Protect cryptographic keys against compromise while providing encryption, signing and authentication services, with Thales ProtectServer Hardware Security Modules (HSMs).
Application developers can create their own firmware and execute it within the secure confines of the highly flexible HSM. Known as functionality modules, the toolkits provide a comprehensive facility to develop and deploy custom firmware.
Wider range of cost, performance and form-factors available:
ProtectServer 3+ External HSM
Protect cryptographic keys against compromise while providing encryption, signing and authentication services to secure sensitive applications including native blockchain algorithm support, with this security hardened network crypto server. Dual swappable AC power supplies provide high availability, business continuity and the flexibility to perform power supply and field maintenance.
ProtectServer 3 External HSM
Safeguard against physical and logical attacks with ProtectServer 3 External HSM – a heavy-duty steel appliance with tamper-protected security.
ProtectServer 3 PCIe HSM
PCI Express x4-compliant card available in different performance levels to meet varied system requirements.
- Overview
- Specifications
- Features
ProtectServer HSMs at a glance:
Customizable and Scalable
Integrate ProtectServer HSMs on either the same or distinct sub-nets, and share between different networks in order to protect multiple business domains with a broad range of symmetric and asymmetric cryptographic performance levels.
Extensive APIs
Users and developers can facilitate seamless integration of cryptography and HSMs into a large array of pre-integrated third-party solutions or custom applications. The customization Software Development Kit (SDK) enables the development, download, and storage of custom-specific functionality modules (FMs) inside the secure boundary of the HSM.
Software Emulator
Developers can test and debug custom firmware from the convenience of a desktop computer with the full-featured software emulator, rounding out the flexible development tools. Additionally, test applications without the need to install a ProtectServer HSM. When ready, simply install the HSM and redirect communication to the hardware – no software changes are necessary.
Reliable Hardware
Benefit from superior performance with reliable, high quality components, and a common architecture for all ProtectServer HSMs.
FIPS 140-2 Level 3 Validated
ProtectServer HSMs contain a FIPS 140-2 Level 3 validated cryptographic module to perform secure cryptographic processing in a high-assurance fashion. Built for industry standard security applications, ProtectServer HSM functions within a tamper-protected environment, providing secure storage for highly sensitive information, cryptographic keys, PINs, and data.
Native Blockchain Algorithm Support
Encrypt digital wallets and sign blockchain entries with ProtectServer HSMs, which support BIP32, Milenage and Tuak algorithms and SECP256k1 elliptic curve.
Swappable Dual AC Power Supplies
ProtectServer 3+ External HSMs employ dual swappable AC power supplies for high-availability data centers to help protect against power failures, and enable business continuity by providing the ability to connect the appliance to two separate power sources to safeguard against the possible malfunction of one of the sources. This provides the necessary flexibility to perform maintenance, or replace a failed power supply or power feed with the assurance that your device will continue to operate.
ProtectServer 3+ External HSM Specifications:
Download the ProtectServer 3+ and 3 External HSM data sheet
Download the ProtectServer 2+ and 2 External HSM data sheet
Feature | Details |
|---|---|
| OS Support | Windows, Linux |
| Cryptographic APIs | PKCS#11, CAPI/CNG, JCA/JCE, JCProv, OpenSSL |
| Cryptography |
|
| Rack Mountable | Standard 1U 19" rack mount appliance |
| Dimensions | 19” x 21” x 1.725” (482.6mm x 533.4mm x 43.815mm) |
| Weight | 28lb (12.7kg) |
| Input Voltage | 100-240V, 50-60Hz |
| Power Consumption | 100W maximum, 84W typical |
| Temperature | Operating 0° to 35°C, storage - 20° to 60°C |
| Relative Humidity | 5% to 95% (38°C) non-condensing |
| Host Interface |
|
| Security Certifications |
|
| Management and Monitoring |
|
| Safety and Environmental Compliance |
|
| Reliability |
|
ProtectServer 3 External HSM Specifications:
Feature | Details |
|---|---|
| OS Support | Windows, Linux |
| Cryptographic APIs | PKCS#11, CAPI/CNG, JCA/JCE, JCProv, OpenSSL |
| Cryptography |
|
| Rack Mountable | Standard 1U 19" rack mount appliance |
| Dimensions | 17.20” x 9.84” x 1.73” (437 mm x 270 mm x 44 mm) |
| Weight | 6.83lb (3.1 kg) |
| Input Voltage | 100-240V, 50-60Hz |
| Power Consumption | 90W maximum, 58W typical |
| Temperature | Operating 0° to 35°C, storage - 20° to 60°C |
| Relative Humidity | 5% to 85% (38°C) non-condensing |
