HSM Application Integration

Expertly integrate your applications with Thales HSMs

Organizations taking advantage of nShield and payShield hardware security modules (HSMs) frequently require custom code to integrate cryptographic capabilities into their applications.

Secure coding requires special skill; developers must be careful to utilize best practices and avoid introducing security risks and performance bottlenecks. For organizations that do not have in-house staff with secure coding skills, or need to supplement their teams with additional capacity and expertise, Thales ASG offers expert custom development services that can accelerate projects and deliver secure and efficient results.

You can work with Thales ASG in whatever way best meets your needs. As experts in Thales products and development toolkits, we can provide advice and knowledge transfer, work alongside your team to add capacity for critical projects, or complete your custom integration from start to finish. However you choose to work with us, you can be assured of expert professional help that shortens development cycles, raises your team’s security awareness, and ensures that you receive the best possible return on your investment in security solutions.

In situations where you plan to do most or all of your own application integration, Thales ASG provides a number of services and tools to support your efforts. These include:

Development toolkits.

Thales offers two optional application integration toolkits:

  • With the CipherTools Developer Toolkit, you can take full advantage of the advanced capabilities offered by the nShield HSM family as you integrate HSMs with your applications. The toolkit contains detailed tutorials and reference documentation, sample programs written in a range of high level languages, and additional versions of libraries to expand capabilities for integration with business applications beyond those that can be achieved by the standard application program interfaces (APIs).
  • The CodeSafe Developer Toolkit enables application developers to write programs that are securely loaded and executed within the secure environment of the nShield HSM, protecting them from malware and Trojans attacks on host systems. CodeSafe provides an application “sand box” setting where code can be validated for integrity and authorized to execute in a tamper-resistant manner—ideal for applications residing in untrustworthy locations.

Integration guides.

For commonly encountered integration tasks, Thales has prepared guides that can help your team save time and avoid common pitfalls by utilizing best practices for integrating nShield and payShield HSMs with specific commercial software applications.

Developer support.

To ensure that you can obtain the help you need when you need it, Thales offers multiple levels of support contracts, including developer support, giving you access to experts in Thales products, developer toolkits, and APIs.

HSM Application Code Review service.

Thales ASG experts can review your application code and make recommendations to mitigate potential security risks or improve efficiency.

image description

Custom development service

Accelerate time-critical projects by compressing the learning curve, and deliver secure and efficient results.

image description

Flexible range of services

Our team works with you to add capacity for critical projects, complete your custom integration from start to finish, or provide advice and knowledge transfer if that’s your need.

image description

Strong support

Engage as much or as little help as you need to integrate cryptographic capabilities into your applications.

Additional Resources

Data Sheet : ASG Encryption Application Code Review Services

"Your code may well work, but it may also inadvertently expose your business to expensive and commercially damaging security vulnerabilities... Developing and deploying bespoke code has both advantages and disadvantages for your business. Yes, it enables your business to specify and control a specific application from development to deployment, but as organizations are increasingly turning to specialized encryption technology and encryption libraries to secure their data; security assurance mechanisms are necessary to ensure proper integration into the environment without compromising your existing or proposed security infrastructure."


Data Sheet : CodeSafe

"The Thales CodeSafe developer toolkit provides the unique capability to move sensitive applications within the protected perimeter of a FIPS 140-2 Level 3 certified nShield hardware security module (HSM). Business applications running on host servers are increasingly vulnerable to a variety of attacks and advanced persistent threats(APTs) that can compromise critical operations and lead to massive costs and disruption of services. While sensitive applications often employ cryptographic mechanisms to protect sensitive data, these applications can still be the target of attack by APTs and vulnerable to manipulation unless protected within a hardened environment."


Data Sheet : nShield Connect

"The nShield Connect is the premier network-attached hardware security module (HSM) in the Thales family of high security data protection solutions. The nShield Connect is the most cost-effective way to establish the appropriate levels of physical and logical controls for server-based systems where software-based security features are considered to be inadequate. In the face of evolving compliance requirements and general standards of due care, the use of nShield HSMs provides a tangible measure of security within the traditional data center, virtualized environments and for cloud-based services"


Data Sheet : PayShield 9000

Thales payShield 9000 is a hardware security (HSM) payment module that provides the cryptographic protection required for ATM, point of sale (POS), credit and debit card issuance, and processing Of transactions. Encryption and management functionality meets or exceeds the operational and security requirements of the major international card system, including American Express, Discover, JCB, MasterCard, UnionPay and Visa. It is deployed as an external peripheral for mainframes and servers running card issuance applications, mobile platform provisioning, and payment processing software for the electronic payment industry.

Watch our interactive demo Explore
Schedule a live demo Schedule
Get in contact with a specialist Contact us