Thales Solutions
Thales is a global company employing approximately 80,000 people worldwide, with an estimated annual revenue of around 21 billion USD. The company is partly owned by the French government and operates across a wide range of domains, including aerospace, air traffic control systems, aviation, rail transportation, and information security.
QSM is a Platinum Partner of Thales and serves as a reseller of Thales information security and authentication products in Israel. The partnership between QSM and Thales began in 2019, following the announcement by DocuSign of the end of life (EOL) of its HSM products. As a result, a large-scale migration process was initiated to transition the Israeli financial system from DocuSign encryption solutions to Thales HSM products.
This migration was complex and, beyond upgrading physical HSM infrastructure, required significant software development to adapt QSM products and customer systems to operate with the new Thales HSM platforms. The migration process was exceptional in scope on a global scale. Within a few years, QSM, in collaboration with Thales, successfully completed the full migration of the Israeli financial system.
As part of this collaboration, QSM identified issues with Thales products, leading to the release of multiple software fixes and updates. The partnership expanded to include close cooperation with Thales’ development teams, HSM and information security support teams, and over time, QSM also began distributing Thales authentication products in Israel.
PayShield 10K & Remote manager
The PayShield 10K HSM is a leading financial Hardware Security Module (HSM) widely used by major banks worldwide. Approximately 80% of global financial transactions are processed using payShield HSM platforms.
The payShield HSM provides built-in support for financial cryptographic algorithms in accordance with international regulatory requirements, including:
- PIN verification
- PIN block translation
- EMV validation, including ARQC verification and/or ARPC generation
Card issuing functions - PIN mailer printing
The payShield HSM complies with the most stringent international security standards, including FIPS 140-3 Level 3, PCI Level ?, and additional regulatory requirements.
The payShield 10K model introduces remote management capabilities through payShield Remote Manager, allowing secure remote operation and administration of HSM servers. This functionality eliminates the need for customer teams to access data centers for routine management, maintenance, and operational tasks, while maintaining strict dual control security mechanisms using dedicated smart cards.
The encryption certificate and the master encryption key can be split into multiple key shares stored on separate smart cards, using an M-of-N key management scheme.
Luna Network HSM
Luna Network HSM is a leading general-purpose Hardware Security Module (HSM) used for a wide range of cryptographic operations, including encryption (Encrypt), decryption (Decrypt), signing, and verification (Sign & Verify), among others.
The device is designed for tamper-resistant environments, providing protection against physical attacks and incorporating advanced authentication controls, partition management, and layered security mechanisms.
Luna Network HSM is also commonly deployed as an HSM platform for Certificate Authority (CA) systems, supporting secure key and certificate generation and storing them in an encrypted internal database.
For specialized cryptographic operations that are not supported out of the box, secure software code can be imported into the HSM to extend its functionality. This capability also enables the implementation of custom logic within cryptographic processes.
An additional security layer can be enabled through a dedicated PED (PIN Entry Device), enforcing dual control authentication prior to executing sensitive operations. Operational permissions are distributed among predefined roles, with each role authenticated using a dedicated assigned token.
Compliance and Certifications:
- Certified to FIPS 140-3 Level 3
- Approved as a Qualified Signature Creation Device (QSCD) for eIDAS compliance
- Built-in support for post-quantum cryptographic algorithms
CipherTrust Data Security Platform
CipherTrust by Thales is a comprehensive, centralized platform for protecting sensitive data. It supports data discovery and classification, encryption, key and secrets management, and centralized policy control. CipherTrust is designed to help organizations address regulatory compliance requirements, secure data in cloud environments, and provide advanced protection for files and databases.
CipherTrust is suitable for a wide range of deployment environments and integrates with platforms such as AWS, Azure, GCP, Oracle, Kubernetes, and others.
The platform provides transparent file-system–level encryption and real-time protection for files, directories, and databases, without requiring application changes.
HSE – High-Speed Network Encryption
High Speed Encryption (HSE) is a hardware- and virtual-based solution for high-performance network traffic encryption (Data in Motion), supporting speeds of up to 100 Gbps. The solution is designed to secure links between sites, data centers, cloud environments, and the transfer of critical data.
Key Capabilities:
- Network traffic encryption at Layer 2 (L2), Layer 3 (L3), and Layer 4 (L4), with minimal performance impact
- Very high throughput, supporting up to 100 Gbps on a single device
- Crypto-agile architecture, supporting classical cryptographic algorithms and enabling a transition toward quantum-safe protections
- Support for complex network protocols and environments, including WAN, MPLS, SD-WAN, and more.