Professional Documents
Culture Documents
Nshield Connect 6000
Nshield Connect 6000
Victor Mitu
Security Consultant
E-mail: victor@provision.ro
Phone number: 0733.505.608
Summary
• Features
• nToken
Definition and Overview
Algorithms
Public key algorithms: RSA, Diffie-Hellman, DSA, El-Gamal, KCDSA, ECDSA, ECDH
Symmetric algorithms: AES, ARIA, Camellia, CAST, DES, RIPEMD160 HMAC, SEED,
SHA-1, SHA-224, SHA-256, SHA-384, SHA-512,Triple DES
Application interfaces
PKCS #11
Microsoft CryptoAPI / CNG
Java JCE
OpenSSL
Features
Security Features
• Physical – Temper resistant/Tamper-responsiveness
• Segregation of Duties
Features
High Availability
• Signing speed
6,000 signing transactions per second (TPS) with RSA 1,024-bit keys
Optimized to deliver up to 3,000 TPS when taking advantage of longer, more secure,
2,048-bit keys
500 TPS when 4,096-bit keys are needed
* Performance may vary depending on operating system, application, network topology, and other factors.
Features
Optional features
• PCI
strong authentication for nShield Connect
clients
• PCI Express cards
nToken
nToken
• Is a FIPS 140-2 level 2 module, with level 3 physical security
• Designed to protect a single signing key used to identify a host
• It also proves to a nCipher network attached HSM that the session was
initiated by a client running on that host
• It connects to the host computer via a PCI bus and must be accessed by a
custom written application
Authentication key - when the nToken is enrolled it generates a DSA key pair
used for signature generation
• The public half is exported in plain text and transferred to netHSM
• The private half is encrypted under the module key and exported to an
nCipher format key blob which is stored on the local host computer
nToken
Firmware Integrity Key - all firmware is signed using a DSA key pair
Victor Mitu
Security Consultant
E-mail: victor@provision.ro
Phone number: 0733.505.608