The FIPS-certified(certificate # 2488 and 2489) Luna PCI-E for Government is the fastest and most secure cryptographic accelerator card in the industry. Designed for authentication, signing and key Issuance, Luna PCI-E for Government is ideal for use as an embedded HSM in servers or appliances. Derived from industry leading technology, the Luna PCI-E for Government is manufactured, sold, and supported exclusively by Thales Trusted Cyber Technologies (TCT).
Secure Hardware Key Management
The high assurance design of Luna PCI-E for Government offers dedicated hardware key management to protect sensitive cryptographic keys throughout the key lifecycle. The internal security architecture of Luna PCI-E for Government provides an unprecedented level of security for the keys and sensitive data generated, utilized, and stored within the HSM. At the core of Luna PCI-E for Government is the SafeXcel 3120, a robust, fail-safe security system on a chip used to protect internal keys and sensitive data. This defense-in-depth architecture isolates plaintext key material from the HSM’s primary firmware by further encrypting internal keys with a key that exists only in the SafeXcel hardware.
Embed the TCT Luna General Purpose HSM Feature Set for Operational Cost Savings
Luna PCI-E for Government benefits from a robust and forward thinking feature set. These features, including remote management, secure transport, and remote backup, will greatly reduce the management and operational costs of a solution that utilizes Luna PCI-E for Government.
High-Availability and Scalability
Multiple Luna PCI-E for Government cards can be grouped together in the same server to provide high availability, load balancing and scalable performance. The HA Group technology shares the transaction load, synchronizes data among members of the group, and redistributes the processing capacity in the event of failure in a member card to maintain uninterrupted service. The HA capability also enables easy recovery when a unit returns to service. Luna PCI-E for Government also includes API support for synchronization of keys between cards in different servers. Using this API, organizations can create their own high-availability setup.
Flexible Backup and Disaster Recovery Options
Luna PCI-E for Government provides secure, auditable and flexible options to simplify backup, duplication, and disaster recovery. Key backups can be performed locally or remotely to the Luna Backup HSM, Small Form Factor eTokens or other Luna HSMs.
Develop Solutions for Resource Constrained Environments with ECC Support
As the need to provide security for resource constrained devices (smart phones, tablets, smart meters) grows, vendors must be able to provide solutions that leverage ECC algorithms. ECC offers high key strength, at a greatly reduced key length when compared to RSA keys. Luna PCI-E for Government offers hardware accelerated ECC algorithms that can be used in the development of solutions without the need to purchase additional licenses.
The Luna PCI-E for Government has received FIPS 140-2 Level 2 and 3 validation from the National Institution of Standards and Technology (NIST). This validation signifies that TCT’s Luna HSMs for Government comply with these stringent standards.
Common Luna Domain
All Luna HSMs benefit from a Common Luna Architecture where the supported client, APIs, algorithms, and authentication methods are consistent across the entire Luna HSM product line. This eliminates the need to design applications around a specific HSM, and provides the flexibility to move keys from form factor to form factor.
Available in Two Performance Models
Luna PCI-E for Government is available in two performance models; Luna PCI-E for Government 7000 and Luna PCI-E for Government 1700. Luna PCI-E for Government 7000 is a high performance HSM capable of best in class performance across a breadth of algorithms including ECC, RSA, and symmetric transactions. The low performance variant, Luna PCI-E for Government 1700, is capable of 1700 RSA 1024-bit transactions per second.
|Algorithm||Luna PCI-E 1700||Luna PCI-E7000|
|RSA-1024||1,700 tps||7,000 tps|
|RSA-2048||360 tps||1,200 tps|
|ECC P256||580 tps||2,000 tps|
|AES-GCM||3,600 tps||3,600 tps|
|Luna PCI-E for Government Product Brief
Product overview with technical features and specifications.
|Roots of Trust: Five Things You Must Know
The term Root of Trust (RoT) is commonly used in information security circles, but what does it mean? Why do we care? How does it apply to cryptographic controls? Modern computer systems are incredibly powerful and flexible. They can be molded to accomplish things that were unimaginable a mere decade ago. This same property makes them almost impossible to control and all too easy for malicious actors to find ways to disrupt them. To counter these threats, security experts have resorted to a wide range of cryptographic tools, and for these tools to function they need a trust worthy beginning.
|Best Practices for Cryptographic Key Management
Once data is encrypted, the only way to gain access is by decrypting or unlocking secret content using the key. Haphazardly protecting these keys negates the entire process of encryption and creates a false sense of security. This white paper outlines best practices for deploying an effective cryptographic key management strategy.