> Hardware Security Module

Thales nShield Edge

The nShield Edge is the universal serial bus (USB)-attached

K E Y B E N E F I TS hardware security module (HSM) in the Thales family of high
security data protection solutions. The nShield Edge combines a
OPERATIONAL
> Provides a portable, cost-effective solution with full-featured HSM with a smart card reader in one portable device,
unmatched operational flexibility for laptops and offering secure backup and dual control access to an organization’s
virtual machines based on the unique Security World high-value keys for low transaction volume environments. The
architecture independently certified platform performs key management and
> Reduces overall cost for regulatory compliance (e.g. cryptographic operations such as encryption and digital signing on
PCI DSS) as well as for day-to-day key management behalf of a wide range of commercial and custom-built business
tasks including backup and remote management
applications and critical security systems including offline certificate
> Enables high assurance business continuity authorities (CAs) for public key infrastructures (PKIs), code signing
with simplified HSM enrollment and efficient key
provisioning and remote HSM management.
> Protects registration authority keys and provides a The nShield Edge’s USB connectivity makes it especially suitable for
practical solution for offline root CAs use with laptops and virtual machines, providing appropriate levels of
SECURITY physical and logical controls where software-based security features
> Delivers certified protection for cryptographic keys are considered to be inadequate. In the face of evolving compliance
and operations within tamper-resistant hardware to requirements and general standards of due care, the use of nShield HSMs
significantly enhance security for critical applications provides a tangible measure of security. All Thales nShield HSMs feature
> Establishes strong separation of duties and dual the market-leading Security World key management architecture that
controls through robust administration policies enables the automation of burdensome and
including role-based multi-factor authentication and
flexible quorum-based authorization risk-prone administrative tasks, guarantees
key recovery and eliminates single points of
failure and expensive, manually-intensive
backup processes.

www.thales-esecurity.com
> Thales nShield Edge
Technical Specifications*
Functional Capabilities Safety, Security and Environmental
> Protects cryptographic keys in secure hardware Compliance
> Supports laptops and virtual machines > UL, CE, FCC
> Provides dual control access for valuable keys > RoHS, WEEE
> Provides practical solution for offline root CAs > FIPS 140-2 Level 2 and Level 3, NIST SP 800-131A
> Protects keys for registration authorities
> Controls keys used for code signing High Availability
> Facilitates remote nShield HSM operation > All solid-state storage
> Simplifies HSM application development
> Provides secure key wrapping, backup, replication Management and Monitoring
and recovery > Remote unattended operator/multi-user access control
> Supports unlimited protected key storage and logical/ > Syslog diagnostics support
cryptographic separation of application keys
> Windows performance monitoring
> Offers “k of n” multifactor authentication
> Command line interface (CLI)/graphical user interface (GUI)
> SNMPv3 compatible monitoring
Supported Operating Systems
> Physical: Windows 2008, 2008 R2, XP, Vista, 7
Physical Characteristics
> Virtual: VMware Server, VMware Workstation,
Microsoft Hyper-V for Windows Server 2008 R2, MS > Portable desktop device with integrated smart card reader
Virtual PC for Windows 7 > Dimensions with stand open 120 x 118 x 27mm
(4.7 x 4.6 x 1in)
Application Program Interfaces (APIs) > Weight: 340g (0.8lb)
> PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI and CNG > Input voltage: 5v DC powered by USB host device
> nCore (low-level Thales interface for developers) > Power consumption: 700mW
> Temperature: operating 5 to 45°C (41 to 113°F),

The Thales policy is one of continuous development and consequently the equipment may vary in detail from the description and specification in this publication.
storage -40 to 70°C (-40 to 158°F)
Compatibility and Upgradeability > Humidity: operating 10 to 85% (relative, non-condensing at
> Compatible with Thales nShield Solo (PCI/PCIe), 35%), storage 0 to 85% (relative, non-condensing at 35%)
nShield Connect, and netHSM 500 and 2000
> Software upgradeable Availability and Performance
nShield Edge is available in FIPS Level 3 and Level 2
Host Connectivity variants. A non-FIPS Developer Edition is also offered. All
> USB port (1.x, 2.x compliant) modes yield the same performance characteristics.
> Includes 1 meter connector cable (USB type A to B) Signing
(tps)
Performance
Cryptography 1024bit RSA 12
> Asymmetric public key algorithms: RSA (1024, 2048, 2048bit RSA 2
4096, 8192), Diffie-Hellman, DSA, El-Gamal, KCDSA,
4096bit RSA 0.2
ECDSA, ECDH
> Symmetric algorithms: AES, ARIA, Camellia, CAST, nShield Edge includes smart cards and folds for convenient storage.
DES, RIPEMD160 HMAC, SEED, Triple DES
> Hash/message digest: SHA-1, SHA-2 (224, 256,
384, 512bit)
> Full Suite B implementation with fully licensed Elliptic
Curve Cryptography (ECC) including Brainpool and For more information please see
custom curves www.thales-esecurity.com or scan
the quick response (QR) code on
your smart phone.
© Thales - July 2011 • MGD1403

* Performance may vary depending on operating system, application, network topology

and other factors.

Thales e-Security

Americas: 2200 North Commerce Parkway, Suite 200, Weston, Florida 33326 • Tel: +1 888 744 4976 or +1 954 888 6200 • Fax: +1 954 888 6211 • E-mail: [email protected]
Asia Pacific: Unit 4101, 41/F, 248 Queen’s Road East, Wanchai, Hong Kong • Tel: +852 2815 8633 • Fax: +852 2815 8141 • E-mail: [email protected]
Europe, Middle East, Africa: Meadow View House, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ • Tel: +44 (0)1844 201800 • Fax: +44 (0)1844 208550 • E-mail: [email protected]