Network HSM / HSM Plus

Device Information HSM/HSM Plus

Heavy-duty steel appliance with tamper-protected security that safeguards against physical and logical attacks
Security hardened network crypto server designed to protect cryptographic keys against compromise, while providing encryption, signing and authentication services to security sensitive applications, including native Blockchain algorithm support

Hardware Security for Server & Web Applications

SafeNet ProtectServer Hardware Security Modules (HSMs) are designed to protect cryptographic keys against compromise while providing encryption, signing and authentication services to secure Java and sensitive web applications.

SafeNet ProtectServer HSMs offer a unique level of flexibility for application developers to create their own firmware and execute it within the secure confines of the HSM. Known as functionality modules, the toolkits provide a comprehensive facility to develop and deploy custom firmware.

Safenet ProtectServer at a Glance:

Customizable and Scalable

Available in a broad range of symmetric and asymmetric cryptographic performance levels, SafeNet ProtectServer HSMS can be integrated on either the same or distinct sub-nets and be shared between different networks in order to protect multiple business domains.

FIPS 140-2 Level 3 Validated

SafeNet ProtectServer HSMs contain a FIPS 140-2 Level 3 validated cryptographic module to perform secure cryptographic processing in a high-assurance fashion. Built for industry standard security applications, the SafeNet ProtectServer HSM functions within a tamper-protected environment, providing secure storage for highly sensitive information, cryptographic keys, PINs, and data.

Extensive APIs

Users and developers can facilitate seamless integration of cryptography and HSMs into a large array of pre-integrated third-party solutions or custom applications. The Customization Software Development Kit (ProtectProcessing) enables the development, download, and storage of custom-specific functionality modules (FMs) inside the secure boundary of the HSM.

Native Blockchain Algorithm Support

SafeNet ProtectServer Network HSMs now support the BIP32 algorithm, which is widely used as the standard to encrypt digital wallets. Also, support for the SECP256k1 elliptic curve has been added, which is used for signing entries in Blockchain.

Software Emulator

UA full-featured software emulator rounds out the flexible development tools, enabling developers to test and debug custom firmware from the convenience of a desktop computer.

This emulator also serves as an invaluable tool to test applications without the need to install a SafeNet ProtectServer HSM. When ready, a developer simply installs the HSM and redirects communication to the hardware – no software changes are necessary.

Swappable Dual AC Power Supplies

SafeNet ProtectServer Network HSMs employ dual swappable AC power supplies for high-availability data centers to help protect against power failures, and enable business continuity by providing the ability to connect the appliance to two separate power sources to safeguard against the possible malfunction of one of the sources. This provides the necessary flexibility to perform maintenance on or replace a failed power supply or power feed with the assurance that your device will continue to operate.

Additional Information

SafeNet Luna Network HSM 7 Specifications:
OS SupportWindows, Linux, Solaris, AIX
Virtual: VMware, Hyper-V, Xen, KVM
CryptographyFull Suite B support
Asymmetric: RSA, DSA, Diffie-Hellman, Elliptic Curve Cryptography (ECDSA, ECDH, Ed25519, ECIES) with named, user-defined and Brainpool curves, KCDSA, and more
Symmetric: AES, AES-GCM, DES, Triple DES, ARIA, SEED, RC2, RC4, RC5, CAST, and more
Hash/Message Digest/HMAC: SHA-1, SHA-2, SM3, and more
Key Derivation: SP800-108 Counter Mode
Key Wrapping: SP800-38F
Random Number Generation: designed to comply with AIS 20/31 to DRG.4 using HW based true noise source alongside NIST 800-90A compliant CTR-DRBG
Crytographic APIsPKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
REST API for Administration
Rack MountableStandard 1U 19" rack mount appliance
Dimensions 19” x 21” x 1.725” (482.6mm x 533.4mm x 43.815mm)
Weight28lb (12.7kg)
Input Voltage 100-240V, 50-60Hz
Power Consumption110W maximum, 84W typical
Temperature Operating 0° to 35°C, storage - 20° to 60°C
Relative Humidity5% to 95% (38°C) non-condensing
Reliability2 dual hot-swap power supplies
Field-servicable components
Mean Time Between Failure (MTBF) 171,308 hrs
CertificationsFIPS 140-2 Level 3 – Password and multi-factor (PED)
ComplianceUL, CSA, CE
Host-Interface4 Gigabit Ethernet ports with Port Bonding IPv4 and IPv6
ManagementM of N support for division of command
HA disaster recovery