Skip to main content
Image
purple hex pattern

Connected Vehicle Security

Automotive original equipment manufacturers (OEM) and their suppliers rely on Entrust nShield® HSMs for our expertise and experience in building data protection strategies. Our technology enables the root of trust needed to advance connected vehicle security and scale to meet the industry’s evolving demands.

New vehicles offer advanced features and functionality – along with vulnerabilities. Learn how Entrust nShield HSMs deliver solutions that help secure the connected vehicle.

Challenges

Attacks Via Connected Components

The addition of more connectivity to support vehicle infotainment systems, maintenance monitoring, and much more, opens up new potential attack vectors. And a vulnerability in one area could expose the whole system, as advanced attackers seek out pivot points to exploit. 

Compromised Telemetry Transmissions

Telemetry data, which can be used for maintenance tracking or consumer devices plugged into the on-board diagnostics (OBD II) port, must be protected – in motion or at rest – in accordance with regional privacy mandates. Data transmitted by connected components needs to be authenticated to be sure it’s from a trusted source.

Unsecured Software and Firmware Updates

Like other connected devices, today's connected cars comprise components that may require software or firmware updates. Whether delivered over-the-air or at a service center, code updates sent to connected components present the potential for malicious behavior, as well as unintended errors or violations of organizational policies.

Solutions

Connected Component Authentication

To prevent against unsecured components interacting with vehicle systems and introducing malware or providing a pathway for an advanced attack, components need to be authenticated. Entrust nShield HSMs, along with supporting security software, enable manufacturers to give each connected component a unique identification that provides a root of trust along with the foundation for an effective public key infrastructure.

Protected Data-In-Transit

Encrypting telemetry and other data transmitted to/from the vehicle to support vehicle maintenance tracking or a vehicle-to-vehicle/infrastructure ecosystem, provides protection against data theft and other compromises. Entrust nShield HSM products enable the authentication of connected components and provide encryption of data-in-transit to ensure data can be trusted.

Strong Code Signing

To ensure the integrity of software and firmware updates, and defend against the risks associated with code tampering or code that deviates from organizational policies, the code must be signed using a strong methodology. The recognized best practice entails using private keys protected by hardware security modules.

Benefits

Defense Against Malware and Brand Damage

Establishing cryptographically-based digital identities for connected vehicle components and securing code updates against tampering help to protect against malware and code tampering, thus safeguarding against unwanted sophisticated attacks, unauthorized modifications to vehicle performance and reputational damage.

Protection of Sensitive Data

Securing the transmission of telemetry data and other information broadcast to/from the vehicle helps to protect against data loss and the compromise of vehicle and driver safety. Protecting data in transit also helps fleet operators safeguard sensitive information about their vehicles and cargo.

Opportunities for Improved Customer Service and Revenues

With strong authentication in place, components can receive over the air (OTA) software and firmware updates, presenting a significant opportunity for manufacturers, who could open up new revenue streams and enhance driver satisfaction with the introduction of new features, while reducing the cost of issuing updates.

Data Encryption for Banks & Financial Services

Entrust nShield® HSMs offer comprehensive key management and protection to secure data across devices, processes, platforms, and environments. They help financial service providers protect their customers, meet government and industry data security compliance standards, facilitate security auditing, and avoid the reputational damage caused by data breaches.

Challenges

Regulatory Compliance

The data security compliance and regulation challenges alone are daunting for banking and financial services firms. Data-at-rest security requirements are found within PCI DSS for credit card related information, GLBA, SOX/J-SOX, NCUA, data privacy and data residency laws, and even the USA Patriot Act

Securing Data

To protect their reputation banking and financial services firms and their executives must safeguard critical financial data from exposure.

Protecting Against Insiders, APTs and Future Threats

As financial services’ online infrastructures evolve and increase in numbers, procedures need to be in place to not only protect the data, but to also identify and alert the organization of unauthorized access.

Solutions

Strong Key Management

Entrust nShield Hardware Security Modules (HSMs) are hardened, tamper-resistant devices that help protect financial institutions’ most sensitive data by securely generating, managing and storing encryption and signing keys.

Secure Execution Environment

In addition to protecting your sensitive keys, Entrust nShield HSMs also provide a secure environment for running proprietary applications. The CodeSafe option lets you develop and execute code within Entrust nShield HSMs’ FIPS 140-2 Level 3 boundaries, safeguarding your applications from potential attacks.

