Hardware Security Modules (HSMs)

Hardware security modules (HSMs) from Thales e-Security provide a hardened, tamper-resistant environment for performing secure cryptographic processing, key protection, and key management. With these devices you can deploy high assurance security solutions that satisfy widely established and emerging standards of due care for cryptographic systems and practices—while also maintaining high levels of operational efficiency. Use our HSMs with a wide variety of commercial software products and in-house or custom developed software systems. For virtually any system that employs cryptography in the form of encryption and digital signatures, a Thales HSM will enable you to overcome the security vulnerabilities and performance challenges typically associated with software-only cryptography. With HSMs from Thales, you buy only the capacity you need and can scale your solution easily as your requirements evolve. 

All Thales HSMs are certified by independent authorities, establishing quantifiable security benchmarks that give you confidence in your ability to support compliance mandates and internal policies. These HSMs are available in multiple form factors to support all common deployment scenarios ranging from portable devices to high-performance data center appliances. Turn to nShield HSMs for general-purpose security, and turn to payShield 9000 for leading payment system security. Whichever HSMs you choose, you will gain confidence in system security and streamline administration and regulatory compliance.

The nShield™ Family of General Purpose HSMs 

nShield general purpose HSMs from Thales provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application—from identity management, web services and database encryption to tokenization, PKI services and strong authentication. The nShield HSM product line is pre-tested to integrate with a wide range of commercial security solutions from partners such as Microsoft. All nShield HSMs feature Thales’ market-leading Security World key management architecture—proven technology that protects application keys within the safe confines of the HSM, yet allows them to be managed in a straightforward and convenient manner, delivering an ideal combination of high assurance and operational ease. nShield HSMs substantially reduce the risk of human administrative error while guaranteeing key recovery and eliminating single points of failure. Most nShield HSMs also support the unique ability to host critical application software within the hardened security boundary, so you can establish tamper-resistant business processes in addition to protecting cryptographic operations.

The payShield Family of Payment HSMs

payShield 9000 from Thales is a proven HSM that is dedicated to the payment industry for transaction processing and key management. Thales payment HSMs are the most widely deployed in the world, used in an estimated 80% of payment card transactions. payShield 9000 provides features to support the latest card scheme payment applications for contact chip, contactless chip, and mobile secure elements and to support evolving standards from leading industry organizations including PCI SSC, Global Platform, and Multos International. The Key Management Device (KMD) and Remote HSM Manager are valuable companion products to the payShield 9000. The KMD for payment HSMs is a compact tamper-resistant security module (TRSM) that enables keys to be formed securely from separate components. Enabling this critical task to be carried out without any physical connection to a production HSM, KMD increases flexibility while streamlining operations. Remote HSM Manager supports secure remote monitoring and management of Thales payment HSMs, enabling organizations to reduce operating costs by streamlining and centralizing their administration.

  • nShield Connect nShield Connect

    • High-performance network-attached HSM
    • Delivers secure cryptographic services as a shared resource for distributed application instances and virtual machines
    • Features redundant hardware and is suitable for high-availability data centers.

    Product Detail
  • nShield Solo nShield Solo

    • Server-embedded HSM, provided as a PCI or PCIe card
    • Delivers dedicated cryptographic offload and acceleration capability to satisfy the highest performance requirements
    • Ideal for use within security appliances to achieve FIPS grade security hardening

    Product Detail
  • Edge nShield Edge

    • Portable, cost effective, USB-attached HSM
    • Delivers hardened security in a form factor that is convenient for use with low volume applications such as offline Certificate Authorities
    • Ideal for workstation or laptop-based operations such as developer code signing or administrative tasks

    Product Detail
  • payShield9000 payShield 9000

    • Proven HSM specifically designed for card issuing and payment processing
    • Supports all major payment applications
    • Maximizes business continuity
    • Streamlines deployment and maintenance and reduces the cost of compliance

    Product Detail
  • RemoteHSMmanage Remote HSM Manager

    • Eliminates travel to data centers, reducing costs and accelerating operations
    • Improves control by centralizing management of payment HSMs
    • Provides 24x7 access
    • Streamlines execution of common management tasks
    • Works with payShield 9000 and other Thales payment HSMs

    Product Detail
  • Device Key Management Device

    • Reduces operating costs by streamlining key management
    • Works with payShield 9000 and other Thales payment HSMs
    • Complies with ANSI/ISO key management standards to simplify security audits
    • Maximizes flexibility by managing keys for multiple HSMs

    Product Detail