Encryption and key management combined in desktop HSM device from Thales

News by Dan Raywood

Thales has rolled out the nShield Edge to provide remote encryption with built-in key management.

Thales has rolled out the nShield Edge to provide remote encryption with built-in key management.

What the company called the ‘world's first FIPS 140-2 Level 3 validated USB attached hardware security module (HSM)', nShield Edge protects and manages the encryption and digital signing keys used to safeguard sensitive data and applications.

Measuring approximately the same size as a standard jewel CD case, the nShield edge is compatible with workstations, laptops and virtualisation environments and is particularly suited for use in offline certification authority deployments, code signing and other high assurance digital signature applications.

Thales claimed that nShield Edge is an innovative offering in the HSM market because it satisfies current market needs in three distinct areas: it extends enterprise grade cryptographic security beyond the data centre; provides a convenient form factor HSM for high value, key management applications that require portability; and fills a significant gap in the marketplace between smartcards and traditional HSMs.

Talking to SC Magazine, Thales VP of product management Richard Moulds claimed that it was important to bridge the gap between smartcards and HSMs because smartcards are highly portable and provide physical protection for keys and are commonly used for protecting personal credentials. However they typically do not offer the scalability, strong authorisation controls, or key recovery capabilities to support mission-critical enterprise applications.

Also, while HSMs offer these features, they are generally perceived to be best suited to high performance data centre deployments. This results in a gap in the market and drives the need for a highly portable, high security HSM solution.

Moulds said: “nShield is a new module that extends products and brings into a new dimension where you deploy encryption in the endpoint. This is about how you can deploy key management in places where you could not before.

“A typical HSM is usually a rack mounted hardware module, while this is portable. It is about making key management more secure. This is a tamper resistant device, while a smartcard is a physical chip on a card which you carry around and the card provides protection to the key but didn't provide protection to the endpoint.”

He confirmed that the nShield Edge comes from the same technology as point of sale/chip and PIN devices where all PIN numbers can be encrypted.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews