nChiper Hardware Security Modules

The protection, management and secure use of cryptographic keys are fundamental to the security delivered by encryption, digital signature and digital rights management systems. nCipher's FIPS-validated hardware security modules (HSMs), nShield and netHSM, meet these requirements for a host of commercial and custom-built business applications employing encryption, SSL, PKI or other cryptographic techniques. Deploying nCipher's Security World key management framework, these hardware platforms go far beyond simple key storage and protection to deliver a secure and scalable high-assurance security infrastructure.

 

Value added HSMs

General purpose HSMs

The netHSM is a highly secure, network-attached Hardware Security Module (HSM) that provides a shareable cryptographic resource for multiple servers.

Authorized applications that require access to hardware-protected cryptographic
keys – from PKI and authentication systems to Web services and SSL – can share access to the netHSM over secured connections. Although dedicated HSMs are appropriate for security applications and servers that demand guaranteed availability and/or processing power, the netHSM provides a cost-effective deployment option
for a variety of typical scenarios. The netHSM allows your investment in ‘hard security’
to be spread across multiple applications or servers.

Enhance cryptographic security with hardware-based key protection

Whether you’re using cryptography to protect digital signatures, authenticate
users or process e-commerce transactions, the level of security depends on
how well keys are protected.

nShield protects keys within a commercial server platform in a highly secure,
tamper-resistant hardware environment enabling them to be effectively managed
and safely stored. nShield has received a FIPS 140-2 security validation at level 2
and level 3. FIPS is a widely recognized security benchmark for cryptographic modules.

The nShield range covers a broad spectrum of performance options; from HSMs that
can handle up to 4000 transactions per second for critical operational infrastructure
to lower acceleration hardware designed for branch office security applications.


Embedded HSMs

Component sized cryptographic security module for OEMs
Cryptographic security is a fundamental element of protecting sensitive information,
but for OEMs to develop a cryptographic component for their solutions with high security specifications, introduces risk, additional cost, and delayed time to market. Developing
a cryptographic subsystem that can be validated to stringent cryptographic security standards such as FIPS 140-2 requires specialized skills and a significant investment
of time to achieve product validation.

The miniHSM is an embedded hardware module that has been validated to FIPS 140-2 Level 3, a widely recognized security benchmark for cryptographic modules.
This provides OEMs with a secure, simple, drop-in solution to provide data encryption, digital signing, and strong authentication within a broad range of products.
The miniHSM provides developers with an attractive alternative to in-house development and creates the opportunity to leverage nCipher's unique application security and key management technology.
   
        Typical applications for miniHSM include:
        • Secure audit
        • Protection of cryptographic keys
        • Time stamping
        • Non-repudiatable signatures
        • Digital certificate issuance
        • High integrity security applications
        • High-end DRM enforcement


Value added HSMs

nFast SSL Acceleration or Offload card

SSL doesn’t come for free. It costs CPU power, server memory, IT administration and integration. Worse, these costs are a growing cascade as an increase in the number
of CPUs equates to a direct increase in the number of software licenses required and
the additional overhead of IT administration.

However, all of these costs can be paid for with an nFast SSL Acceleration or
Offload card.

nFast SSL Offload Card

High performance PCI Cards that replace a server's Network Interface Card (NIC) to offload all SSL processing from the application. https ciphertext passing through the nFast's network interface is translated and provided in plaintext TCP/IP, providing
a complete SSL subsystem for any IP-enabled application running on Windows,
Solaris or Linux Operating Systems.

nFast SSL Accelerator

PCI Cards that accelerate SSL operations by processing the asymmetric (RSA) cryptography that can cause significant performance bottlenecks. These products
handle only the most CPU-hungry SSL processing, requiring the application itself to
be SSL-enabled in order to process the remaining SSL load. They are best-suited to environments where substitution of the NIC is not appropriate or where specialist Operating Systems such as AIX or HPUX are deployed.
 

The payShield Option Pack for nCipher Hardware Security Modules has been designed
to meet the stringent security requirements of the payments industry. payShield implements functionality to support card life-cycle (magstripe and EMV) and transaction processing, including 3-D Secure, Visa DPA and MasterCard CAP. payShield enabled HSM combines the highest level of protection with an ability to handle high volumes of symmetric and asymmetric cryptography required by the latest payments systems for the authentication and verification of cardholders.


 Document Signing & Encryption
nCipher provides simple and cost effective solutions for satisfying requirements for high assurance archival, exchange and distribution of classified documents and customer records. These products comprise network appliances that provide a centralized signing, encryption and time stamping capability, delivering a streamlined and cost-effective way for organizations to preserve the integrity, authenticity and confidentiality of documents.

 

The nCipher Classified Document Security Server delivers the most streamlined and
cost effective way for organizations to secure Adobe® Portable Document Format
(PDF) files, allowing recipients to automatically certify the authenticity of the sender
of the document, the integrity of the data and through integration of a Time Stamp
Server validate the time when the signature was applied.

The nCipher Classified Document Security Server is a revolutionary solution for
document security. It provides digital signature, time stamping and encryption
capabilities in an easily deployed package for organizations that generate high volumes
of security sensitive or classified documents. Most importantly, because of the volumes involved the appliance uses digital signature technology in a way that enables automatic validation by the recipient using Adobe Reader or Acrobat. This ensures that signature validation is seamless, easy to use and ubiquitous.

By integrating all of the security functions into a single appliance, the nCipher solution, using the onboard Adobe server software, significantly reduces the Total Cost of Ownership (TCO) for document security technology.


Time Stamping

nCipher's time-stamping products allow organizations to integrate secure digital signatures and auditable time stamping functionality into their critical applications.
Time stamping has emerged as one of the key components of public key infrastructure technology (PKI), delivering non-repudiation and ensuring that the integrity of data is verifiable at a future point in time.

Document Sealing Engine DSE 200
nCipher's Document Sealing Engine (DSE 200) is an easily deployed and cost effective time stamping solution, comprising a networked appliance and a developer’s toolkit.
It allows you to integrate secure digital signatures and auditable time stamping functionality into your applications. Once calibrated, via an authenticated secure
network connection, the DSE 200 is ready to provide time stamps to any PKIX-compliant time stamp request; avoiding reliance on the system clock of host servers which are unreliable and vulnerable to tampering.
The DSE 200 can create certified digital originals, by establishing an auditable record
of a document’s authenticity; securely binding the identity of the document’s originator and the time of its creation to the electronic original.
The Document Sealing Engine is an easily deployed and cost-effective solution for organizations that require trustworthy electronic documents that maintain their
evidentiary value over time.