Benefits

Alignment with Global Compliance and Regulatory Standards

Entrust’s adherence to rigorous standards helps you demonstrate compliance in regulated environments while delivering high confidence in the security and integrity of Entrust nShield HSMs.

Ready for Blockchain Applications

Entrust nShield HSMs help financial services organizations protect and manage the cryptographic keys that underpin blockchain and other distributed ledger applications. Entrust nShield HSMs enable enterprises to design architectures that provide the high-assurance security required for distributed ledgers.

Cyber Security Solutions for Government

Numerous national governments around the world and many of their member states and local jurisdictions have enacted laws regulating the security of the personal, strategic and other sensitive data they hold. Government agencies and the organizations that work with them may be subject to breach disclosure notification and substantial fines if they do not comply with e security mandates. Entrust nShield® HSMs provide solutions that help government agencies and their organizations secure their data and comply with these laws.

Entrust nShield HSMs Family

Entrust nShield HSMs provide a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption and more. Available in three FIPS 140-2 certified form factors, Entrust nShield HSMs support a variety of deployment scenarios.

Technology Partner Program

The Entrust nShield HSMs technology partner program is a forum to forge valuable technical and business relationships. The program is designed to yield benefits for both of our companies and ultimately to our mutual customers. As partner you are considered an extension of Entrust, which means you have access to the information, tools and resources to ensure you are able to meet our joint customers’ business needs.

Entrust has collaborated with solution and application providers in financial services, retail, commercial and government markets for decades. Our joint solutions address a wide range of data protection-related business issues including cloud computing security, regulatory compliance, application security, intellectual property protection, secure credentialing, big data security and device credentialing for the Internet of Things.

Entrust nShield products that provide high assurance cryptographic services critical to these solutions include:

  • HSMs that provide a hardened, tamper-resistant environment for performing secure cryptographic processing, key protection, and key management
  • Remote HSM management and monitoring products that facilitate deployment in lights-out data centers
  • Time stamping products that provide the ability to enforce nonrepudiation for electronic signing, to verify data and application integrity, and to ensure long-term auditability of electronic records
  • Working with Entrust means a partnership with a recognized world leader in security and data protection.
Image
bank icon

U.S. Federal Government Data Protection

Federal government agencies and their partners protect sensitive information with Entrust nShield HSM security solutions.

Healthcare

Entrust nShield® hardware security modules provide encryption key protection to help healthcare enterprises reduce the risks associated with holding patient data. Our flexible HSMs help strengthen organizational security and compliance postures, and mitigate the risk of a breach of valuable medical records.

Challenges

Compliant Protection of Structured and Unstructured Data

Healthcare institutions typically store and process multiple kinds of healthcare data, ranging from images and emails to medical records and payment information. This data, much of which is subject to HIPAA compliance or other privacy mandates, is stored on multiple devices, runs on multiple operating systems and is accessed by multiple users in multiple places.

Expanding Threat Landscape

Medical records are estimated to be worth as much as 10 times the value of a stolen credit card number. As attackers increase their sophistication, healthcare organizations must bolster their healthcare data security and compliance efforts. The unprecedented sharing of healthcare data across clinical applications, devices and facilities expands the potential surface attack area - and the security manager's challenges.

Solutions

Encryption Key Management

Entrust nShield hardware security modules provide healthcare institutions a high-assurance root of trust to protect the keys underpinning encrypted medical records, both on-premises and in the cloud. Safeguarding the keys renders patient data unusable to attackers and improves your compliance with data privacy mandates.

Strong User Authentication

Entrust nShield HSMs can help you create high-assurance systems to authenticate employees using internal systems, and a variety of connected devices accessing the network.

Benefits

Protect Organizational Reputation and Revenues

Data breaches at healthcare organizations have increased operating costs and impacted executive careers from IT to the C-suite, but perhaps the greatest damage is to the long-term reputation (and long-term revenue potential) of the breached organization. Establishing a strong security and compliance posture helps defend the healthcare enterprise against negative reputational and financial impact.

Improve Compliance with HIPAA|HITECH, PCI DSS and More

Data privacy mandates specify that organizations that store and process patient data - and other personally identifiable information - must protect it against theft or other loss and prevent unauthorized access. Entrust nShield HSMs help organizations align with the HIPAA Security Rule and HITECH compliance requirements transparently - without changes to operational processes and the daily work of healthcare professionals.

