Entrust

Entrust HSMs – Maximum security for your cryptographic infrastructure. Trustworthy. Scalable. Future-proof.

Entrust nShield HSMs offer enterprise-level security , whether you’re protecting critical databases, cloud services, payment infrastructures, or PKI systems. The nShield 5c delivers maximum performance, flexibility, and compliance, while the broad HSM family ensures that the right device is available for every architecture: on-premises, as a network appliance, portable USB devices, or as a cloud service.

---

nShield 5c – High-Performance HSM for Enterprises

The nShield 5c is the flagship of the Entrust HSM series. It combines performance, scalability, and the highest level of security in a network HSM designed for demanding enterprise applications.

Technical highlights:

• Certified security: FIPS 140-3 Level 3, Common Criteria EAL4+, tamper-evident
• Scalable performance: Parallelized cryptography for thousands of transactions per second
• Crypto-agility: Support for RSA, ECC, AES, SHA-3 and future post-quantum algorithms
• Network integration: Deployment via high-bandwidth LAN, remote management and failover options
• Redundancy & High Availability: Cluster-capable for uninterrupted services

Use Cases:

• PKI servers and certificate infrastructures
• Code signing and software authentication
• Encryption of sensitive databases and applications
• Protection of authentication systems and payment infrastructures

---

Other Entrust HSM variants

nShield 5s – PCIe HSM

• Embedded in servers, ideal for local high-performance cryptography
• Perfect for code signing, database encryption and PKI servers

---

nShield Edge – tragbare USB-HSM

• Compact, mobile and easy to use
• Protects keys in development, BYOK, or cloud scenarios.

---

nShield as a Service (nSaaS)

• Cloud-based, no hardware required
• Ideal for rapid deployment of cryptographic services in hybrid infrastructures

---

Why choose Entrust HSMs?

• Physically secured keys: Never leave unprotected outside the HSM device.
• Highly scalable: For growing transaction and key volume requirements
• Flexible integration: On-premise, network, USB or cloud – always compatible
• Future-proof: Supports current and future algorithms (post-quantum-ready)
• Central administration: Monitoring, role and authorization management, remote administration

---

Entrust PKI Solution – The backbone of digital security. Post-Quantum Ready.

Entrust offers a fully integrated Public Key Infrastructure that automates the entire certificate lifecycle – from key generation and issuance to management, renewal, and secure revocation. The platform enables end-to-end security for digital certificates, keys, and device identities in complex IT environments and supports modern Zero Trust and DevOps architectures.

---

PKI portfolio

1. PKI as a Service (PKIaaS)

• Cloud-native architecture: Multi-tenant, elastic scaling, global availability
• Automated Lifecycle Management: Issue, Renew, Revoke, Suspend, Expire
• APIs & Integrations: REST, CMPv2, SCEP, EST, ACME protocols for DevOps and IoT use cases
• Post-quantum cryptography: Supporting hybrid keys to prepare for future quantum attacks
• High Availability & Disaster Recovery: Geo-redundant clusters, SLA-guaranteed uptime

Use Case: Companies that need scalable PKI for cloud-first environments and DevOps.

---

PKI-Portfolio

1. PKI as a Service (PKIaaS)

• Cloud-native Architektur: Multi-Tenant, elastische Skalierung, globale Verfügbarkeit
• Automatisiertes Lifecycle Management: Issue, Renew, Revoke, Suspend, Expire
• APIs & Integrationen: REST, CMPv2, SCEP, EST, ACME-Protokolle für DevOps- und IoT-Use-Cases
• Post-Quantum-Kryptografie: Unterstützung hybrider Schlüssel zur Vorbereitung auf zukünftige Quantenangriffe
• High Availability & Disaster Recovery: Geo-redundante Cluster, SLA-garantierte Uptime

Use Case: Unternehmen, die skalierbare PKI für Cloud-First-Umgebungen und DevOps benötigen.

---

2. Cryptographic Security Platform (CSP) PKI

• All-in-One Appliance: PKI components (Root/Intermediate CAs, RA, OCSP, CRL) in a virtualized platform
• On-premise or private cloud: Full control over key material and certificate management
• Integration with HSMs: FIPS 140-3 Level 3 certified HSMs for private keys
• Scalability: Issuing certificates worth millions with low-latency performance

Use Case: Organizations with strict compliance requirements and high security standards, e.g., financial or government institutions.

---

3. Managed PKI Services

• Entrust as operator: monitoring, updates, key management, compliance checks
• Audit & Reporting: Full logging of CA operations, CRL and OCSP status
• Automated certificate processes: Reducing human error and ensuring SLA-compliant renewal

Use Case: Companies without an internal PKI team that still require the highest level of security.

---

4. Certificate Authority (Enterprise PKI)

• Centralized management of root and sub-CAs
• Support for HSM-secured keys (FIPS 140-2/3 Level 3)
• Protocol support: REST, CMPv2, SCEP, EST, ACME, OCSP, CRL
• Certificate types: TLS/SSL, Client Auth, Code Signing, Document Signing, IoT Device Identity
• Global standards: CAB/FORUM, Common Criteria, ISO 27001

Use Case: Large companies, IoT ecosystems, banks, government agencies, software manufacturers.

---

Technical Highlights

• Post-Quantum-Ready Algorithms: Hybrid and Quantum-Resistant Keys
• End-to-End Key Management: HSM-secured root keys, lifecycle management, automated renewal
• Flexible deployment: Cloud-native PKIaaS, on-prem appliance, managed service
• API integration: Automation for DevOps, IoT, MDM/EMM systems
• Zero Trust compatible: Certificates for encrypted device-to-device and service communication

---

Deployment scenarios

• Web and service security: TLS/SSL certificates, API protection
• IoT & Embedded Devices: Trusted Device Identity, Secure Boot
• Code Signing: Software Integrity and Non-Repudiation
• Digital signatures: Email, documents, PDFs
• Zero-Trust Networks: Authentication of users, endpoints and services