Thales banner

ProtectServer HSMs: Hardware Security for Servers and Applications

Protect cryptographic keys against compromise while providing encryption, signing and authentication services, with Thales ProtectServer Hardware Security Modules (HSMs).

Application developers can create their own firmware and execute it within the secure confines of the highly flexible HSM. Known as functionality modules, the toolkits provide a comprehensive facility to develop and deploy custom firmware.

Wider range of cost, performance and form-factors available:

ProtectServer 3+ External HSM

ProtectServer 3+ External HSM

Protect cryptographic keys against compromise while providing encryption, signing and authentication services to secure sensitive applications including native blockchain algorithm support, with this security hardened network crypto server. Dual swappable AC power supplies provide high availability, business continuity and the flexibility to perform power supply and field maintenance.
 

Download the ProtectServer 3 HSM Product Brief

ProtectServer 3 External HSM

ProtectServer 3 External HSM

Safeguard against physical and logical attacks with ProtectServer 3 External HSM – a heavy-duty steel appliance with tamper-protected security.
 

Download the ProtectServer 3 HSM Product Brief

Thales ProtectServer 3 PCIe HSM

ProtectServer 3 PCIe HSM

PCI Express x4-compliant card available in different performance levels to meet varied system requirements.
 

Download the ProtectServer 3 PCIE HSM Product Brief

  • Overview
  • Specifications
  • Features

ProtectServer HSMs at a glance:

scalable icon

 

Customizable and Scalable

Integrate ProtectServer HSMs on either the same or distinct sub-nets, and share between different networks in order to protect multiple business domains with a broad range of symmetric and asymmetric cryptographic performance levels.

 

automation icon

 

Extensive APIs

Users and developers can facilitate seamless integration of cryptography and HSMs into a large array of pre-integrated third-party solutions or custom applications. The customization Software Development Kit (SDK) enables the development, download, and storage of custom-specific functionality modules (FMs) inside the secure boundary of the HSM.

 

software dev ops icon

 

Software Emulator

Developers can test and debug custom firmware from the convenience of a desktop computer with the full-featured software emulator, rounding out the flexible development tools. Additionally, test applications without the need to install a ProtectServer HSM. When ready, simply install the HSM and redirect communication to the hardware – no software changes are necessary.

 

hardware icon

 

Reliable Hardware

Benefit from superior performance with reliable, high quality components, and a common architecture for all ProtectServer HSMs.

 

compliance icon

 

FIPS 140-2 Level 3 Validated

ProtectServer HSMs contain a FIPS 140-2 Level 3 validated cryptographic module to perform secure cryptographic processing in a high-assurance fashion. Built for industry standard security applications, ProtectServer HSM functions within a tamper-protected environment, providing secure storage for highly sensitive information, cryptographic keys, PINs, and data.

 

blockchain icon

Native Blockchain Algorithm Support

Encrypt digital wallets and sign blockchain entries with ProtectServer HSMs, which support BIP32, Milenage and Tuak algorithms and SECP256k1 elliptic curve.

 

power plug battery

 

Swappable Dual AC Power Supplies

ProtectServer 3+ External HSMs employ dual swappable AC power supplies for high-availability data centers to help protect against power failures, and enable business continuity by providing the ability to connect the appliance to two separate power sources to safeguard against the possible malfunction of one of the sources. This provides the necessary flexibility to perform maintenance, or replace a failed power supply or power feed with the assurance that your device will continue to operate.

ProtectServer 3+ External HSM Specifications:

Download the ProtectServer 3+ and 3 External HSM data sheet

Download the ProtectServer 2+ and 2 External HSM data sheet

Feature

Details

OS SupportWindows, Linux
Cryptographic APIsPKCS#11, CAPI/CNG, JCA/JCE, JCProv, OpenSSL
Cryptography
  • Asymmetric: RSA, DSA, Diffie-Hellman, Elliptic Curve Cryptography (ECDSA, ECDH, Ed25519) with named, user defined and Brainpool curves, and more
  • Symmetric: AES, AES-GCM, AES-CCM, AES-GMAC, Triple DES, DES, CAST 128, RC2, RC4, SEED, ARIA plus others
  • Hashing: SHA-1, SHA-2, SHA-3, MD5, MD2, RIPEMD 128, RIPEMD 160, DES MDC2 PAD1 and more
  • Message Authentication Codes: SHA-1, SHA-2, SHA-3, MD2, RIPEMD128, RIPEMD160, DES MDC-2 PAD1, SSL3 MD5 MAC, AES MAC, CAST-128 MAC, DES MAC, DES3 MAC, DES3 Retail CFB MAC, DES30x9.19 MAC, IDEA MAC, RC-2 MAC, SEED MAC, ARIA MAC, VISA CVV
  • Digital Wallet Encryption: BIP32
  • 5G Cryptographic Mechanisms for Subscriber Authentication: MILENAGE and TUAK
  • Interoperability: ASC X9 TR-31
Rack MountableStandard 1U 19" rack mount appliance
Dimensions19” x 21” x 1.725” (482.6mm x 533.4mm x 43.815mm)
Weight28lb (12.7kg)
Input Voltage100-240V, 50-60Hz
Power Consumption100W maximum, 84W typical
TemperatureOperating 0° to 35°C, storage - 20° to 60°C
Relative Humidity5% to 95% (38°C) non-condensing
Host Interface
  • 4 Gigabit Ethernet ports with Port Bonding
  • IPv4 and IPv6
Security Certifications
  • FIPS 140-2 Level 3
  • FIPS 140-3 Level 3 (validation in progress)
Management and Monitoring
  • High Availability (HA) / Work Load Distribution (WLD)
  • SNMP, Syslog
  • Backup/Restore
Safety and Environmental Compliance
  • UL, CSA, CE
  • FCC, KC Mark, VCCI, CE
  • RoHS, WEEE
  • India BIS [IS 13252 (Part 1)/IEC 60950-1]
Reliability
  • Dual hot-swap power supplies
  • Mean Time Between Failure (MTBF) 171,308 hours


