Thales nShield Solo


nShield Solo

nShield Solo HSMs are low-profile, embedded PCI-Express cards that provide cryptographic services to one or more applications hosted on a single server or appliance. These hardened, tamper-resistant cards perform encryption, digital signing and key generation on behalf of an extensive range of commercial and custom-built applications, including certificate authorities, code signing and more.

The nShield Solo series includes nShield Solo+ and the new high-performance nShield Solo XC, which offers superior asymmetric and symmetric performance and best-in-class elliptic curve cryptography (ECC) transaction rates.

 

Features


  • Highly flexible architecture. All nShield HSMs integrate with the unique Security World architecture from Thales. With this proven technology, you can combine different nShield HSM models to build a unified ecosystem that delivers scalability, seamless failover and load balancing.
  • Process more data faster. nShield Solo HSMs support some of the highest cryptographic transaction rates in the industry, making them ideal for enterprise retail, IoT and other environments where throughput is critical. The nShield Solo XC offers our highest transaction performance rates and features host-side virtualization support.
  • Protect your proprietary applications and data. nShield Solo HSMs don’t just protect your sensitive keys and data; they also provide a secure environment for running sensitive applications. The CodeSafe option lets you execute code within nShield boundaries, protecting your applications and the data they process.

 

Specifications


Certified hardware solutions

Thales has earned a broad set of certifications for nShield products. These certifications help our customers to demonstrate compliance while also giving them the assurance that their nShield HSMs meet stringent industry standards.

Security compliance:

  • FIPS 140-2 Level 2 and Level 3
  • Common Criteria EAL4+ (AVA_VAN.5) for nShield Solo+ models
  • Recognition of nShield Solo+ as a Qualified Signature Creation Device (QSCD)

Safety and environmental standards compliance:

  • UL, CE, FCC, C-TICK, Canada ICES
  • RoHS2, WEEE

 

High transaction rates

Compared to competitive HSMs, nShield Solo HSMs boast faster elliptic curve cryptography (ECC) transaction rates, as well as high RSA transaction rates. ECC, one of the most efficient cryptographic algorithms, is particularly favored where low power consumption is crucial, such as applications running on small sensors or mobile devices. nShield Solo HSMs are excellent solutions for securing IoT devices as well as traditional enterprise applications.

 

nShield Solo Models 500+ XC Base 6000+ XC Mid XC High
RSA Signing Performance (tps) for NIST Recommended Key Lengths
2048 bit 150 430 3000 3500 8600
4096 bit 80 100 500 850 2025
ECC Prime Curve Signing Performance (tps) for NIST Recommended Key Lengths
256 bit 540 680 2400 5500 16,000

Wide support for APIs, cryptographic algorithms and OSs

Supported APIs

  • PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI, and CNG

Supported Cryptographic Algorithms

  • Asymmetric public key algorithms: RSA, Diffie-Hellman, ECMQV, DSA, KCDSA, ECDSA, ECDH
  • Symmetric algorithms: AES, AES-GCM, ARIA, Camellia, CAST, RIPEMD160 HMAC, SEED, Triple DES
  • Hash/message digest: SHA-1, SHA-2 (224, 256, 384, 512 bit), HAS-160
  • Full Suite B implementation with fully licensed ECC including Brainpool and custom curves

nShield HSMs offers support for the majority of these cryptographic algorithms as part of the standard feature set. For organizations wishing to use ECC or South Korean algorithms, optional activation licenses are needed.

Operating Systems

  • Windows and Linux
  • nShield Solo+ additionally supports Solaris, IBM AIX, HP-UX and virtual environment AIX LPARs.
  • nShield Solo XC also supports virtual environments Citrix XenServer 6.5, VMware ESXi 5.5, and Windows Server 2012R2 Hyper-V.

 

Reliability

Model MTBF (hours)
Solo XC 726,461
Solo+ 1,105,978

Calculated at 25C operating temperature using Telcordia SR-332 “Reliability Prediction Procedure for Electronic Equipment” MTBF Standard.

 

 

 


Download the Thales nShield Solo HSM Product Brief