Thales TCT Luna PCIe Hardware Security Module

Luna T-Series models offer secure storage of your cryptographic information in a controlled and highly secure environment. All Luna T-Series models can be initialized by the customer to protect proprietary information by using either multifactor (PED) authentication or password authentication.

INDUSTRY LEADING PERFORMANCE & SECURITY

  • Industry leading cryptographic performance
  • Performance optimized for government mandated algorithms and key lengths
  • Up to 10 times the performance as compared to Luna PCIe for Government
  • Keys-in-hardware approach protects the entire life-cycle of keys within the FIPS 140-2 validated confines of the HSM
  • Addresses compliance requirements with FIPS 140-2 Level 3 certification
  • Approved by CNSS for use in National Security Systems PKI

UPGRADE DEPLOYED CRYPTOGRAPHIC MODULES

The T-Series of Luna PCIe HSMs was designed from the ground up as a drop-in replacement for the widely deployed Luna PCIe for Government HSMs. Using state of the art technology, the Luna PCIe HSM provides an order of magnitude improved performance compared to the Luna PCIe for Government while still providing the industry leading security features that government customers have relied on for decades.

QUANTUM ENHANCED KEYS

By embedding a quantum random number generator (QRNG) chip within the Luna HSM, Thales TCT is offering the industry’s first FIPS 140-2 compliant HSM capable of generating quantum enhanced keys. Using principles of quantum physics, the QRNG chip produces high quality entropy which is the basis for all random numbers and cryptographic keys generated by the HSM.  With a choice of operating the HSM in FIPS-approved mode using either the embedded, classic physical RNG or the embedded quantum RNG, customers can dynamically change between classical key generation and quantum enhanced keys as threats emerge over time.

LEARN MORE ABOUT QUANTUM ENHANCED KEYS

Available Models

Luna PCIe HSM T-2000 Luna PCIe HSM T-5000
  • Standard performance
  • 16MB memory
  • RSA 2048 1,400 tps
  • RSA 4096 350 tps
  • ECC P-256 3,000 tps
  • ECC P-384 2,000 tps
  • Enterprise-level performance
  • 32 MB memory
  • RSA 2048 14,000 tps
  • RSA 4096 3,500 tps
  • ECC P-256 16,000 tps
  • ECC P-384 16,000 tps

Features & Benefits

EASY TRANSITION FOR DEPLOYED SOLUTIONS

  • Backward compatible with deployed applications
  • Zero changes required to applications integrated with Luna PCIe for Government
  • Migrate keys from Luna PCIe for Government to T-Series HSM

CRYPTO AGILE

  • Crypto agile architecture supports in-field introduction of new crypto algorithms
  • Large amounts of memory (inside the crypto module) support growth to larger key sizes
  • CPU capabilities support new, compute intensive algorithms and features

BROAD INTEGRATION ECOSYSTEM

  • Large number of integrations with industry-leading technology vendors
  • Documented, out-of-the-box integrations
  • Video tutorials expedite integration tasks

SECURITY FIRST COMPANY

  • Trusted supplier to U.S government for several decades
  • HSM products are U.S designed, developed and manufactured
  • All employees are U.S citizens
  • All office locations in U.S.
  • All support requests answered from U.S. (no outsourcing or foreign call centers)
  • U.S. government approved Trusted Technology Import process
  • Follow security best practices for all product introduction

Specifications

Cryptography

  • Full support for NSA Commercial National Security Algorithm (CNSA) Suite
  • Support for FIPS-approved and NIST recommended algorithms, modes, curves, and key sizes for RSA, DSA, Diffie-Hellman, AES, SHA-2, SHA-3 and Elliptic Curve Cryptography (ECC)
  • NIST 800-90A compliant Hardware Random Number Generator
    • Classic hardware RNG entropy
    • Quantum RNG entropy
  • Additional non-approved algorithms and key sizes are supported for use with legacy applications
  • Refer to product documentation for complete details

API Support

  • PKCS#11
  • Microsoft CAPI and CNG
  • Java (JCA/JCE)
  • Pycryptoki

Supported Operating Systems

  • Windows Server: 2012R2, 2016, 2019
  • Windows 10
  • Linux: RHEL / CentOS 7, 8. Ubuntu 18, 20. Oracle Linux 7.9

Security Compliance

  • FIPS 140-2 Level 3
  • Approved by CNSS for use in National Security Systems PKI

Physical Characteristics

  • Dimensions: Full Height, Half Length 4.2”x6.6”
  • Weight: 300gm (10.6oz)
  • Host Interface: PCIe Gen 2 x4
  • Power Consumption: 20W maximum, 10W typical
  • Temperature: operating 0°C – 50°C, storage -20°C – 60°C

Safety and Environmental Compliance

  • FCC

Reliability

  • Mean Time Between Failure (MTBF) 250,821 hrs

Resources

ImageTitleLink
CTO Sessions: Building a Root of Trust in How to Secure the Most Sensitive Data
CTO Sessions: Building a Root of Trust in How to Secure the Most Sensitive Data
Download
Luna PCIe HSM Product Brief
Luna PCIe HSM Product Brief
Download
On Demand Webinar: Building a Root of Trust to Secure the Most Sensitive Data
On Demand Webinar: Building a Root of Trust to Secure the Most Sensitive Data
Download