Thales background banner

ProtectServer HSMs: Hardware Security for Servers and Applications

Protect cryptographic keys against compromise while providing encryption, signing and authentication services, with Thales ProtectServer Hardware Security Modules (HSMs).

Application developers can create their own firmware and execute it within the secure confines of the highly flexible HSM. Known as functionality modules, the toolkits provide a comprehensive facility to develop and deploy custom firmware.

Wider range of cost, performance and form-factors available:

ProtectServer 3+ External HSM

ProtectServer 3+ External HSM

Protect cryptographic keys against compromise while providing encryption, signing and authentication services to secure sensitive applications including native blockchain algorithm support, with this security hardened network crypto server. Dual swappable AC power supplies provide high availability, business continuity and the flexibility to perform power supply and field maintenance.
 

Download the ProtectServer 3 HSM Product Brief

ProtectServer 3 External HSM

ProtectServer 3 External HSM

Safeguard against physical and logical attacks with ProtectServer 3 External HSM – a heavy-duty steel appliance with tamper-protected security.
 

Download the ProtectServer 3 HSM Product Brief

Thales ProtectServer 3 PCIe HSM

ProtectServer 3 PCIe HSM

PCI Express x4-compliant card available in different performance levels to meet varied system requirements.
 

Download the ProtectServer 3 PCIE HSM Product Brief

  • Overview
  • Specifications
  • Features

ProtectServer HSMs at a glance:

man-icon

Customizable and Scalable

Integrate ProtectServer HSMs on either the same or distinct sub-nets, and share between different networks in order to protect multiple business domains with a broad range of symmetric and asymmetric cryptographic performance levels.

 

setting-icon

Extensive APIs

Users and developers can facilitate seamless integration of cryptography and HSMs into a large array of pre-integrated third-party solutions or custom applications. The customization Software Development Kit (SDK) enables the development, download, and storage of custom-specific functionality modules (FMs) inside the secure boundary of the HSM.

 

circle

Software Emulator

Developers can test and debug custom firmware from the convenience of a desktop computer with the full-featured software emulator, rounding out the flexible development tools. Additionally, test applications without the need to install a ProtectServer HSM. When ready, simply install the HSM and redirect communication to the hardware – no software changes are necessary.

 

check icon

Reliable Hardware

Benefit from superior performance with reliable, high quality components, and a common architecture for all ProtectServer HSMs.

 

link-icon

FIPS 140-2 Level 3 Validated

ProtectServer HSMs contain a FIPS 140-2 Level 3 validated cryptographic module to perform secure cryptographic processing in a high-assurance fashion. Built for industry standard security applications, ProtectServer HSM functions within a tamper-protected environment, providing secure storage for highly sensitive information, cryptographic keys, PINs, and data.

 

current

Native Blockchain Algorithm Support

Encrypt digital wallets and sign blockchain entries with ProtectServer HSMs, which support BIP32, Milenage and Tuak algorithms and SECP256k1 elliptic curve.

 

link-icon

Swappable Dual AC Power Supplies

ProtectServer 3+ External HSMs employ dual swappable AC power supplies for high-availability data centers to help protect against power failures, and enable business continuity by providing the ability to connect the appliance to two separate power sources to safeguard against the possible malfunction of one of the sources. This provides the necessary flexibility to perform maintenance, or replace a failed power supply or power feed with the assurance that your device will continue to operate.

ProtectServer 3+ External HSM Specifications:

Download the ProtectServer 3+ and 3 External HSM data sheet

Download the ProtectServer 2+ and 2 External HSM data sheet

Feature

Details

OS Support

Windows, Linux

Cryptographic APIs

PKCS#11, CAPI/CNG, JCA/JCE, JCProv, OpenSSL

Cryptography

  • Asymmetric: RSA, DSA, Diffie-Hellman, Elliptic Curve Cryptography (ECDSA, ECDH, Ed25519) with named, user defined and Brainpool curves, and more

  • Symmetric: AES, AES-GCM, AES-CCM, Triple DES, DES, CAST 128, RC2, RC4, SEED, ARIA plus others

  • Hashing: SHA-1, SHA-2, SHA-3, MD5, MD2, RIPEMD 128, RIPEMD 160, DES MDC2 PAD1 and more

  • Message Authentication Codes: SHA-1, SHA-2, SHA-3, MD2, RIPEMD128, RIPEMD160, DES MDC-2 PAD1, SSL3 MD5 MAC, AES MAC, CAST-128 MAC, DES MAC, DES3 MAC, DES3 Retail CFB MAC, DES30x9.19 MAC, IDEA MAC, RC-2 MAC, SEED MAC, ARIA MAC, VISA CVV

  • Digital Wallet Encryption: BIP32

  • 5G Cryptographic Mechanisms for Subscriber Authentication: MILENAGE and TUAK

Rack Mountable

Standard 1U 19" rack mount appliance

Dimensions

19” x 21” x 1.725” (482.6mm x 533.4mm x 43.815mm)

Weight

28lb (12.7kg)