Render Patient Records Unusable to Attackers

Attackers are motivated by the black market value of patient medical records. However, with Entrust nShield HSMs acting as a root of trust for data encryption keys, attackers will be unable to decrypt patient information.

Cyber Security in Manufacturing

The connected devices produced by high-tech manufacturers are attractive targets for cybercriminals, who seek opportunities to use devices for illicit activities, such as man-in-the-middle attacks, intercepted/manipulated data-in-transit and more. Entrust nShield® HSMs and data encryption solutions are trusted by manufacturers worldwide to address today's high-tech manufacturing security challenges.

Challenges

Attacks on Connected Devices

Devices or attackers impersonating a trusted device or user could use that status to conduct a range of illicit activities, such as a man-in-the-middle attack, tapping into corporate networks, and more. Advanced persistent threats can take control of device software to steal customer information or intellectual property.

Introduction of Unauthorized Code

Insufficient security over code updates can allow hackers an entry point to the device in order to launch attacks or steal data from the device itself. Without adequate security measures at the factory, unauthorized code can also be introduced during the production process itself. 

Unauthorized Production Runs

Unsecured manufacturing processes can lead to production of unauthorized units that can be sold on the black market, either with authentic branding or white labeled. This exposes the organization to significant financial and reputational damage.

Solutions

Device Authentication with Digital Certificates

Manufacturers use Entrust nShield HSMs in conjunction with security applications to secure root signing keys and the issuance of digital certificates, which are injected into connected devices during the production process. Entrust nShield HSMs provides end-to-end protection of the certificate and key generation, and device insertion process, allowing for strong authentication of each device. Read our Polycom case study for a detailed example.

Secure Software and Firmware Updates

Without proper security over software and firmware updates, hackers can inject unauthorized code onto devices to launch attacks or establish a trusted connection to corporate networks. With strong authentication in place, using HSMs to establish a root of trust, the device can validate that any code being introduced comes from a trusted publisher.

Strong Code Signing

The best practice to confirm the integrity of code updates and defend against the risks associated with software tampering is to ensure that code is signed highly secure signing processes with private signing keys protected by HSMs. Entrust nShield HSMs are trusted by manufacturers worldwide to secure their critical keys.

Benefits

Protect Against Brand and Financial Damage

By defending against the production of unauthorized units you can mitigate the brand and financial damage associated with overbuilding and cloning, especially with remote manufacturing facilities.

Ensure Only Authorized Code is Running on Devices

By allowing only authorized code to run on devices you can defend against:

  • Hacker using the device's trusted status to tap into networks or conduct man-in-the-middle attacks
  • Software that sidesteps organizational policies
  • Erroneous or malicious code introduced by vendors in your supply chain

Cost Savings and Revenue Opportunities

With the ability to update devices deployed in the field, you can reduce the time and costs associated with in-person updates. You can also deliver firmware updates that create new revenue opportunities through improved product performance or additional functionality.

Related Resources

Entrust nShield HSM Certified Systems Engineer Training Data Sheet

The nCSE provides the training to give your people the knowledge to get the most from your investment. Getting the best from your technology depends on how much you invest in it...

Data Security Compliance for Retail

Retailers recognize their data isn’t safe, and this threatens their profitability. Data not compliant with PCI DSS standards increases credit card costs on every transaction. The sophistication of today’s cybersecurity outlaws makes the question not “if data will be breached,” but “when.” Entrust nShield® HSM solutions can help retailers protect their data and meet PCI DSS requirements by making it useless to anyone who tries to steal it.

Challenges

Data at Risk

Reportable data breached can not only have a negative effect on sales and reputation, and generate credit monitoring costs and fines, but are also alleged to have cost senior executives and even CEOs their jobs.

PCI DSS Compliance Requirements

Data not compliant with PCI DSS standards increases credit card costs on every transaction and may put your organization at risk for fines.

Solutions

Encryption with Strong Key Management

Entrust and its technology partners make your most sensitive payment and customer data unreadable to unauthorized users through encryption combined with key management backed by FIPS and Common Criteria certified Entrust NShield Hardware Security Modules (HSMs).