ProtectServer 3 External HSM Specifications:

Feature

Details

OS SupportWindows, Linux
Cryptographic APIsPKCS#11, CAPI/CNG, JCA/JCE, JCProv, OpenSSL
Cryptography
  • Asymmetric: RSA, DSA, Diffie-Hellman, Elliptic Curve Cryptography (ECDSA, ECDH, Ed25519) with named, user defined and Brainpool curves, and more
  • Symmetric: AES, AES-GCM, AES-CCM, AES-GMAC, Triple DES, DES, CAST 128, RC2, RC4, SEED, ARIA plus others
  • Hashing: SHA-1, SHA-2, SHA-3, MD5, MD2, RIPEMD 128, RIPEMD 160, DES MDC2 PAD1 and more
  • Message Authentication Codes: SHA-1, SHA-2, SHA-3, MD2, RIPEMD128, RIPEMD160, DES MDC-2 PAD1, SSL3 MD5 MAC, AES MAC, CAST-128 MAC, DES MAC, DES3 MAC, DES3 Retail CFB MAC, DES30x9.19 MAC, IDEA MAC, RC-2 MAC, SEED MAC, ARIA MAC, VISA CVV
  • Digital Wallet Encryption: BIP32
  • 5G Cryptographic Mechanisms for Subscriber Authentication: MILENAGE and TUAK
  • Interoperability: ASC X9 TR-31
Rack MountableStandard 1U 19" rack mount appliance
Dimensions17.20” x 9.84” x 1.73” (437 mm x 270 mm x 44 mm)
Weight6.83lb (3.1 kg)
Input Voltage100-240V, 50-60Hz
Power Consumption90W maximum, 58W typical
TemperatureOperating 0° to 35°C, storage - 20° to 60°C
Relative Humidity5% to 85% (38°C) non-condensing
Host Interface2 Gigabit Ethernet ports with Port Bonding
Security CertificationsFIPS 140-2 Level 3 (pending)
Management and Monitoring
  • High Availability (HA) / Work Load Distribution (WLD)
  • SNMP, Syslog
  • Backup/Restore
Safety and Environmental Compliance
  • UL, CSA, CE
  • FCC, KC Mark, VCCI, CE
  • RoHS, WEEE
  • India BIS [IS 13252 (Part 1)/IEC 60950-1]
ReliabilityMean Time Between Failure (MTBF) 165,637 hours


ProtectServer 3 PCIe HSM Specifications:

Download the ProtectServer 3 PCIe HSM data sheet

Download the ProtectServer 2 PCIe HSM data sheet

Feature

Details

OS SupportWindows, Linux
Cryptographic APIsPKCS#11, CAPI/CNG, JCA/JCE, JCProv, OpenSSL
Cryptography
  • Asymmetric: RSA, DSA, Diffie-Hellman, Elliptic Curve Cryptography (ECDSA, ECDH, Ed25519) with named, user defined and Brainpool curves, and more
  • Symmetric: AES, AES-GCM, AES-CCM, AES-GMAC, Triple DES, DES, CAST 128, RC2, RC4, SEED, ARIA plus others
  • Hashing: SHA-1, SHA-2, SHA-3, MD5, MD2, RIPEMD 128, RIPEMD 160, DES MDC2 PAD1 and more
  • Message Authentication Codes: SHA-1, SHA-2, SHA-3, MD2, RIPEMD128, RIPEMD160, DES MDC-2 PAD1, SSL3 MD5 MAC, AES MAC, CAST-128 MAC, DES MAC, DES3 MAC, DES3 Retail CFB MAC, DES30x9.19 MAC, IDEA MAC, RC-2 MAC, SEED MAC, ARIA MAC, VISA CVV
  • Digital Wallet Encryption: BIP32
  • 5G Cryptographic Mechanisms for Subscriber Authentication: MILENAGE and TUAK
  • Interoperability: ASC X9 TR-31
DimensionsLow Profile PCIe card, 2.74” x 6.57” x 0.74” (69.6mm x 167mm x 187mm)
Power Consumption18W maximum, 14W typical
Heat Dissipation61.4 BTU/hr maximum, 47.8 BTU/hr typical
TemperatureOperating 0° to 50°C, storage -20°C to 60°C
Relative Humidity5% to 95% (38°C) non-condensing
Host InterfacePCI-Express CEM 3.0, PCI, PCI Express Base 2.0
Security CertificationsFIPS 140-2 Level 3 (pending)
Safety, Export and Environmental Compliance
  • UL, CSA, CE
  • FCC, KC Mark, VCCI, CE
  • RoHS, WEEE
  • India BIS [IS 13252 (Part 1)/IEC 60950-1]
Reliability
  • Mean Time Between Failure (MTBF) 997,508 hours
  • High Availability (HA) / Work Load Distribution ( WLD)
  • Backup/Restore


