Luna T-Series models offer secure storage of your cryptographic information in a controlled and highly secure environment. All Luna T-Series models can be initialized by the customer to protect proprietary information by using either multifactor (PED) authentication or password authentication.
Industry Leading Performance & Security
- Industry leading cryptographic performance
- Performance optimized for government mandated algorithms and key lengths
- Up to 10 times the performance as compared to last-generation Luna PCIe for Government
- Keys-in-hardware approach protects the entire life-cycle of keys within the FIPS 140-2 validated confines of the HSM
- Addresses compliance requirements with FIPS 140 Level 3 certification
- Approved by CNSS for use in National Security Systems PKI
Crypto Agility
Thales TCT’s Luna HSMs employ a crypto agile architecture that supports in-field introduction of new crypto algorithms. The Luna HSMs offer large amounts of memory (inside the crypto module) to support growth to larger key sizes. The Luna HSM’s CPU capabilities support new, compute intensive algorithms and features.
Post-Quantum Cryptography (PQC) Algorithms
Thales TCT’s Luna HSMs support ML-DSA and ML-KEM PQC algorithms as standardized by NIST. This enables agencies and technology partners to begin migrating their FIPS 140 Level 3 rooted cryptographic systems, guarding against Harvest Now, Decrypt Later and other quantum threats.
Additionally, the Luna HSMs support the Leighton-Micali Signature (LMS) stateful hash-based signature mechanism, along with its multi-tree variant, the Hierarchical Signature Scheme (HSS). Utilizing either LMS/HSS or ML-DSA, Luna HSMs enable customers to transition to quantum-resistant firmware/software signing in accordance with CNSA 2.0.
Quantum Enhanced Keys
By embedding a quantum random number generator (QRNG) chip within the Luna HSM, Thales TCT is offering the industry’s first FIPS 140-2 compliant HSM capable of generating quantum enhanced keys. Using principles of quantum physics, the QRNG chip produces high quality entropy which is the basis for all random numbers and cryptographic keys generated by the HSM. With a choice of operating the HSM in FIPS-approved mode using either the embedded, classic physical RNG or the embedded quantum RNG, customers can dynamically change between classical key generation and quantum enhanced keys as threats emerge over time.
Easy Transition for Deployed Solutions
- Backward compatible with deployed applications
- Zero changes required to applications integrated with Luna PCIe for Government
- Migrate keys from Luna PCIe for Government to T-Series HSM
Broad Integration Ecosystem
- Large number of integrations with industry-leading technology vendors
- Documented, out-of-the-box integrations
- Video tutorials expedite integration tasks
Security First Company
- Trusted supplier to U.S government for several decades
- HSM products are U.S designed, developed and manufactured
- All employees are U.S citizens
- All office locations in U.S.
- All support requests answered from U.S. (no outsourcing or foreign call centers)
- U.S. government approved Trusted Technology Import process
- Follow security best practices for all product introduction
Available Models and Performance
Luna PCIe HSM T-2000 Standard performance | Luna PCIe HSM T-5000 Enterprise performance |
16 MB memory | 32 MB memory |
RSA 2048 1,400 tps | RSA 2048 14,000 tps |
RSA 4096 350 tps | RSA 4096 3,500 tps |
ECC P-256 3,000 tps | ECC P-256 16,000 tps |
ECC P-384 2,000 tps | ECC P-384 16,000 tps |
Technical Specifications
Feature | Details |
Cryptography |
|
API Support |
|
Supported Operating Systems |
|
Security Compliance |
|
Physical Characteristics |
|
Safety and Environmental Compliance |
|
Reliability |
|
