Luna PCIe HSM

Thales Luna PCIe Hardware Security Modules (HSMs) can be embedded directly in an appliance or application server for an easy-to-integrate and cost-efficient solution for cryptographic acceleration and security. The high-security hardware design of Thales Luna PCIe HSM ensures the integrity and protection of encryption keys throughout their life cycle.

All digital signing and verification operations are performed within the HSM to increase performance and maintain security.

luna-pcie-card-2017

Overview

Meet Your Compliance Needs

Meet your compliance needs by leveraging our certified Thales Luna PCIe HSMs. As Thales’s sole focus is security, we make third-party certifications a priority.

Overcome Resource Constraints

As the need to provide security for resource constrained devices (smart phones, tablets, smart meters) grows, vendors must be able to provide solutions that leverage ECC algorithms. ECC algorithms offer high key strength, at a greatly reduced key length when compared to RSA keys.

Thales Luna PCIe HSM includes a wide range of hardware accelerated ECC algorithms, including custom curves, that can be used in the development of solutions.

Operational Cost Savings

Thales Luna PCIe HSM benefits from a robust and forward thinking feature set. These features – including remote management, secure transport, and remote backup – will greatly reduce the management and operational costs of a deployment that utilizes this HSM.

 

Specifications

OS Support

Windows, Linux

Cryptography

  • Full Suite B support
  • Asymmetric: RSA, DSA, Diffie-Hellman, Elliptic Curve Cryptography (ECDSA, ECDH, Ed25519, ECIES) with named, user-defined and Brainpool curves, KCDSA, and more
  • Symmetric: AES, AES-GCM, Triple DES, ARIA, SEED, RCS, RC4, RC5, CAST, and more
  • Hash/Message Digest/HMAC: SHA-1, SHA-2, SM3, and more
  • Key Derivation: SP800-108 Counter Mode
  • Key Wrapping: SP800-38F
  • Random Number Generation: Replace with: designed to comply with AIS 20/31 to DRG.4 using HW based true noise source alongside NIST 800-90A compliant CTR-DRBG

Crytographic APIs

PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL

Dimensions

Low Profile PCIe card, 2.74” x 6.57” x .074”
(69.6mm x 167mm x 187mm)

Power Consumption

18W maximum, 14W typical

Temperature

Operating 0° to 50°C

Host Interface

PCI-Express CEM 3.0, PCI, PCI Express Base 2.0

Certifications

FIPS 140-2 Level 3—Password and Multi-Factor (PED)

Safety & Environmental Compliance

  • UL, CSA, CE
  • FCC, CE, VCCI, C-TICK, KC MARK
  • RoHS2, WEEE
  • TAA

Management

MofN support for division of command

Dimensions

Low Profile PCIe card, 2.74” x 6.57” x .074”
(69.6mm x 167mm x 187mm)

Reliability 

  • Back/Restore
  • High Availability (HA)
  • Mean Time Between Failure (MTBF) 997,508 hours

Available Thales Luna PCIe HSM 7 Models


Thales Luna PCIe HSM “A” Series:

Thales Luna PCIe HSM A700, A750, and A790 offer FIPS 140-2 Level 3 Certification, and password authentication for easy management.

Thales Luna PCIe HSM “S” Series:

Thales Luna PCIe HSMs S700, S750, and S790 feature Multi-factor (PED) Authentication, for high-assurance use cases.

All Thales Luna PCIe HSMs offer the highest levels of performance. Across a breadth of algorithms including ECC, RSA, and symmetric transactions. Additional product highlights include key ownership regardless of the cloud environment, and multiple roles for strong separation of duties.

Algorithm

Luna Network HSM 700 Models

Luna Network HSM 750 Models

Luna Network HSM 790 Models

RSA-2048 signing ops

1 000

5 000
10 000

ECC P256 signing ops

2 000

10 000

20 000

AES-GCM small packet encryption ops

2 000

10 000

20 000