ENTRUST NSHIELD 5C
Entrust nShield 5c HSMs
nShield 5c HSMs are security appliances that deliver cryptographic services to applications across the network, in the cloud, and in hybrid environments. The hardened, tamper-resistant, FIPS 140-3 level 3 certified (Coordination Stage) platforms perform such functions as encryption, digital signing, and key generation and protection. With their comprehensive capabilities, flexible hybrid deployments, quantum crypto-agility, and 100% compatibility with existing nShield HSM deployments and APIs, these HSMs can support an extensive range of applications, including certificate authorities, code signing, and more.
High-performance, scalable HSMs that save you time and money
The new nShield 5c models offer enterprises a reduction in total cost of ownership, eliminating costly repeat trips to the data center and reducing the overhead of managing and configuring HSM estates. Features include:
- Centralized, remote visualization and management console supporting HSM administration and Security World management
- A serial console supporting provider/tenant deployment models through strong role separation, delineating tasks such as changing network settings from controlling cryptographic actions
- Remote presentation of physical tokens to authorize administration tasks and cryptographic key usage
- Seamless interoperation with all other variants and versions of the nShield HSM family
These features reduce the demands on highly specialized and trained resources, provide enterprises with efficiency gains, and ensure control over the HSMs resides in the hands of the security professionals.
nShield 5c Benefits
Build and grow your HSM estate using Security World, Entrust's unified ecosystem that delivers scalability, load balancing, seamless failover, and disaster recovery.
在 nShield 的边界内执行代码，保护您的应用程序及其处理的数据。
Entrust nShield HSMs have earned a broad set of certifications. These certifications help our customers to demonstrate compliance while also helping to give them the assurance that they meet stringent industry standards.
- FIPS 140-3 Level 3 (Coordination Stage)
- UL, CE, FCC, UKCA, RCM, Canada ICES, RoHS, WEEE, REACH
nShield HSMs boast high elliptic curve cryptography (ECC) and RSA transaction rates.
|nShield 5c Models||Base||Mid||高|
|RSA signing performance (tps) for NIST recommended key lengths|
|ECC prime curve signing performance (tps) for NIST recommended key lengths|
|Key generation (keys/sec)|
|RSA 2048 bit||7||20||23|
|ECDSA P-256 bit||1,040||3,580||3,494|
|ECDSA P-521 bit||518||2,480||2,724|
|Key agreement performance (transactions/sec)|
|ECDH P-256 bit||2,085||7,550||21,436|
1Requires enterprise client license.
- Full NIST Suite B implementation
- Asymmetric algorithms: RSA, Diffie-Hellman, ECMQV, DSA, El- Gamal, KCDSA, ECDSA (including NIST, Brainpool & secp256k1 curves), ECDH, Edwards (Ed25519, Ed25519ph)
- Symmetric algorithms: AES, AES-GCM, Arcfour, ARIA, Camellia, MD5 HMAC, RIPEMD160 HMAC, SEED, SHA-1 HMAC, SHA-224 HMAC, SHA-256 HMAC, SHA-384 HMAC, SHA-512 HMAC, Tiger HMAC, 3DES
- Hash/message digest: MD5, SHA-1, SHA-2 (224, 256, 384, 512 bit), HAS-160, RIPEMD160, SHA-3 (224, 256, 384, 512 bit)
- Elliptic Curve Key Agreement (ECKA) available via Java API and nCore APIs
- Elliptic Curve Integrated Encryption Scheme (ECIES) available via Java API, PKCS#11, and nCore APIs
- TUAK & MILENAGE algorithm support for mutual authentication and key generation (3GPP)
- NIST short-listed post-quantum cryptographic algorithms supported using the nShield Post Quantum SDK with CodeSafe
nShield HSMs offer support for the majority of these cryptographic algorithms as part of the standard feature set. For organizations wishing to use South Korean algorithms, optional activation licenses are needed.
Windows and Linux operating systems including distributions from Red Hat, SUSE, and major cloud service providers running as virtual machines or in containers.
使用 Telcordia SR-332 “电子设备可靠性预测程序” MTBF 标准在 25°C 的工作温度下进行计算
- nShield 5c HSM: 107,845 hours
To meet the performance needs of your application, Entrust provides a variety of nShield 5c models as shown in the Technical Specifications tab. You can select among the performance models shown, and can also purchase in-field upgrades on nShield 5 HSM models from lower performance models to higher models.
nShield 5c HSMs ship with three client licenses, each allowing a connection to an IP address. Additional licenses are available for purchase. The maximum number of client licenses supported varies by nShield 5c model as shown in the table below.
Max # client licenses per nShield 5c Model
Base: 10 licenses
Mid: 20 licenses
注意 * 需要激活企业客户端许可证
Entrust 提供一系列可与 nShield HSM 一起使用的选项包。
nShield Monitor 系统
nShield Monitor 是一个监控平台，可帮助您获得 nShield HSM 运行状态的全天候可见性。 借助该解决方案，安全团队可以高效地检查 HSM 状态，迅速发现可能会危及任务关键型基础设施的任何潜在的安全、配置或使用问题。
nShield Remote Administration lets operators manage distributed nShield HSMs—including adding applications, upgrading firmware, checking status, re-booting and more—from their office locations, reducing travel and saving money. Remote Administration Kits contain the hardware and software needed to set up and use the tool.
Cloud Disaster Recovery
Increase redundancy and reliability of on-premises deployments.
- Subscription-based service
- Adds off-site HSM resources
CodeSafe is a powerful, secure environment that lets you execute applications within the secure boundaries of nShield HSMs. Applications include cryptography and high value business logic associated with banking, smart metering, authentication agents, digital signature agents and custom encryption processes. CodeSafe is available with FIPS Level 3 certified nShield HSMs
CipherTools 是一套包含教程、参考文档、示例程序和其他库的工具包。 借助此工具包，开发人员可以充分利用 nShield HSM 的高级集成功能。 除了为标准 API 提供支持外，该工具包还支持您使用 nShield HSM 运行自定义应用程序。 CipherTools 开发人员工具包包含在 Security World 软件的 ISO/DVD 中，免费向您提供。
With the KCDSA activation license, you can use the Korean Certificate-based Digital Signature Algorithm (KCSDA) as well as HAS-160, SEED, and ARIA algorithms on nShield HSMs.
Entrust offers optional slide rails that let users mount nShield 5c in a 19" rack without a shelf. Entrust recommends that customers use these slide rails exclusively as parts from other manufacturers may not be compatible.
Many functions of nShield 5c HSMs can easily be executed using the touch wheel at the front of the unit. Entrust offers an optional USB keyboard for even greater ease of use.
现场可更换零件nShield 5c features parts that operators can replace in the field, with minimal downtime. These parts include dual, hot-swap power supplies and field-replaceable fan tray (requires nShield 5c to be put into standby).