cpl.thalesgroup.

com

Thales ProtectServer 2 Network HSM

ProtectServer External 2 and
ProtectServer External 2+

Thales ProtectServer Network 2 Hardware Security

Modules (HSMs) are security hardened network crypto
servers designed to protect cryptographic keys against
compromise, while providing encryption, signing and
authentication services to security sensitive applications. ProtectServer External 2 HSM

Highly secure
ProtectServer Network HSMs include a cryptographic module
performing secure cryptographic processing in a high assurance
fashion. The appliances feature heavy-duty steel cases with
tamper-protected security that safeguard against physical attacks ProtectServer 2+ HSM
and deliver the highest level of physical and logical protection to
the storage and processing of highly sensitive information, such as flexible development tools, enabling developers to test and debug
cryptographic keys, PINS, and other data. Secure storage and custom firmware from the convenience of a desktop computer.
processing means cryptographic keys are never exposed outside This emulator also serves as an invaluable tool to test applications
the HSM in clear form, offering customers a level of security without the need to install a ProtectServer HSM. When ready, a
unavailable from software alternatives, while providing a certified developer simply installs the HSM and redirects communication to
level of confidentiality and integrity that meets the security demands the hardware — no software changes are necessary.
of industry organizations.

Easy management
Flexible programming
The intuitive graphic user interface (GUI) simplifies HSM device
ProtectServer HSMs offer a unique level of flexibility for application administration and key management using easy-to-understand
developers to create their own firmware and execute it within the navigation and user interaction. Urgent and time-critical
secure confines of the HSM. Known as functionality modules, the management tasks — such as key modification, addition, and
toolkits provide a comprehensive facility to develop and deploy deletion — can be securely performed from remote locations,
custom firmware. A full-featured software emulator rounds out the reducing management costs and response times.
ProtectServer 2+ HSM Convenience
In addition to the features and functionality provided by ProtectServer Smart cards provide the highest security and administrative
2 HSM, ProtectServer 2+ HSM employs dual swappable AC convenience for secure backup, recovery, and transfer of
power supplies to help high-availability data centers protect against cryptographic keys. Upgrades can be cost-effectively performed at
power failures, and enables business continuity by providing the the infield location, avoiding the expense of returning the product to
ability to connect the appliance to two separate power sources to the service location.
safeguard against the possible malfunction of one of the sources.
This provides the necessary flexibility to perform maintenance on or
replace a failed power supply or power feed with the assurance that
Technical specifications
your device will continue to operate. Operating Systems
• Windows, Linux, AIX, HP_UX, Solaris
Benefits Cryptographic APIs
Security
• PKCS#11, CAPI/CNG, JCA/JCE, JCProv, OpenSSL
• Physical tamper protection
Cryptographic Processing
• True Random Number Generation Asymmetric Algorithms
• Smartcard backup of key material
Performance • RSA (up to 4096 bit), DSA, ECDSA Diffie Hellman (DH), ECC
Brainpool Curves (named and user-defined), plus others
• Dual LAN
Symmetric Algorithms
• Up to 1500 RSA signings/sec
• WLD (Work Load Distribution) • AES, DES, 3DES, CAST-128, RC2, RC4, SEED, ARIA, BIP32
and SECP256k1, Milenage, plus others
• Multi-threaded APIs
Easy Management • Modes supported include ECB, CBC, OFB64, CFB-8 (BCF)
plus others
• Infield upgrade Hashing Algorithms
• GUI HSM interface
• Remote HSM Management • MD5, SHA-1, SHA-256, SHA- 384, SHA- 512, MD2,
RIPEMD128, RIPEMD160, DES MDC-2 PAD1
Extensive API support
Message Authentication Codes
• PSE2 available in 25, 220, and 1500 performance models
• PSE2+ available in 1500 performance model only • SHA-1, SHA-256, SHA-384, SHA-512, MD2, RIPEMD128,
RIPEMD160, DES MDC-2 PAD1, SSL3 MD5 MAC, AES MAC,
CAST-128 MAC, DES MAC, DES3 MAC, DES3 Retail CFB
High performance and scalability MAC, DES30x9.19 MAC, IDEA MAC, RC-2 MAC, SEED
MAC, ARIA MAC, VISA CVV
ProtectServer Network HSMs perform rapid processing of
cryptographic commands. Specialized cryptographic electronics Physical Characteristics
— including a dedicated data cipher micro-processor, memory, Dimensions
and a true Random Number Generator (RNG) — offloads the • 437 mm (W) x 270 mm (D) x 44 mm (H) (PSE2 model)
cryptographic processing from the host system, freeing it to respond
• 482.6mm (W) x 533.4mm (D) x 43.815mm (H) (PSE2+ model)
to more requests.
Power Consumption
ProtectServer Network HSMs are available in a broad range of
symmetric and asymmetric cryptographic performance levels to • 220/110 Volts switchable (PSE2 model)
meet a wide variety of security application processing requirements, • Dual swappable AC power supplies (PSE2+ model)
with speeds up to 1500 RSA signature operations per second. Temperature
The included dual-network interface optionally enables the
HSMs to be integrated on the same or different subnets, and to • Operating 0°C - 35°C
be shared between different networks in order to protect multiple Security Certifications
business domains or provide redundancy within a single network.
• FIPS 140-2 Level 3
© Thales - April 2020• BB. v16

In addition, high levels of scalability, reliability, redundancy,

and increased throughput can be easily achieved as there is no Safety and Environmental Compliance
restriction on the number of HSMs that can work in unison, or the • UL, CSA, CE
number of keys that can be managed.
• FCC, KC Mark, VCCI, CE
• RoHS, WEEE

> cpl.thalesgroup.com <

Contact us – For all office locations and contact information, please visit cpl.thalesgroup.com/contact-us