Default banner

Thales Luna PCIe HSM

Cryptographic Acceleration from an Embedded HSM

Thales Luna PCIe HSM – Cryptographic Acceleration from an Embedded HSM

PCIe Hardware Security ModulesThales Luna PCIe Hardware Security Modules (HSMs) can be embedded directly in an appliance or application server for an easy-to-integrate and cost-efficient solution for cryptographic acceleration and security.  The high-security hardware design of Thales Luna PCIe HSM ensures the integrity and protection of encryption keys throughout their life cycle.

All digital signing and verification operations are performed within the HSM to increase performance and maintain security.

Download the Thales Luna PCIe HSM 7 Product Brief

  • Overview
  • Features
  • Specifications

Thales Luna PCIe HSM at a Glance:

Meet Your Compliance Needs

Meet your compliance needs by leveraging our certified Thales Luna PCIe HSMs. As Thales's sole focus is security, we make third-party certifications a priority.

Overcome Resource Constraints

As the need to provide security for resource constrained devices (smart phones, tablets, smart meters) grows, vendors must be able to provide solutions that leverage ECC algorithms. ECC algorithms offer high key strength, at a greatly reduced key length when compared to RSA keys.

Thales Luna PCIe HSM includes a wide range of hardware accelerated ECC algorithms, including custom curves, that can be used in the development of solutions.

Operational Cost Savings

Thales Luna PCIe HSM benefits from a robust and forward thinking feature set. These features – including remote management, secure transport and remote backup – will greatly reduce the management and operational costs of a deployment that utilises this HSM.

 

Partner spotlight:
Microsoft Forefront TMG

microsoftMicrosoft Forefront Threat Management Gateway (TMG), the company's secure web gateway, integrates with SafeNet Luna PCIe HSMs to secure SSL transactions by storing master SSL private keys in Thales's FIPS 140 validated tamper-proof hardware appliance.

The Thales Luna PCIe HSM integration also significantly improves server performance by offloading resource-intensive cryptographic operations to the purpose-built encryption appliance.

Learn more about this partnership

Explore our technology partners

Download the Thales Luna PCIe HSM 7 Product Brief

Thales PCIe HSM features and benefits

Luna HSM vault

Sample Applications:

  • PKI Certificate Signing & Validation
  • SSL & TLS
  • Storage (online CA keys & offline CA keys)
  • Smart Card Issuance and Management
  • Code and Document Signing
  • Database and File Encryption
  • Email Encryption
  • Infrastructure Security
  • DNSSEC
  • Identity and Rights Management
  • Key Management
  • Cryptographic Acceleration
  • Timestamping
  • Secure Manufacturing
  • Blockchain
  • Internet of Things (IoT)

Security at a Glance:

  • Keys in hardware
  • Remote Management
  • Meet compliance needs for GDPR, HIPAA, PCI-DSS, eIDAS and more
  • Multi-level access control
  • Multi-part splits for all access control keys
  • Intrusion-resistant, tamper evident hardware
  • Secure Audit Logging
  • Strongest cryptographic algorithms
  • Suite B algorithm support
  • Secure decommission

Features:

  • Intrusion-resistant, tamper evident hardware
  • Field Serviceable Components
  • Software upgradable
  • Multiple Roles for Administration
  • Strong Separation of Duties
  • Load Balancing and Scalability

Download the Thales Luna PCIe HSM 7 Product Brief

 

Thales Luna PCIe HSM 7 Specifications

Specifications listed below are for Thales Luna PCIe HSM 7.
 

Feature

Details

OS supportWindows, Linux
Cryptography
  • Full Suite B support
  • Asymmetric: RSA, DSA, Diffie-Hellman, Elliptic Curve Cryptography (ECDSA, ECDH, Ed25519, ECIES) with named, user-defined and Brainpool curves, KCDSA and more
  • Symmetric: AES, AES-GCM, Triple DES, ARIA, SEED, RCS, RC4, RC5, CAST and more
  • Hash/Message Digest/HMAC: SHA-1, SHA-2, SM3 and more
  • Key Derivation: SP800-108 Counter Mode
  • Key Wrapping: SP800-38F
  • Random Number Generation: Replace with: designed to comply with AIS 20/31 to DRG.4 using HW based true noise source alongside NIST 800-90A compliant CTR-DRBG
Cryptographic APIsPKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
DimensionsLow profile PCIe card, 2.74” x 6.57” x 0.74”
(69.6mm x 167mm x 187mm)
Power consumption18W maximum, 14W typical
TemperatureOperating 0° to 50°C
Host InterfacePCI-Express CEM 3.0, PCI, PCI Express Base 2.0
Security certifications
  • FIPS 140-2 level 3 validated – password and multi-factor (PED)
  • FIPS 140-3 validated – password and multi-factor (PED)
  • Common Criteria EAL4+ (AVA_VAN.5 and ALC_FLR.2) certified against the protection profile EN 419 221-5
  • Listed as Qualified Signature or Seal Creation Device (QSCD for either remote or local signing as part of an eIDAS compliant deployment)
  • NIST SP 800-90 A/B/C certified
  • AIS 20/31 compliant to DRG.4
  • Singapore NITES certified
  • Brazil INMETRO approved (formerly ITI)
  • NATO approved for use up to Restricted
  • Other regional certifications (ask your local Thales representative)
Safety & environmental compliance
  • UL, CSA, CE
  • FCC, CE, VCCI, C-TICK, KC Mark
  • RoHS2, WEEE
  • TAA
  • India BIS [IS 13252 (Part 1)/IEC 60950-1]
ManagementMofN support for division of command
DimensionsLow profile PCIe card, 2.74” x 6.57” x 0.74”
(69.6mm x 167mm x 187mm)
Reliability 
  • Back/Restore
  • High Availability (HA)
  • Mean Time Between Failure (MTBF) 997,508 hours

 

Available Thales Luna PCIe HSM 7 Models


Thales Luna PCIe HSM "A" Series:

Thales Luna PCIe HSM A700, A750, and A790 are FIPS 140-2 Level 3 and FIPS 140-3 Level 3 validated, and password authentication for easy management.

Thales Luna PCIe HSM “S” Series:

Thales Luna PCIe HSMs S700, S750, and S790 feature Multi-factor (PED) Authentication, for high-assurance use cases.

All Thales Luna PCIe HSMs offer the highest levels of performance. Across a breadth of algorithms including ECC, RSA, and symmetric transactions. Additional product highlights include key ownership regardless of the cloud environment and multiple roles for strong separation of duties.

Algorithm

Thales Luna PCIe HSM 700 Models

Thales Luna PCIe HSM 750 Models

Thales Luna PCIe HSM 790 mModels

RSA-2048 signing ops1,000 tps5,000 tps10,000 tps
ECC P256 signing ops2,000 tps10,000 tps20,000 tps
AES-GCM small packet encryption ops2,000 tps10,000 tps20,000 tps

tps = transactions per second

Download the Thales Luna PCIe HSM 7 Product Brief