nShield Connect HSMs

The nShield Connect Hardware Security Modules (HSM) are certified hardware security appliances, FIPS 140-2 certified, hardened, tamper-resistant, security module that performs cryptographic tasks for your networks. The nShield Connect provides encryption, code signing, key generation, certificate authority services and help you to create high-assurance digital signing processes (digital signature). In addition, the nShield Connect’s CodeSafe option allows you to execute sensitive code in a secure environment



  • Highly flexible architecture

    nShield Connect HSMs integrate with the unique Security World architecture from nCipher. With this proven technology, different nShield HSM models can be combined to build a unified ecosystem that delivers scalability, seamless failover, and load balancing

  • Process more data faster

    nShield Solo HSM supports some of the highest cryptographic transaction rates in the industry, making them ideal for enterprise retail, IoT, and other throughput-critical environments. The nShield Solo XC offers our highest transaction performance rate

  • Protect your proprietary applications and data

    nShield Solo HSM protects your sensitive keys and data, plus it provides a secure environment for running sensitive applications. The CodeSafe option lets you execute code within nShield boundaries, protecting your applications and the data they process


  • Certified hardware solutions

    nCipher has earned a broad set of certifications for nShield products. These certifications help our customers to demonstrate compliance while also giving them the assurance that their nShield HSMs meet stringent industry standards.

    Security compliance:

    • FIPS 140-2 Level 2 and Level 3
    • USGv6 accreditation
    • Common Criteria EAL4+ (AVA_VAN.5) for nShield Connect+ models
    • Recognition of nShield Connect+ as a Qualified Signature Creation Device (QSCD)

    Safety and environmental standards compliance:

    • UL, CE, FCC, C-TICK, Canada ICES
    • RoHS2, WEEE
  • High transaction rates

    nShield HSMs boast high rates of elliptic curve cryptography (ECC) and RSA transaction. ECC, one of the most efficient cryptographic algorithms, is particularly favored where low power consumption is crucial, such as applications running on small sensors or mobile devices.

  • Wide support for APIs, cryptographic algorithms and OSs

    Supported APIs

    • PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI and CNG

    Supported Cryptographic Algorithms

    • Asymmetric public key algorithms: RSA, Diffie-Hellman, ECMQV, DSA, KCDSA, ECDSA, ECDH
    • Symmetric algorithms: AES, AES-GCM, ARIA, Camellia, CAST, RIPEMD160 HMAC, SEED, Triple DES
    • Hash/message digest: SHA-1, SHA-2 (224, 256, 384, 512 bit), HAS-160
    • Full Suite B implementation with fully licensed ECC including Brainpool and custom curves

    nShield HSMs offers support for the majority of these cryptographic algorithms as part of the standard feature set. For organizations wishing to use ECC or KCDSA algorithms, optional activation licenses are needed.

    Operating Systems

    • Windows and Linux
    • nShield Connect+ additionally supports Solaris, IBM AIX, HP-UX and virtual environments AIX LPARs
    • nShield Connect XC also supports virtual environments Citrix XenServer 6.5, VMware ESXi 5.5 and Windows Server 2012R2 Hyper-V.
  • Reliability

    Calculated at 25C operating temperature using Telcordia SR-332 “Reliability Prediction Procedure for Electronic Equipment" MTBF Standard.


Options and Accessories:
  • Client licenses

    nShield Connect HSMs ship with three client licenses, each allowing a connection to an IP address. Additional licenses are available for purchase.

  • CodeSafe

    CodeSafe is a powerful, secure environment that lets you execute applications within the secure boundaries of nShield HSMs. Sample applications include digital meters, authentication agents, digital signature agents and custom encryption processes. CodeSafe is available with FIPS 140-2 Level 3 certified nShield Solo and nShield Connect HSMs

  • Remote Administration Kits

    nShield Remote Administration lets operators manage distributed nShield HSMs—including adding applications, upgrading firmware, checking status, re-booting and more—from their office, reducing travel and costs. Remote Administration Kits contain the hardware and software needed to set up and use the tool. These kits are available for nShield Solo and nShield Connect HSMs

  • CipherTools Developer Toolkit

    The CipherTools Developer Toolkit is a set of tutorials, reference documentation, sample programs and additional libraries. With this toolkit, developers can take full advantage of the advanced integration capabilities of nShield HSMs. In addition to offering support for standard APIs, the toolkit enables you to run custom applications with nShield HSMs

  • Database Security Option Pack

    Databases often contain an organization's most sensitive data. To help customers protect their data, major database vendors have implemented native encryption in their products. The nShield Database Security Option Pack adds support for Microsoft’s Extensible Key Management (EKM) API, helping organizations to better protect the keys that safeguard sensitive data in Microsoft SQL Server

  • nToken

    Security teams that want strong authentication for their nShield Connect HSM clients can use nTokens PCIe cards to do hardware-based host identification and verification

  • Elliptic Curve Cryptography (ECC) activation

    The ECC activation license enables EC-DH, EC-DSA and EC-MQV to be used on an nShield HSM

  • KCDSA activation

    With the KCDSA activation license, you can use the Korean Certificate-based Digital Signature Algorithm (KCSDA) as well as HAS-160, SEED and ARIA algorithms on an nShield HSM

  • Slide rails

    nCipher offers optional slide rails that let users mount an nShield Connect in a 19" rack without a shelf. nCipher recommends that customers use these slide rails exclusively as parts from other manufacturers may not be compatible

  • Keyboard

    Many functions of nShield Connect HSMs can easily be executed using the touch wheel at the front of the unit. nCipher offers an optional USB keyboard for even greater ease of use

  • Field replaceable parts

    nShield features parts that operators can replace in the field, without downtime. These parts include the following:

    Dual, hot-swap power supplies.

    Redundant, field-replaceable fans.

    • Power supply unit (PSU)
    • Replacement fan tray


To find best solutions for your cryptographic process, key generation and protection, digital signature implementation or for any inquiries please let us know here


Related Source:

nShield Solo | nShield Edge