Input Voltage

100-240V, 50-60Hz

Power Consumption

100W maximum, 84W typical

Temperature

Operating 0° to 35°C, storage - 20° to 60°C

Relative Humidity

5% to 95% (38°C) non-condensing

Host Interface

  • 4 Gigabit Ethernet ports with Port Bonding

  • IPv4 and IPv6

Security Certifications

FIPS 140-2 Level 3 (pending)

Management and Monitoring

  • High Availability (HA) / Work Load Distribution (WLD)

  • SNMP, Syslog

  • Backup/Restore

Safety and Environmental Compliance

  • UL, CSA, CE

  • FCC, KC Mark, VCCI, CE

  • RoHS, WEEE

  • India BIS [IS 13252 (Part 1)/IEC 60950-1]

Reliability

  • Dual hot-swap power supplies

  • Mean Time Between Failure (MTBF) 171,308 hours


ProtectServer 3 External HSM Specifications:

Feature

Details

OS Support

Windows, Linux

Cryptographic APIs

PKCS#11, CAPI/CNG, JCA/JCE, JCProv, OpenSSL

Cryptography

  • Asymmetric: RSA, DSA, Diffie-Hellman, Elliptic Curve Cryptography (ECDSA, ECDH, Ed25519) with named, user defined and Brainpool curves, and more

  • Symmetric: AES, AES-GCM, AES-CCM, Triple DES, DES, CAST 128, RC2, RC4, SEED, ARIA plus others

  • Hashing: SHA-1, SHA-2, SHA-3, MD5, MD2, RIPEMD 128, RIPEMD 160, DES MDC2 PAD1 and more

  • Message Authentication Codes: SHA-1, SHA-2, SHA-3, MD2, RIPEMD128, RIPEMD160, DES MDC-2 PAD1, SSL3 MD5 MAC, AES MAC, CAST-128 MAC, DES MAC, DES3 MAC, DES3 Retail CFB MAC, DES30x9.19 MAC, IDEA MAC, RC-2 MAC, SEED MAC, ARIA MAC, VISA CVV

  • Digital Wallet Encryption: BIP32

  • 5G Cryptographic Mechanisms for Subscriber Authentication: MILENAGE and TUAK

Rack Mountable

Standard 1U 19" rack mount appliance

Dimensions

17.20” x 9.84” x 1.73” (437 mm x 270 mm x 44 mm)

Weight

6.83lb (3.1 kg)

Input Voltage

100-240V, 50-60Hz

Power Consumption

90W maximum, 58W typical

Temperature

Operating 0° to 35°C, storage - 20° to 60°C

Relative Humidity

5% to 85% (38°C) non-condensing

Host Interface

2 Gigabit Ethernet ports with Port Bonding

Security Certifications

FIPS 140-2 Level 3 (pending)

Management and Monitoring

  • High Availability (HA) / Work Load Distribution (WLD)

  • SNMP, Syslog

  • Backup/Restore

Safety and Environmental Compliance

  • UL, CSA, CE

  • FCC, KC Mark, VCCI, CE

  • RoHS, WEEE

  • India BIS [IS 13252 (Part 1)/IEC 60950-1]

Reliability

Mean Time Between Failure (MTBF) 165,637 hours


ProtectServer 3 PCIe HSM Specifications:

Download the ProtectServer 3 PCIe HSM data sheet

Download the ProtectServer 2 PCIe HSM data sheet

Feature

Details

OS Support

Windows, Linux

Cryptographic APIs

PKCS#11, CAPI/CNG, JCA/JCE, JCProv, OpenSSL

Cryptography

  • Asymmetric: RSA, DSA, Diffie-Hellman, Elliptic Curve Cryptography (ECDSA, ECDH, Ed25519) with named, userdefined and Brainpool curves, and more

  • Symmetric: AES, AES-GCM, AES-CCM, Triple DES, DES, CAST 128, RC2, RC4, SEED, ARIA plus others

  • Hashing: SHA-1, SHA-2, SHA-3, MD5, MD2, RIPEMD 128, RIPEMD 160, DES MDC2 PAD1 and more

  • Message Authentication Codes: SHA-1, SHA-2, SHA-3, MD2, RIPEMD128, RIPEMD160, DES MDC-2 PAD1, SSL3 MD5 MAC, AES MAC, CAST-128 MAC, DES MAC, DES3 MAC, DES3 Retail CFB MAC, DES30x9.19 MAC, IDEA MAC, RC-2 MAC, SEED MAC, ARIA MAC, VISA CVV

  • Digital Wallet Encryption: BIP32

  • 5G Cryptographic Mechanisms for Subscriber Authentication: MILENAGE and TUAK

Dimensions

Low Profile PCIe card, 2.74” x 6.57” x .074” (69.6mm x 167mm x 187mm)

Power Consumption

18W maximum, 14W typical

Heat Dissipation

61.4 BTU/hr maximum, 47.8 BTU/hr typical

Temperature

Operating 0° to 50°C, storage -20°C to 60°C

Relative Humidity

5% to 95% (38°C) non-condensing

Host Interface

PCI-Express CEM 3.0, PCI, PCI Express Base 2.0

Security Certifications

FIPS 140-2 Level 3 (pending)

