Entrust CodeSafe

Secure execution of application code

Entrust CodeSafe is a functionality that allows application code to run within the tamper-resistant modules of the nShield HSM family. CodeSafe prevents potential malicious commands by protecting the software that initiates cryptographic processes. CodeSafe support is available on all versions of the nShield HSM family that are FIPS 140-2 Level 3 compliant (except nShield Edge). CodeSafe enables customers to create application code that runs inside the HSM. This feature protects security-sensitive cryptographic processes from a potentially compromised application server environment and creates a trusted space inside the nShield HSM with corresponding keys. CodeSafe includes two components: a set of developer tools to compile applications and prepare them for import into the HSM, and a runtime environment that protects the application during use. CodeSafe not only isolates and protects the space for security-sensitive applications, but also creates a strong link between cryptographic processes and the keys they use.

This important link establishes rules that ensure that keys and data can only be used by authorized and unchanging applications. CodeSafe enables users to securely deploy cryptography-enabled functions together with unattended servers or in unsupervised environments where system operations take place with direct supervision, controlling access to private key usage, non-volatile user memory and hardware-protected time. An example of a typical enterprise computing environment with and without CodeSafe capabilities is illustrated in the image below.

In the figure, the Applications layer is representative of a general IT environment that includes enterprise business applications, data management functions and backup systems. This environment is complemented by the HSM layer, which is shown at the bottom, where specialized security functions such as cryptographic key storage and management, double checks and auditing are maintained. With CodeSafe, as shown on the right side of the figure, a security-sensitive application is fully contained within a specific security area, allowing the entire range of services to operate securely.