Secure Execution Environment

In addition to protecting your sensitive keys, nShield HSMs also provide a secure environment for running proprietary applications. The CodeSafe option lets you develop and execute code within the nShield HSMs' FIPS 140-2 Level 3 boundaries, safeguarding your applications from potential attacks.

Benefits

Meet PCI DSS Requirements

Entrust nShield HSM solutions can help you protect your data and meet PCI DSS requirements by making it useless to anyone who tries to harvest it. Entrust nShield HSMs enable you to meet PCI DSS:

  • 3.5: Protect keys against misuse or disclosure
  • 3.5.1 and 3.5.2: Restrict access to keys and store them in fewest possible locations
  • 3.6: Document and implement key management procedures
  • 3.6.1 to 3.6.3: Securely generate, distribute, and store keys
  • 3.6.4: Change keys periodically (also known as rollover)
  • 3.6.5: Retire old or suspected compromised keys
  • 3.6.6: Split knowledge and control of keys so that no one person can misuse them
  • 3.6.7: Prevent substitution of keys
  • 3.6.8: Document key custodians agreement with policies

Sophisticated encryption and key management solutions that protect mission critical data and applications.

Entrust nShield and our partners offers comprehensive data encryption and key management solutions that protect data across devices, processes, platforms and environments. These solutions have no negative impact on business agility and help retailers protect their customers, meet government and industry compliance standards and avoid the damage to reputation caused by data breaches

Strengthen authentication for payments and e-commerce using general purpose HSMs

Entrust nShield HSM are independently certified to meet FIPS 140-2 and Common Criteria standards and are approved for other approaches that can reduce scope such as point-to-point encryption under PCI DSS guidelines.

Cyber Security for Retail Pharmacies

Retail pharmacies are in the uncomfortable position of needing to comply not only with PCI DSS standards but also the need to comply with other regulations like HIPAA/HITECH as well as protect their organizations from violation of State, Federal and Local data breach statutes. Entrust nShield® HSM data protection solutions help retail pharmacies secure their data and comply with regulatory requirements through data-at-rest encryption and secure access controls to the encrypted information.

Challenges

PCI DSS Compliance

The Payment Card Industry Data Security Standards (PCI DSS) mandates that all organizations that accept, acquire, transmit, process, or store cardholder data must take appropriate steps to continuously safeguard all sensitive customer information.

HIPAA/HITECH Compliance

The HIPAA Security Rule requires covered organizations to implement technical safeguards to protect all Electronic Personal Healthcare Information (ePHI), making specific reference to encryption, access controls, encryption key management, risk management, auditing and monitoring of ePHI information.

The HITECH act then expands the compliance requirement set, requiring the disclosure of data breaches of “unprotected” (unencrypted) personal health records (PHR), including those by business associates, vendors and related entities. Finally, the “HIPAA Omnibus Rule” of 2013 formally holds business associates liable for compliance with the HIPAA Security Rule

International, Federal and State Regulatory Compliance

Data breach notification requirements on loss of personal information have increasingly been enacted by nations around the globe as well as by US State governments. Data breach disclosure laws and notification requirements vary by jurisdiction, but almost universally include a “safe harbor” clause if the data lost was in encrypted form.

The DEA’s requirements for EPCS include that the cryptographic module used to digitally sign data elements be at least FIPS 140-2 Level 1 validated and that the pharmacy application’s private key must be stored encrypted.

Solutions

Entrust nShield HSM Key Management

Entrust nShield HSMs and our technology partner key management solutions enable centralized management of encryption keys for environments and devices including Key Management Interoperability Protocol (KMIP) compatible hardware, Oracle and SQL Server TDE master keys, and digital certificates.

Benefits

Quick and Easy to Install

Entrust nShield HSMs and technology partner key management solutions work with most major operating systems, including Linux, UNIX and Windows servers in physical, virtual, cloud and big data Cardholder Data Environments (CDE).

Doesn't Slow System Performance

Customers typically report no perceptible impact to end-user experience when using Entrust nShield HSM solutions. Entrust nShield HSMs perform encryption and decryption operations at the optimal location of the files system or volume manager taking advantage of hardware cryptographic acceleration, such as Intel® Advanced Encryption Standard-New Instructions (Intel® AES-NI) and SPARC Niagara Crypto, to speed the encryption and decryption of data.