Entrust nShield 5S
Deliver cryptographic key services to applications hosted on individual servers and virtual machines with PCI-Express (PCIe) card-based, crypto-agile, highly scalable, next-generation hardware security modules (HSMs)
Entrust nShield 5s HSMs
nShield 5s HSMs are PCIe cards that perform encryption, digital signing, and key generation for an extensive range of commercial and custom-built applications, including certificate authorities, code signing, and more. With their comprehensive capabilities and quantum crypto-agility, they are 100% compatible with existing nShield HSM deployments and APIs, and they are highly secure, with FIPS-140-3 Level 3 certification.
Models
The nShield 5s HSM series includes the new high-performance nShield 5s High, which offers superior asymmetric and symmetric performance and best-in-class elliptic curve cryptography (ECC) transaction rates.
nShield 5s Benefits
强大的架构
nShield HSM 通过 Security World 架构集成在统一的生态系统当中,可为您提供可扩展性和负载平衡等功能。
更快的数据处理
nShield 5s HSMs are ideal for enterprise retail, IoT 5G, and other environments where throughput is critical.
保护敏感的业务和应用逻辑
在 nShield 的边界内执行代码,保护您的应用程序及其处理的数据。
技术规格
通过认证的硬件解决方案
Entrust has earned a broad set of certifications for nShield HSM products. These certifications help our customers to demonstrate compliance while also helping to give them the assurance that their nShield HSMs meet stringent industry standards.
安全和环境标准合规性
- UL, CE, FCC, Canada ICES, KC, VCCI, RCM, UKCA RoHS, WEEE, REACH
安全合规性
- FIPS 140-3 Level 3 (Coordination Stage) eIDAS and Common Criteria EAL4 + AVA_VAN.5 and ALC_FLR.2 certification against EN 419 221-5 Protection Profile, under the Dutch NSCIB scheme
- Can form the basis of an EN 419 241-2 certified remote signing system for eIDAS
- 符合 BSI AIS 31 生成真实和确定性随机数的要求
支持的 API
- PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI and CNG, nCore, and Web Services
支持的加密算法
- Full NIST Suite B implementation
- 非对称算法: RSA, Diffie-Hellman, ECMQV, DSA, El- Gamal, KCDSA, ECDSA (including NIST, Brainpool & secp256k1 curves), ECDH, Edwards (Ed25519, Ed25519ph)
- 对称算法: AES, AES-GCM, Arcfour, ARIA, Camellia, MD5 HMAC, RIPEMD160 HMAC, SEED, SHA-1 HMAC, SHA-224 HMAC, SHA-256 HMAC, SHA-384 HMAC, SHA-512 HMAC, Tiger HMAC, 3DES
- 哈希/消息摘要: MD5, SHA-1, SHA-2 (224, 256, 384, 512 bit), HAS-160, RIPEMD160, SHA-3 (224, 256, 384, 512 bit)
- Elliptic Curve Key Agreement (ECKA) available via Java API and nCore APIs
- Elliptic Curve Integrated Encryption Scheme (ECIES) available via Java API, PKCS#11 and nCore APIs
- TUAK & MILENAGE algorithm support for mutual authentication and key generation (3GPP)
- NIST short-listed post-quantum cryptographic algorithms supported using the nShield Post-Quantum SDK with CodeSafe
支持的平台
Windows and Linux operating systems including distributions from Red Hat and SUSE.
可靠性
使用 Telcordia SR-332 “电子设备可靠性预测程序” MTBF 标准在 25°C 的工作温度下进行计算
- nShield 5s HSM: 1,702,841 小时
nShield 5s models | Base | Mid | 高 |
---|---|---|---|
RSA 签名性能 (tps)(使用 NIST 推荐密钥长度) | |||
2048 位 | 670 | 3,949 | 13,614 |
4096 位 | 135 | 814 | 2,200 |
8192 位 | 19 | 115 | 309 |
ECC 主曲线签名性能 (tps) (使用 NIST 推荐密钥长度) | |||
256 位 | 2,085 | 7,553 | 21,826 |
521 位 | 1,010 | 5,977 | 16,164 |
Key generation (key/sec) | |||
RSA 2048 bit | 7 | 20 | 23 |
ECDSA P-256 bit | 1,040 | 3,580 | 3,494 |
ECDSA P-521 bit | 518 | 2,480 | 2,724 |
Key agreement performance (transaction/sec) | |||
ECDH P-256 bit | 2,085 | 7,550 | 21,436 |
Each nShield 5s HSM is supplied with an external smart card reader for local use.
选项和配件
性能评级和选项
We have a variety of nShield 5s models to meet your performance needs. You can select among the performance models shown in the Tech Specs tab and can also purchase in-field upgrades from lower nShield 5s performance models to higher performance models.
软件选项包
Entrust offers a range of software option packs that can be used in conjunction with your nShield HSMs.
nShield Monitor 系统
nShield Monitor 是一个监控平台,可帮助您获得 nShield HSM 运行状态的全天候可见性。 借助该解决方案,安全团队可以高效地检查 HSM 状态,迅速发现可能会危及任务关键型基础设施的任何潜在的安全、配置或使用问题。
远程管理模块
nShield 远程管理支持操作人员从办公地点远程管理分布式 nShield HSM(包括添加应用程序、升级固件、检查运行状态、重新启动等),从而减少差旅时间并节约了成本。 远程管理套件包含设置和使用该工具所需的硬件和软件。
CodeSafe
CodeSafe 是一个功能强大且安全的环境,允许您在 nShield HSM 的安全边界内执行应用程序。 示例应用程序包括数字仪表、身份验证代理、数字签名代理和自定义加密流程。 CodeSafe is available with FIPS Level 3 certified network attached and PCIe nShield HSMs
CipherTools
CipherTools 是一套包含教程、参考文档、示例程序和其他库的工具包。 借助此工具包,开发人员可以充分利用 nShield HSM 的高级集成功能。 除了为标准 API 提供支持外,该工具包还支持您使用 nShield HSM 运行自定义应用程序。 CipherTools 包含在 Security World 软件的 ISO/DVD 中,免费向您提供。
KCDSA 激活
With the KCDSA activation license, you can use the Korean Certificate-based Digital Signature Algorithm (KCSDA) as well as HAS-160, SEED, and ARIA algorithms on nShield HSMs.
智能卡读卡器机架
For organizations deploying one or more nShield 5s modules in a 19" rack, the optional nShield smart card reader rackmount provides a practical and clean solution for attaching card readers in the data center. The rackmount is 1U in height and can be equipped with up to four smart card readers, which come standard with nShield 5s cards. 每个单元都配备了三个封板,用于盖住尚未使用的插槽。