Hardware Security

for Servers and Applications,

Thales ProtectServer 3 HSM

Hardware Security Module (HSM)

Thales ProtectServer 3 HSM

Thales ProtectServer 3 Network HSM is a network-based hardware security module used to securely protect enterprise digital assets and meet security requirements.

It provides a wide range of security functions—such as secure key management, encryption, digital signatures, and authentication—to strengthen data security and ensure regulatory compliance.

#HSM #Thales

Thales ProtectServer HSM delivers high-performance cryptographic services—encryption, signing, and authentication—while strongly protecting cryptographic keys through robust physical and logical safeguards.

It enables comprehensive defense of critical assets. In addition, developers can build and deploy custom firmware (functional modules) that run inside the HSM, allowing organizations
to flexibly extend capabilities within the security boundary while ensuring both security and performance.

Key Features

Custom extensibility and development tools

• Develop and deploy custom firmware running inside the HSM through Functional Modules (FM), enabling security logic tailored to specific application requirements.
• Use the provided software emulator and SDK to test and debug firmware on a desktop and migrate seamlessly to hardware without software changes when deploying to production devices.

Strong security and compliance foundation

• Keep cryptographic keys at all times inside tamper-responsive hardware validated to FIPS 140-2 Level 3, minimizing key exposure risk
• Provide operational and audit security features—secure decommissioning, audit logging,
multi-factor authentication—to meet compliance and governance requirements.

Performance, availability, and flexible operational options

• Choose performance options (e.g., PL3500/PL220/PL25) to match workloads such as SSL/TLS, large-scale code signing, and blockchain signing
• Enable stable, scalable operations with high availability (HA), workload distribution(WLD), dual hot-swappable power supplies, multiple Ethernet ports (port bonding), and flexible backups (smartcard-based).

Key Capabilities

Custom extensibility and high availability

• Place HSMs on the same or separate subnets to centrally protect multiple business domains, thereby improving scalability.
• High-availability design, such as dual replaceable AC power supplies, ensures service continuity even during power failures.

Rich integration APIs and custom firmware support

• Provide a broad set of APIs for seamless integration with pre-integrated third-party solutions and custom applications.
• Enable feature expansion tailored to business requirements by developing and deploying custom firmware within the HSM using the SDK and Functional Modules (FM).

Trusted hardware and validated security

• Equipped with a FIPS 140-2 Level 3 validated cryptographic module that securely stores and processes sensitive information and keys in a tamper-resistant environment.
• Utilizes high-quality components and a consistent architecture to deliver stable performance, making it suitable for enterprise-grade security applications.