Thales ProtectServer3 Network HSM

Thales ProtectServer3 Network HSM

The device is the next incarnation of a line of HSM modules developed for more than two decades. Over the years, HSM ProtectServer devices have grown in functionality and speed and have reached the status of a mature solution. Compared to other HSM class solutions, it is a complete and flexible device with a great value for money. HSM comes in the form of a network appliance. Two models are available: ProtectServer 3 External HSM and ProtectServer 3+ External HSM. The former is the entry-level model, available in all performance options. The 3+ model is designed for the most demanding applications. It is equipped with a chassis with two independent power supplies, making it independent of failure of this component. The power supplies are in the form of easily replaceable components. Model 3+ is only available in the fastest performance version.


Security is an essential parameter for any HSM module. The ProtectServer series has achieved FIPS 140-2 Level 3 certification, which confirms that high standards are met. The device is also protected against physical tampering in such a way that if a breach of the module’s integrity is detected, the memory containing secrets is erased, which protects confidential information from being exposed.


An internal specialized microprocessor, designed for cryptographic operations, makes it possible to perform cryptographic operations easily and quickly. The device is offered in three performance versions, performing 25, 220 and 3,500 operations per second with an RSA 1024-bit key, respectively, allowing you to choose an option suitable for your existing requirements. The offered performance range is sufficient for most typical applications. HSM also supports longer RSA keys of 2048 and 4096 bits as well as other asymmetric and symmetric algorithms.


The various software interfaces available, allow you to integrate ProtectServer into any environment via PKCS#11, Java JCA/JCE or Microsoft CryptoAPI depending on your specific needs and environment requirements. Management is greatly simplified by an intuitive graphical interface and command line commands.

ProtestServer has a unique ability to run software modules in a secure environment, inside the HSM module. The manufacturer offers a number of tools to efficiently develop software both using the HSM as an external device and software to run inside the module. Also present in the toolkit is a software simulator for the HSM module.


Supported cryptographic algorithms
Symmetric algorithmsAES, AES-GCM, AES-CCM, Triple DES, DES, CAST 128, RC2, RC4, SEED, ARIA
Asymmetric algorithmsRSA, DSA, Diffie-Hellman, Elliptic Curve Cryptography (ECDSA, ECDH, Ed25519) with named,userdefined and Brainpool curves
HASH algorithmsSHA-1, SHA-2, SHA-3, MD5, MD2, RIPEMD 128, RIPEMD 160, DES MDC2 PAD1
Technical specification
Physical characteristicsPSE3: 437mm x 270mm x44
PSE3+: 482,6mm x 533,4mm x43,8
Supported OS*Windows, Linux
Microsoft CryptoAPI/CNG
Certifications &CompliancesFIPS 140-2 level 3
* Contact us in order to obtain detailed information regarding support for a specific OS version