Safety, Export and Environmental Compliance

  • UL, CSA, CE

  • FCC, KC Mark, VCCI, CE

  • RoHS, WEEE

  • India BIS [IS 13252 (Part 1)/IEC 60950-1]

Reliability

  • Mean Time Between Failure (MTBF) 997,508 hours

  • High Availability (HA) / Work Load Distribution ( WLD)

  • Backup/Restore


ProtectServer 3 HSM is available in the following performance models to suit your needs:

ProtectServer 3 HSM

Model

Performance

ProtectServer External 3+ HSM

PL3500

3500 tps

ProtectServer External 3 HSM

PL25

25 RSA 1024 tps

 

PL220

220 RSA 1024 tps

 

PL3500

3500 RSA 1024 tps

ProtectServer PCIe HSM

PL25

25 RSA 1024 tps

 

PL220

220 RSA 1024 tps

 

PL3500

3500 RSA 1024 tps

 

* tps = transactions per second

ProtectServer for Server and Web Applications Security

Sample Applications:hsm

  • Encryption
  • User and data authentication
  • Message integrity
  • Secure key storage and key management for eCommerce
  • PKI
  • Document management
  • Electronic bill presentation and payment
  • Database encryption
  • Financial EFT transactions
  • Blockchain
  • and more

Security at a glance

  • Keys always remain in FIPS 140-2 Level 3-validated, tamper-evident hardware
  • Secure decommission
  • Audit Logging
  • Multifactor Authentication

Features & Benefits:

  • Programmable
    • Functionality Modules - allow custom firmware
  • Software Emulator
    • Flexible development tools, to debug custom firmware
    • Test applications without the need to install an actual HSM.
    • Seamless migration to an actual HSM with no software changes
  • Performance Options
    • Three Performance options (PL3500, PL220, PL25)
  • Reliability
    • High Availability (HA) / Work Load Distribution (WLD)
    • Dual Hot Swap Power Supplies (PSE 3+ HSM)
    • In-field upgrades
  • Easy Management
    • GUI and CLI management interfaces
    • Remote HSM management
  • Host-Interface
    • 4 Gigabit Ethernet ports with Port Bonding (PSE 3+ HSM)
    • 2 Gigabit Ethernet ports with Port Bonding (PSE 3 HSM)
  • Flexible Key Backup
    • Backup & Restore key material using Smart Cards
Thales ProtectServer 3 Network HSMs

Thales ProtectServer 3 Network HSMs - Product Brief

Thales ProtectServer 3 Network Hardware Security Modules (HSMs) are security hardened network crypto servers designed to protect cryptographic keys against compromise, while providing encryption, signing and authentication services to secure sensitive applications.

Thales ProtectServer 3 PCIe HSM

Thales ProtectServer 3 PCIe HSM - Product Brief

Thales ProtectServer 3 PCIe Hardware Security Module (HSM) provides tamper-protected hardware security for server systems and applications that require high-performance symmetric and asymmetric cryptographic operations.

Thales Hardware Security Modules - Brochure

Thales Hardware Security Modules - Brochure

Hardware Security Modules (HSMs) are hardened, tamperresistant hardware devices that that protect cryptography keys used for such functions as encryption, digital signing and key generation.

Bringing Trust to Blockchain with Thales HSM and SAS Solutions - Solution Brief

Bringing Trust to Blockchain with Thales HSM and SAS Solutions - Solution Brief

Blockchain is one of those industry buzzwords that you seem to hear everywhere, but what exactly is it and can you trust it? For the most part, enterprises are implementing blockchain without truly understanding its purpose, and as much as 90% of enterprise blockchain projects...

Securing Blockchain with Ledger and Thales ProtectServer HSMs - Solution Brief

Securing Blockchain with Ledger and Thales ProtectServer HSMs - Solution Brief

Secure cold storage of cryptocurrencies such as Bitcoin or Ethereum, is a difficult and complex challenge. Traditional paper wallet-based solutions may be effective for the most basic use cases, but they present a substantial challenge for more complex environments as they do...

Fressets, Inc. Implements First Japanese Offline Multi-Sig Solution to Protect Private Wallet Keys with Thales HSMs - Case Study

Fressets, Inc. Implements First Japanese Offline Multi-Sig Solution to Protect Private Wallet Keys with Thales HSMs - Case Study

The crypto assets (cryptocurrency) market is vibrant once again. Financial institutions, including banks and securities companies, are expected to enter the market. Furthermore, digital assets that go beyond crypto assets, such as security tokens and stable coins, are also...

Epic Lanka Relies on Thales to Secure Keys for Payment Channel Encryption - Case Study

Epic Lanka Relies on Thales to Secure Keys for Payment Channel Encryption - Case Study

Epic Lanka provides leading e-security and e-payment solutions to corporations in Sri Lanka and neighboring regions. Established in 1998, Epic Lanka develops and implements innovative solutions in such areas as secure electronic payments, information systems security, mobile...