ProtectServer 3 HSM is available in the following performance models to suit your needs:

ProtectServer 3 HSM

Model

Performance

ProtectServer External 3+ HSMPL35003500 tps
ProtectServer External 3 HSMPL35003500 RSA 1024 tps
 PL220220 RSA 1024 tps
 PL2525 RSA 1024 tps
ProtectServer PCIe HSMPL35003500 RSA 1024 tps
 PL220220 RSA 1024 tps
 PL2525 RSA 1024 tps

 

* tps = transactions per second

ProtectServer for Server and Web Applications Security

Sample Applications:

  • Encryption
  • User and data authentication
  • Message integrity
  • Secure key storage and key management for eCommerce
  • PKI
  • Document management
  • Electronic bill presentation and payment
  • Database encryption
  • Financial EFT transactions
  • Blockchain
  • and more

Security at a glance

  • Keys always remain in FIPS 140-2 Level 3-validated, tamper-evident hardware
  • Secure decommission
  • Audit Logging
  • Multifactor Authentication

Features & Benefits:

  • Programmable
    • Functionality Modules - allow custom firmware
  • Software Emulator
    • Flexible development tools, to debug custom firmware
    • Test applications without the need to install an actual HSM.
    • Seamless migration to an actual HSM with no software changes
  • Performance Options
    • Three Performance options (PL3500, PL220, PL25)
  • Reliability
    • High Availability (HA) / Work Load Distribution (WLD)
    • Dual Hot Swap Power Supplies (PSE 3+ HSM)
    • In-field upgrades
  • Easy Management
    • GUI and CLI management interfaces
    • Remote HSM management
  • Host-Interface
    • 4 Gigabit Ethernet ports with Port Bonding (PSE 3+ HSM)
    • 2 Gigabit Ethernet ports with Port Bonding (PSE 3 HSM)
  • Flexible Key Backup
    • Backup & Restore key material using Smart Cards
Thales ProtectServer 3 Network HSMs - Product Brief

Thales ProtectServer 3 Network HSMs - Product Brief

Thales ProtectServer 3 Network Hardware Security Modules (HSMs) are security hardened network crypto servers designed to protect cryptographic keys against compromise, while providing encryption, signing and authentication services to secure sensitive applications. ...

Thales ProtectServer 3 PCIe HSM - Product Brief

Thales ProtectServer 3 PCIe HSM - Product Brief

Thales ProtectServer 3 PCIe Hardware Security Module (HSM) provides tamper-protected hardware security for server systems and applications that require high-performance symmetric and asymmetric cryptographic operations.

Bringing Trust to Blockchain with Thales HSM and SAS Solutions - Solution Brief

Bringing Trust to Blockchain with Thales HSM and SAS Solutions - Solution Brief

Blockchain is one of those industry buzzwords that you seem to hear everywhere, but what exactly is it and can you trust it? For the most part, enterprises are implementing blockchain without truly understanding its purpose, and as much as 90% of enterprise blockchain projects...

Securing Blockchain with Ledger and Thales ProtectServer HSMs

Securing Blockchain with Ledger and Thales ProtectServer HSMs - Solution Brief

Secure cold storage of cryptocurrencies such as Bitcoin or Ethereum, is a difficult and complex challenge. Traditional paper wallet-based solutions may be effective for the most basic use cases, but they present a substantial challenge for more complex environments as they do...

Fressets, Inc. Implements First Japanese Offline Multi-Sig Solution to Protect Private Wallet Keys with Thales HSMs - Case Study

Fressets, Inc. Implements First Japanese Offline Multi-Sig Solution to Protect Private Wallet Keys with Thales HSMs - Case Study

The crypto assets (cryptocurrency) market is vibrant once again. Financial institutions, including banks and securities companies, are expected to enter the market. Furthermore, digital assets that go beyond crypto assets, such as security tokens and stable coins, are also...

Epic Lanka Relies on Thales to Secure Keys for Payment Channel Encryption - Case Study

Epic Lanka Relies on Thales to Secure Keys for Payment Channel Encryption - Case Study

Epic Lanka provides leading e-security and e-payment solutions to corporations in Sri Lanka and neighboring regions. Established in 1998, Epic Lanka develops and implements innovative solutions in such areas as secure electronic payments, information systems security, mobile...