Hardware security modules for cryptographic protection
Thales announced that Thales nShield Solo hardware security modules (HSMs) have been integrated into Imprivata OneSign. Designed to protect cryptographic keys and sensitive data in secure hardware, the nShield Solo is a tamper-resistant hardware module that is validated to the FIPS 140-2 standard.
Thales nShield Solo HSMs provide enhanced security to the Imprivata OneSign solution in two important areas. Firstly they protect the SSL/TLS keys used to secure communications to and from the appliance which includes the exchange of authentication credentials with end-users, the sharing of system information between appliances within a cluster and management interfaces with administrators.
Secondly the embedded Thales HSM encrypts the internal database of passwords and credentials that are cached on behalf of the user to provide access to the target applications. Together the HSM is used to guard against eavesdropping and physical attacks on the OneSign appliance.
The company has also announced the integration of the Thales nShield family of HSMs within Layer 7 Gateways.
This enhancement provides Layer 7’s security-conscious customers with new levels of security whenever they encrypt or digitally sign sensitive data to be shared across security boundaries, such as those that separate cloud-based applications, mobile device and networks of external partners. The integrated solution helps streamline compliance tasks and delivers FIPS-compliance for government and defense, banking and finance customers.
Adding to all that, Thales also announced that its range of HSMs fully supports the recently issued best practice recommendations for the use of cryptographic algorithms and key lengths as specified by the National Institute of Standards and Technology (NIST) SP 800-131A.
HSMs have long been accepted as an industry best practice for protecting encryption keys because they overcome the inherent security weaknesses of managing and using keys in software. Thales HSMs support a wide range of algorithms and key sizes and very importantly, are optimized to ensure that the performance impact of transitioning to use longer and therefore stronger keys has been minimized.