Protect cryptographic keys against compromise while providing encryption, signing and authentication services, with Thales ProtectServer Hardware Security Modules (HSMs).

Application developers can create their own firmware and execute it within the secure confines of the highly flexible HSM. Known as functionality modules, the toolkits provide a comprehensive facility to develop and deploy custom firmware.

Wider range of cost, performance and form-factors available:


Protect cryptographic keys against compromise while providing encryption, signing and authentication services to secure sensitive applications including native blockchain algorithm support, with this security hardened network crypto server. Dual swappable AC power supplies provide high availability, business continuity and the flexibility to perform power supply and field maintenance.
Safeguard against physical and logical attacks with ProtectServer 3 External HSM – a heavy-duty steel appliance with tamper-protected security.
PCI Express x4-compliant card available in different performance levels to meet varied system requirements.

ProtectServer HSMs at a glance:

Customizable and Scalable

Integrate ProtectServer HSMs on either the same or distinct sub-nets, and share between different networks in order to protect multiple business domains with a broad range of symmetric and asymmetric cryptographic performance levels.

Extensive APIs

Users and developers can facilitate seamless integration of cryptography and HSMs into a large array of pre-integrated third-party solutions or custom applications. The customization Software Development Kit (SDK) enables the development, download, and storage of custom-specific functionality modules (FMs) inside the secure boundary of the HSM.

Software Emulator

Developers can test and debug custom firmware from the convenience of a desktop computer with the full-featured software emulator, rounding out the flexible development tools. Additionally, test applications without the need to install a ProtectServer HSM. When ready, simply install the HSM and redirect communication to the hardware – no software changes are necessary.

Reliable Hardware

Benefit from superior performance with reliable, high quality components, and a common architecture for all ProtectServer HSMs.

FIPS 140-2 Level 3 Validated

ProtectServer HSMs contain a FIPS 140-2 Level 3 validated cryptographic module to perform secure cryptographic processing in a high-assurance fashion. Built for industry standard security applications, ProtectServer HSM functions within a tamper-protected environment, providing secure storage for highly sensitive information, cryptographic keys, PINs, and data.

Native Blockchain Algorithm Support

Encrypt digital wallets and sign blockchain entries with ProtectServer HSMs, which support BIP32, Milenage and Tuak algorithms and SECP256k1 elliptic curve.
Swappable Dual AC Power Supplies
ProtectServer 3+ External HSMs employ dual swappable AC power supplies for high-availability data centers to help protect against power failures, and enable business continuity by providing the ability to connect the appliance to two separate power sources to safeguard against the possible malfunction of one of the sources. This provides the necessary flexibility to perform maintenance, or replace a failed power supply or power feed with the assurance that your device will continue to operate.

ProtectServer 3 HSM is available in the following performance models to suit your needs:

ProtectServer 3 HSM



ProtectServer External 3+ HSM

PL 3500

3500 RSA 1024 tps

ProtectServer External 3 HSM

PL 25
PL 220
PL 3500

25 RSA 1024 tps
220 RSA 1024 tps
3500 RSA 1024 tps

ProtectServer PCIe HSM

PL 25
PL 220
PL 3500

25 RSA 1024 tps
220 RSA 1024 tps
3500 RSA 1024 tps


ProtectServer for Server and Web Applications Security

Sample Applications:

  • Encryption
  • User and data authentication
  • Message integrity
  • Secure key storage and key management for eCommerce
  • PKI
  • Document management
  • Electronic bill presentation and payment
  • Database encryption
  • Financial EFT transactions
  • Blockchain
  • and more

Security at a glance

  • Keys always remain in FIPS 140-2 Level 3-validated, tamper-evident hardware
  • Secure decommission
  • Audit Logging
  • Multifactor Authentication

Features & Benefits:

  • Programmable
    • Functionality Modules – allow custom firmware
  • Software Emulator
    • Flexible development tools, to debug custom firmware
    • Test applications without the need to install an actual HSM.
    • Seamless migration to an actual HSM with no software changes
  • Performance Options
    • Three Performance options (PL3500, PL220, PL25)
  • Reliability
    • High Availability (HA) / Work Load Distribution (WLD)
    • Dual Hot Swap Power Supplies (PSE 3+ HSM)
    • In-field upgrades
  • Easy Management
    • GUI and CLI management interfaces
    • Remote HSM management
  • Host-Interface
    • 4 Gigabit Ethernet ports with Port Bonding (PSE 3+ HSM)
    • 2 Gigabit Ethernet ports with Port Bonding (PSE 3 HSM)
  • Flexible Key Backup
    • Backup & Restore key material using Smart Cards