The nShield Solo series, composed of the Solo+ and new Solo XC model, is a high-assurance security solution delivered as a PCIe card designed for embedding in stand-alone servers or appliances. The nShield Solo series delivers dedicated cryptographic offload and acceleration capability to satisfy the highest performance requirements. nShield Solo is ideal for use within security appliances to achieve FIPS-grade security hardening.

Fully supporting the Thales Security World architecture, nShield Solo provides an ideal combination of high assurance and operational ease. This makes it easier for you to define and enforce security policies, such as access control and separation of duties, while also automating burdensome and risk-prone administrative tasks including back-ups and compliance reporting.

nShield Solo is fully compatible with the rest of the nShield HSM family, enabling mixed deployments and easy expansion as performance requirements increase. nShield Solo is available in various performance models, including the Solo XC’s most accelerated model to date, supporting best-in-class elliptical curve cryptography (ECC) transaction rates. And helping customers protect powerful, mission-critical custom algorithms within the secure boundaries of the HSM, the Solo XC series expands CodeSafe, nShield’s unique run-time environment.

The nShield Solo+ is certified to FIPS 140-2 (Solo XC model is FIPS-pending).

Benefits of nShield Solo

• Embedded form factor for dedicated performance enhancement

• Support high volume, enterprise transactions with accelerated transaction rates

• Spacious run-time environment protects powerful custom apps within HSM

Security Features  

nShield HSMs and the Thales Security World architecture combine a number of technologies to provide multi-layered security as follows:

Physical security

• A dedicated, card based security module that isolates cryptographic processes and keys from applications and host operating systems – accessible only through tightly controlled cryptographic APIs.
• Protect execution of custom, security-critical applications within the HSM boundary (CodeSafe option)
• Guard against tampering using specialty materials
• Detect attack attempts by monitoring hardware

Logical security

• Users authenticated using smart cards, avoiding reliance on weak and often shared passwords
• Clear separation of duties distinguish between administrators and key custodians in contrast to software based systems where application super-users or root-level administrators might enjoy widespread entitlements
• Minimize the threat of malicious insiders by requiring administrators to present smart cards as a quorum to perform particularly sensitive tasks such as key recovery. Highly configurable and strongly enforced within the HSM.
• Integrity validation and policy enforcement for nShield-protected applications (CodeSafe option)

Operational Features

The nShield family of HSMs and the Thales Security World architecture deliver both security and convenience by automating important key management tasks, including:

• The power to extend the organization’s existing data backup, replication and file sharing practices to include application keys—dramatically simplifying HSM management and minimizing costly HSM-specific practices
• Remote Administration cuts costs by letting administrators and operators manage distantly deployed HSMs from their local office
• Wide range of standard application interfaces coupled with an extensive pre-testing program with leading application vendors minimizes deployment risk
• Boost performance and optimize client machine capacity through cryptographic acceleration and by off-loading resource-intensive operations
• Unlimited key storage capacity offers high scalability
• Back-up methods avoid the need to archive keys in dedicated hardware or costly backup HSMs
• Combine multiple HSMs to create a highly resilient network for load balancing and failover

Cryptographic algorithms supported:

• Symmetric
• AES (128, 192, and 256 bit)
• Aria (128, 192, and 256 bit)
• Camelia (128, 192, and 256 bit)
• Triple DES (112, 168 bit)
• Asymmetric
• RSA (1024, 2048, 4096, 8192 bit)
• Diffie-Hellman
• DSA
• ECC Suite B
• Hashing
• SHA-1, SHA-2 (224, 256, 384, and 512 bit)

Certifications:

• FIPS 140-2 Level 2 and Level 3 
• Solo XC is FIPS-pending
• Common Criteria EAL4+ (AVA_VAN.5)
• Organismo di Certificazione della Sicurezza Informatica (OCSI) Italian certification, including recognition of Thales nShield HSMs as Secure Signature Creation Devices (SSCDs). Compliant to eIDAS Article 51.
• UL, CE, FCC
• RoHS, WEEE

Operating systems supported:

• Windows
• Linux
• Red Hat Linux Enterprise
• Solaris
• IBM AIX
• HP-UX
• AIX LPARs

APIs supported:

• PKCS#11
• Open SSL
• Java (JCE)
• Microsoft CAPI and CNG

Below is a non-exhaustive list of applications that utilize these APIs and have been tested by Thales partners and/or customers.

• Aconite Affina
• ActivIdentity Card Management System, 4Tress, Validations Authority
• Apache
• Axway Validation Authority
• Bell ID Token Manager, EMV Data Preparation
• CA Application Performance Manager
• CyberArk Digital Vault
• EfficientIP SolidServer
• Entrust Authority Security Manager
• IBM Tivoli Access Manager, Websphere
• Imperva SecureSphere
• Infoblox IPAM Appliance
• Insta Certifier Certificate Authority
• Intercede MyID
• ISC BIND
• Lieberman Software Enterprise Random Password Manager
• Keynectis OpenTrust PKI
• McAfee Iron Mail, Web Gateway
• Microsoft Active Directory Federated Services (ADFS), Active Directory Certificate Services (ADCS), Forefront Identity Manager (FIM), Internet Services Accelerator (ISA), Rights Management Services (RMS), Internet Information Services (IIS), BizTalk Server, Authenticode, Hyper-V, SQL Server, Mediaroom
• nuBridges Protect
• PingIdentity PingFederate
• Prime Factors EncryptRIGHT
• PrimeKey EJBCA
• Protegrity Data Security Platform
• Red Hat Certificate System
• Riverbed Stingray
• RSA Certificate Manager, Data Protection Manager
• Totemo Trustmail
• Vasco Vacman
• Verisec Hnossa
• Voltage SecureData