nShield Connect HSMs are excellent solutions for securing IoT devices as well as traditional enterprise applications.
|nShield Connect Models||500+||XC Base||1500+||6000+||XC Mid||XC High|
|RSA Signing Performance (tps) for NIST Recommended Key Lengths|
|ECC Prime Curve Signing Performance (tps) for NIST Recommended Key Lengths|
Wide support for APIs, cryptographic algorithms and OSs
- PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI and CNG
- Asymmetric public key algorithms: RSA, Diffie-Hellman, ECMQV, DSA, KCDSA, ECDSA, ECDH
- Symmetric algorithms: AES, AES-GCM, ARIA, Camellia, CAST, RIPEMD160 HMAC, SEED, Triple DES
- Hash/message digest: SHA-1, SHA-2 (224, 256, 384, 512 bit), HAS-160
- Full Suite B implementation with fully licensed ECC including Brainpool and custom curves
nShield HSMs offers support for the majority of these cryptographic algorithms as part of the standard feature set. For organizations wishing to use ECC or South Korean algorithms, optional activation licenses are needed.
- Windows and Linux
- nShield Connect+ additionally supports Solaris, IBM AIX, HP-UX and virtual environments AIX LPARs, VMware and Windows Server 2012R2 Hyper-V.
- nShield Connect XC also supports virtual environments Citrix XenServer 6.5, VMware ESXi 5.5 and Windows Server 2012R2 Hyper-V.
Calculated at 25C operating temperature using Telcordia SR-332 “Reliability Prediction Procedure for Electronic Equipment” MTBF Standard.