| Host Interface | 2 Gigabit Ethernet ports with Port Bonding |
| Security Certifications | FIPS 140-2 Level 3 (pending) |
| Management and Monitoring |
|
| Safety and Environmental Compliance |
|
| Reliability | Mean Time Between Failure (MTBF) 165,637 hours |
ProtectServer 3 PCIe HSM Specifications:
Download the ProtectServer 3 PCIe HSM data sheet
Download the ProtectServer 2 PCIe HSM data sheet
Feature | Details |
|---|---|
| OS Support | Windows, Linux |
| Cryptographic APIs | PKCS#11, CAPI/CNG, JCA/JCE, JCProv, OpenSSL |
| Cryptography |
|
| Dimensions | Low Profile PCIe card, 2.74” x 6.57” x 0.74” (69.6mm x 167mm x 187mm) |
| Power Consumption | 18W maximum, 14W typical |
| Heat Dissipation | 61.4 BTU/hr maximum, 47.8 BTU/hr typical |
| Temperature | Operating 0° to 50°C, storage -20°C to 60°C |
| Relative Humidity | 5% to 95% (38°C) non-condensing |
| Host Interface | PCI-Express CEM 3.0, PCI, PCI Express Base 2.0 |
| Security Certifications | FIPS 140-2 Level 3 (pending) |
| Safety, Export and Environmental Compliance |
|
| Reliability |
|
ProtectServer 3 HSM is available in the following performance models to suit your needs:
ProtectServer 3 HSM | Model | Performance |
|---|---|---|
| ProtectServer External 3+ HSM | PL3500 | 3500 tps |
| ProtectServer External 3 HSM | PL3500 | 3500 RSA 1024 tps |
| PL220 | 220 RSA 1024 tps | |
| PL25 | 25 RSA 1024 tps | |
| ProtectServer PCIe HSM | PL3500 | 3500 RSA 1024 tps |
| PL220 | 220 RSA 1024 tps | |
| PL25 | 25 RSA 1024 tps |
* tps = transactions per second
ProtectServer for Server and Web Applications Security
Sample Applications:
- Encryption
- User and data authentication
- Message integrity
- Secure key storage and key management for eCommerce
- PKI
- Document management
- Electronic bill presentation and payment
- Database encryption
- Financial EFT transactions
- Blockchain
- and more
Security at a glance
- Keys always remain in FIPS 140-2 Level 3-validated, tamper-evident hardware
- Secure decommission
- Audit Logging
- Multifactor Authentication
Features & Benefits:
- Programmable
- Functionality Modules - allow custom firmware
- Software Emulator
- Flexible development tools, to debug custom firmware
- Test applications without the need to install an actual HSM.
- Seamless migration to an actual HSM with no software changes
- Performance Options
- Three Performance options (PL3500, PL220, PL25)
- Reliability
- High Availability (HA) / Work Load Distribution (WLD)
- Dual Hot Swap Power Supplies (PSE 3+ HSM)
- In-field upgrades
- Easy Management
- GUI and CLI management interfaces
- Remote HSM management
- Host-Interface
- 4 Gigabit Ethernet ports with Port Bonding (PSE 3+ HSM)
- 2 Gigabit Ethernet ports with Port Bonding (PSE 3 HSM)
- Flexible Key Backup
- Backup & Restore key material using Smart Cards
Thales ProtectServer 3 Network HSMs - Product Brief
Thales ProtectServer 3 Network Hardware Security Modules (HSMs) are security hardened network crypto servers designed to protect cryptographic keys against compromise, while providing encryption, signing and authentication services to secure sensitive applications. ...
Thales ProtectServer 3 PCIe HSM - Product Brief
Thales ProtectServer 3 PCIe Hardware Security Module (HSM) provides tamper-protected hardware security for server systems and applications that require high-performance symmetric and asymmetric cryptographic operations.
Bringing Trust to Blockchain with Thales HSM and SAS Solutions - Solution Brief
Blockchain is one of those industry buzzwords that you seem to hear everywhere, but what exactly is it and can you trust it? For the most part, enterprises are implementing blockchain without truly understanding its purpose, and as much as 90% of enterprise blockchain projects...
Securing Blockchain with Ledger and Thales ProtectServer HSMs - Solution Brief
Secure cold storage of cryptocurrencies such as Bitcoin or Ethereum, is a difficult and complex challenge. Traditional paper wallet-based solutions may be effective for the most basic use cases, but they present a substantial challenge for more complex environments as they do...
Fressets, Inc. Implements First Japanese Offline Multi-Sig Solution to Protect Private Wallet Keys with Thales HSMs - Case Study
The crypto assets (cryptocurrency) market is vibrant once again. Financial institutions, including banks and securities companies, are expected to enter the market. Furthermore, digital assets that go beyond crypto assets, such as security tokens and stable coins, are also...
Epic Lanka Relies on Thales to Secure Keys for Payment Channel Encryption - Case Study
Epic Lanka provides leading e-security and e-payment solutions to corporations in Sri Lanka and neighboring regions. Established in 1998, Epic Lanka develops and implements innovative solutions in such areas as secure electronic payments, information systems security, mobile...