nShield Connect

Powerful Architecture

Build and grow your HSM estate using Security World, Entrust's unified ecosystem that delivers scalability, seamless failover, and load balancing.

Faster Data Processing

Get some of the highest cryptographic transaction rates in the industry. Ideal for environments where throughput is critical.

Protection of sensitive business and application logic

Execute code within nShield boundaries, protecting your applications and the data they process.

Details

Tech Specs

Certified hardware solutions

Entrust has earned a broad set of certifications for nShield products. These certifications help our customers to demonstrate compliance while also giving them the assurance that their nShield HSMs meet stringent industry standards.

Security compliance

FIPS 140-2 Level 2 and Level 3
USGv6 accreditation
eIDAS and Common Criteria EAL4 + AVA_VAN.5 and ALC_FLR.2 certification against EN 419 221-5 Protection Profile, under the Dutch NSCIB scheme
- Can form the basis of an EN 419 241-2 certified remote signing system for eIDAS.
- Compliant with BSI AIS 31 for true and deterministic random number generation
Common Criteria EAL4+ (AVA_VAN.5) for nShield Connect+ models
Recognition of nShield Connect+ as a Qualified Signature Creation Device (QSCD)
ICP Brazil certification to NSC3 level

Safety and environmental standards compliance

UL, CE, FCC, RCM, Canada ICES
RoHS2, WEEE

High transaction rates

nShield HSMs boast high elliptic curve cryptography (ECC) and RSA transaction rates. ECC, one of the most efficient cryptographic algorithms, is particularly favored where low power consumption is crucial, such as applications running on small sensors or mobile devices.

nShield Connect Models	500+	XC Base	1500+	6000+	XC Mid	XC High
RSA Signing Performance (tps) for NIST Recommended Key Lengths
2048 bit	150	430	450	3000	3500	8600
4096 bit	80	100	190	500	850	2025
ECC Prime Curve Signing Performance (tps) for NIST Recommended Key Lengths
256 bit	540	680	1260	2400	7512¹	14400¹

Note 1: Performance indicated requires ECDSA fast RNG feature activation available free of charge on request from nCipher Support.

Wide support for APIs, cryptographic algorithms and OSs

Supported APIs

PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI/ CNG and Web Services (requires Web Services Option Pack)

Supported Cryptographic Algorithms

Asymmetric public key algorithms: RSA, Diffie-Hellman, ECMQV, DSA, KCDSA, ECDSA, ECDH, Edwards (X25519, Ed25519ph)
Symmetric algorithms: AES, AES-GCM, ARIA, Camellia, CAST, RIPEMD160 HMAC, SEED, Triple DES
Hash/message digest: SHA-1, SHA-2 (224, 256, 384, 512 bit), HAS-160
Full Suite B implementation with fully licensed ECC including Brainpool and custom curves

nShield HSMs offers support for the majority of these cryptographic algorithms as part of the standard feature set. For organizations wishing to use ECC or South Korean algorithms, optional activation licenses are needed.

Supported Platforms

Windows and Linux operating systems including distributions from RedHat, SUSE and major cloud service providers running as virtual machines or in containers.

Reliability

Calculated at 25°C operating temperature using Telcordia SR-332 “Reliability Prediction Procedure for Electronic Equipment" MTBF Standard

Connect XC 107,384 hours
Connect+ 99,284 hours

Options and Accessories

Performance ratings and options

To meet the performance needs of your application, Entrust provides a variety of nShield Connect models as shown in the Technical Specifications tab. You can select among the performance models shown, and can also purchase in-field upgrades on XC models from lower performance models to higher models.

Client licenses

nShield Connect HSMs ship with three client licenses, each allowing a connection to an IP address. Additional licenses are available for purchase. The maximum number of client licenses supported varies by nShield Connect model as shown in the table below.

Max # client licenses per nShield Connect Model

XC Base/500+ 10 licenses

XC Mid/1500+ 20 licenses

XC High/6000+ Unlimited*

Note* requires Enterprise Client License activation

Software Options Pack

Entrust offer a range of software option packs which can be used in conjunction with your nShield HSMs.

Learn More

nShield Monitor

nShield Monitor is a monitoring platform that provides 24x7 visibility into the status of nShield HSMs. With this solution, security teams can efficiently inspect HSMs and find out immediately if any potential security, configuration or utilization issue may compromise their mission-critical infrastructure.

Remote Administration Kits

nShield Remote Administration lets operators manage distributed nShield HSMs—including adding applications, upgrading firmware, checking status, re-booting and more—from their office locations, reducing travel and saving money. Remote Administration Kits contain the hardware and software needed to set up and use the tool. These kits are available for nShield Solo and nShield Connect HSMs.

CodeSafe

CodeSafe is a powerful, secure environment that lets you execute applications within the secure boundaries of nShield HSMs. Applications include cryptography and high value business logic associated with banking, smart metering, authentication agents, digital signature agents and custom encryption processes. CodeSafe is available with FIPS 140-2 Level 3 certified nShield Solo and nShield Connect HSMs.

CipherTools

The CipherTools is a set of tutorials, reference documentation, sample programs and additional libraries. With this toolkit, developers can take full advantage of the advanced integration capabilities of nShield HSMs. In addition to offering support for standard APIs, the toolkit enables you to run custom applications with nShield HSMs. CipherTools Developer Toolkit is included free of charge in the standard Security World software ISO/DVD.

nToken

Security teams that want to strongly authenticate their nShield Connect HSMs clients can use nTokens PCIe cards to do hardware-based host identification and verification.

