The Thales nShield is a general purpose HSM with unique features that enables clients to protect keys for any cryptographic requirement.
General purpose HSMs present a set of low-level cryptographic APIs that developers use to build applications that require cryptographic processing. By embedding those functions and the keys that enable them in a secure hardware environment, applications are freed from the complexities of key management in software, and the inevitable security flaws that result.
Thales HSMs provide the following libraries to help developers write applications:
What distinguishes the Thales HSMs is the concept of a Security World. The Security World provides an environment for the secure lifecycle management of cryptographic keys. The Security World environment gives the user control over the procedures and protocols needed to create, manage, distribute and, in the event of disaster, recover keys.
A Security World provides the following features:
A Security World is composed of:
This diagram shows how the components of a Security World interact:
Thales nShield HSMs provide a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, data encryption and more. Available in three FIPS 140-2 certified form factors, nShield HSMs support a variety of uses, including:
Public Key Infrastructures
nShield HSMs generate and protect root and certificate authority (CA) keys, providing support for PKIs across numerous use cases and industries.
nShield HSMs can be used to sign an organization’s application code, ensuring that the distributed software remains secure, unaltered and authentic.
nShield HSMs can sign digital certificates for credentialing and authenticating proprietary devices for IoT applications and other network deployments.
nShield HSMs can be used for bulk encryption and decryption.
GEOBRIDGE offers installation, training, product support, systems integration, and custom software development in support of the nShield HSM for organizations of any size. Specifically, GEOBRIDGE can provide users with:
- Architectural guidance for users planning a networked HSM cloud.
- Installation procedures and scripts that simplify and automate Thales HSM installation, including adding and removing HSMs from a Security World.
- Maintenance procedures and scripts that simplify and automate Thales HSM software upgrades.
- Phone and on-site assistance with installation and maintenance by trained technicians and engineers.
- Guidance for application developers in using the cryptographic APIs. Or, GEOBRIDGE can write modules that perform cryptographic functions, providing an abstracted interface model to the application and insulating the developer from the complexities of the HSM interface.
The nShield HSM is available in multiple form factors with support for a broad range of APIs. There is virtually no limit to the types of cryptographic implementations that can be supported by this platform.