ProtectServer hardware security modules (HSMs) are designed to protect cryptographic keys against compromise while providing encryption, signing and authentication services to secure Java and sensitive web applications.

ProtectServer HSMs offer a unique level of flexibility for application developers to create their own firmware and execute it within the secure confines of the HSM. Known as functionality modules, the toolkits provide a comprehensive facility to develop and deploy custom firmware.

SafeNet ProtectServer at a Glance:

Customizable and Scalable

Available in a broad range of symmetric and asymmetric cryptographic performance levels, ProtectServer HSMS can be integrated on either the same or distinct sub-nets and be shared between different networks in order to protect multiple business domains.

Extensive APIs

Users and developers can facilitate seamless integration of cryptography and HSMs into a large array of pre-integrated third-party solutions or custom applications. The Customization Software Development Kit (ProtectProcessing) enables the development, download, and storage of custom-specific functionality modules (FMs) inside the secure boundary of the HSM.

Software Emulator

A full-featured software emulator rounds out the flexible development tools, enabling developers to test and debug custom firmware from the convenience of a desktop computer.

This emulator also serves as an invaluable tool to test applications without the need to install a ProtectServer HSM. When ready, a developer simply installs the HSM and redirects communication to the hardware – no software changes are necessary.

FIPS 140-2 Level 3 Validated

SafeNet ProtectServer HSMs contain a FIPS 140-2 Level 3 validated cryptographic module to perform secure cryptographic processing in a high-assurance fashion. Built for industry standard security applications, the ProtectServer HSM functions within a tamper-protected environment, providing secure storage for highly sensitive information, cryptographic keys, PINs, and data.

Operating System Support


OS Support

Windows, Linux,

Cryptographic Support



  • Asymmetric: RSA (1024-8192), DSA (1024-3072), Diffie-Hellman, KCDSA, Elliptic Curve Cryptography (ECDSA, ECDH, ECIES) with named, user-defined and Brainpool curves

  • Symmetric: AES, RC2, RC4, RC5, CAST, DES, Triple DES, ARIA, SEED

  • Hash/Message Digest/HMAC: SHA-1, SHA-2 (224-512), SSL3-MD5-MAC, SSL3-SHA-1-MAC

  • Random Number Generation: FIPS 140-2 approved DRBG (SP 800-90 CTR mode)


Crytographic APIs

PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL, JCProv

Physical Characteristics (Internal-Express)



4.16” x 6.63”

Power Consumption

+5V@3A max; +12V@0.2A max


Operating 0° to 40°C

Physical Characteristics (External)


Rack Mountable

Standard 19" EIA rack mount chassis (1U height)


437 mm(W) x 270 mm (D) x 44 mm (H)


3.1 kg

Power Consumption

220/110 Volts Switchable


Operating 0° to 40°C

Relative Humidity

5% to 95% (38°C) non-condensing

Security Certifications



FIPS 140-2 Level 2 and Level 3 (in process)

Safety and Environmental Compliance



  • UL, CSA, CE

  • FCC, KC Mark, VCCI, CE

  • RoHS, WEEE


ProtectServer for Server and Web Applications Security

Sample Use Cases:

  • Encryption
  • User and data authentication
  • Message integrity
  • Secure key storage and key management for eCommerce
  • PKI
  • Document managment
  • Electronic bill presentation and payment
  • Database encryption
  • Financial EFT transactions
  • And more


  • Dual LAN
  • Up to 600 RSA signings/sec
  • WLD (Work Load Distribution)
  • Multi-threaded APIs
  • GUI HSM admin interface
  • CMD line interface
  • Infield upgrade
  • Remote HSM management