Elliptic Curve Cryptography (ECC) activation

The ECC activation license enables EC-DH, EC-DSA and EC-MQV to be used on an nShield HSMs.

KCDSA activation

With the KCDSA activation license, you can use the Korean Certificate-based Digital Signature Algorithm (KCSDA) as well as HAS-160, SEED and ARIA algorithms on an nShield HSMs.

Slide rails

Entrust offers optional slide rails that let users mount nShield Connect in a 19" rack without a shelf. Entrust recommends that customers use these slide rails exclusively as parts from other manufacturers may not be compatible.

Keyboard

Many functions of nShield Connect HSMs can easily be executed using the touch wheel at the front of the unit. Entrust offers an optional USB keyboard for even greater ease of use.

Field replaceable parts

nShield Connectfeatures parts that operators can replace in the field, with minimal downtime. These parts include dual, hot-swap power supplies and field-replaceable fan tray (requires nShield Connect to be put into standby).

Related Resources

nShield Connect HSMs Datasheet

The nCipher Security World Architecture

Key Isolation for Enterprises and Managed Service Providers

CodeSafe Datasheet

nShield Remote Administration Datasheet

nShield Monitor Datasheet

Web Services Option Pack Datasheet

HSMs

nShield Edge

USB-connected desktop HSMs that provide convenience and economy for environments requiring low-volume cryptographic key services.

HSMs

nShield Solo HSM

PCI-Express card-based HSMs that deliver cryptographic key services to applications hosted on individual servers and appliances.

HSMs

nShield as a Service

Subscription-based service for cryptographic key with dedicated FIPS 140-2-certified nShield Connect HSMs.

HSMs

Sofware Options Packs

Entrust offer a range of software option packs which can be used in conjuction with your nShield HSMs.

HSMs

nShield Monitor

Gain instantaneous 24/7 visibility of all your nShield HSMs from one centralized location.

HSMs

nShield Remote Administration

Reduce travel time and costs by managing your geographically distributed nShield HSMs from…

Square

We have a long history together and we’re extremely comfortable continuing to rely on nCipher solutions for the core of our business. We have used nCipher HSMs for five years and they have always been exceptionally reliable. We’ve layered a lot of code on top of the HSM; it delivers the performance we need and has proven to be a rock-solid foundation.

Neal Harris, Security Engineering Manager, Square, Inc

VIEW CASE STUDY

Verifone

As a global payment solutions and commerce enablement leader, Verifone’s strategy is to develop and deploy “best in class” payment solutions and services that meet or exceed global security standards and help our clients securely accept electronic payments across all channels of commerce. We selected nCipher* HSMs to provide robust security, unmatched performance, and superior scalability across our payment security platforms…

Joe Majka, Chief Security Officer, Verifone

VIEW CASE STUDY

Memjet

nCipher Security’s* nShield sales team provide excellent local and remote support during this evaluation period and was invaluable to the process. The excellent depth, breatdth, and quality of the product documentation gave us confidence that the solution was well though-out and supported.

Robert Fairlie-Cuninghame, QAI Technical Lead/Architect, Memjet

VIEW CASE STUDY

Polycom

nCipher* provided the expertise needed to design and implement a tailored, secure VoIP solution.

Marek Dutkiewicz, Polycom

VIEW CASE STUDY

Report

Security World Architecture

LEARN MORE

Brochure

nShield Family Brochure

LEARN MORE

Contact a Specialist

An HSM specialist will be in touch with options soon.

First Name

Last Name

Company Name

Company Email

Country Form Field

States *

Provinces *

Digital Certificates

Standard TLS/SSL

Advantage TLS/SSL

SAN Multi-Domain TLS SSL

EV Multi-Domain TLS/SSL

Wildcard TLS/SSL

Private TLS/SSL

Qualified Electronic Seal Certificates

QWAC eIDAS Certificates

QWAC PSD2 Certificates

Platinum Services

Entrust Certificate Services

Subscription Plan

Digital Signing

TrustedX Signing Servers

TrustedX eIDAS

TrustedX Electronic Signatures

Document Signing Certificates

Secure Email Certificates

Device Certificates

Code Signing Certificates

Public Key Infrastructure (PKI)

Certificate Hub

Security Manager

Entelligence Security Provider

Epassport

Validation Authority

Entrust Managed PKI Service

Cryptography as a Service

Managed Microsoft PKI

Managed Offline Root Certificate Authority

Internet of Things (IoT) Security

Mobile Device Management BYOD

Products

Identity as a Service

Identity Enterprise

Identity Essentials

Solutions

PSD2

PIV

Physical / Logical Access

Safeguarding Your VPN

Privileged Users

Workstation Login

Security and Access for Contractors

Consumer Banking

Customer Portals

Digital Citizen

Digital Onboarding

CIAM Integration

Data Breach

Improve User Experience

Support Diverse User Groups

Streamline IT

Transaction Verification

Portfolio Capabilities

ID Proofing

Device Reputation

Secure Device Provisioning

Password Reset

Credential Issuance

Authenticators

Mobile Authentication

Passwordless Login

Adaptive Authentication

Single Sign-On

APIs / SDKs

Fraud Detection

Products

nShield Connect

nShield Edge

nShield Solo

nShield as a Service

nShield Issuance HSM

CodeSafe

Software Option Packs

nShield Monitor

nShield Remote Monitoring

Financial Cards

Financial Cards Overview