nCipher

Systems Management > HSM Key Protection

nCipher offers a line of hardware-based products to protect commercial applications in use in websites.
nCipher products integrate modularity, speed and user-friendliness, and are especially suitable for organizations operating commercial websites and various e-commerce services on Web servers in a safe channel through SSL protocol.
Transferring data safely in the SSL channel is fast and efficient, but the procedure to create the SSL channel, called the SSL Handshake, utilizes a large portion of the Web server’s resources. Therefore, many Web servers cannot withstand access to a large number of users in the website simultaneous. In standard Web servers, most of the CPU activity is used to perform SSL Handshakes and in many cases requires the organization to purchase numerous additional servers in order to withstand the load.

The most protected secrets in organizations are found in Web servers. The Web server’s private key exists only there and allows clients to verify that they have in fact reached the organization’s server and not an impersonated one. Only the server’s private key can create a SSL channel in the name of the specific server that the client has approached.
nCipher’s Hardware Security Modules (HSM) allow suiting the module to the client’s requirements, whether by accelerating transactions or protecting the private key completely. The HSM tools interface with all platform types, such as NT, all types of UNIX and Linux. In addition to each standard management module, it is suitable for connection to different computers and software, and comes in SCSI and PCI form.

PIC

nShieldTM Hardware Security Module -HSM Cryptographic security platform with advanced key management

A flexible and safe system to host critical organizational applications – from trade to communication – PKI passes the essential foundations to a safe electronic trade environment: Access control, authentication, privacy, perfection and non-repudiation. However, the strong PKI solution is like the weak in its connection, i.e. if you do not protect the private key at your heart of the PKI system properly, your entire infrastructure and organization is at risk. This is the reason that many organizations worldwide have chosen nShield hardware protection systems to help strengthen the security and increase the PKI system’s management ability.
nShield HSM is compatible with leading PKI solutions to protect private keys completely. nShield integrates advanced key management functionality and is devoted to accelerating protected communication in an immune model.

nForceTM Secure SSL Accelerators
High-Volume Processing Capacity & Advanced Key Management Functionality, in a Single Module.

The more the use of security services in your PKI infrastructure rises, load management, SSL protocol data processing capacity and protecting a large number of private keys becomes a more difficult challenge.
Heavy SSL traffic can cause a bottleneck in the processing, overpowering even the strongest servers.
The heavy traffic drastically affects server performance and response speed, which could ultimately damage the loyalty of your clients.

In addition, failure to protect private keys used by the SSL protocol can cause attacks and eavesdropping on e-commerce translations. Also, stolen keys allow impersonation in legitimate websites and performing various fraudulent activities. These crimes are performed underhandedly and place online services and clients at risk.
The nForce increases e-commerce protection and helps organizations relieve the processing speed in heavy traffic, since it is a solution with the power to handle bottlenecks and allow control over keys, which assists in protecting the safe infrastructure.
The nForce stores the private keys provided by the Certificate Authority (CA) in a safe place in order to perform SSL operations. Usually, the private keys are stored in the Web server secured and encrypted with multiple protection means, but in order to perform a SSL operation, the encrypted private key must be deciphered. This operation takes enough time for a hacker to sniff, the private key and in this way user details (credit card number, bank account, etc.) are completely exposed.
The nForce saves the private key in the hardware component, which is disconnected from the Web server and knows how to open the private key only while performing the SSL operation.

nForce helps organizations in the following fields:

 Strengthening server performance
      Integrating powerful acceleration abilities, nForce overcomes bottlenecks in traffic before they become a problem.

 Extending the server processing capacity
      Adding an nForce Accelerator to the protected server can produce significant increase in processing ability without having to purchase additional expensive servers.

 Streamlines the protected infrastructure
      The nForce Accelerator is modular and allows adding capacity, where and when required, to withstand the increasing demands of larger processing volumes in the SSL channel or to handle unexpected the server activity.

 Helps increase security through advanced key management
      nForce protects digital key secrecy and in this way helps in the overall protection of threatened online services.

 Improving management ability
      Builds responsibility hierarchies in an organization, and can divide the large number of keys in the infrastructure into management groups.

PIC

nFast SSL Accelerator
Accelerate SSL Operations & Maximize Performance

As the demand for online privacy and protection increases, many organizations gradually appeal for an SSL channel industrial standard to protect their entire organization, from internal organizational communications, through sensitive digital contents, to e-commerce transactions.
Although the benefit to using SSL is clear, SSL operations greatly burden the resources of the servers and could cause the server resources and activities to slow down significantly to a snail’s pace in regular traffic conditions.
The nFast 800 allows 800 SSL communications per second. This PCI card works on Windows 2000 and Linux operation systems, and has the ability to offer more in improving Web server performance.
The nFast allows performing up to 300 communications simultaneously. It frees the CPU in e-commerce servers from bottlenecks caused by many simultaneous user requests, and in this way only 30% will be devoted to handling communications as opposed to 95% without the nFast module. The result is that most of the power is in the application itself. nFast is a hardware module to accelerate the SSL Handshake in the Web server. nFast 300 allows accelerating the SSL channel for Web servers in a wide range of operating systems. In addition, this PCI card supports unique API, such as BHAPI, to support Web-based applications which utilize these API abilities.