December 18, 2020
Thales Trusted Cyber Technologies (TCT) is pleased to announce the release of the Luna HSM firmware 7.11.0 and Luna Client 7.11.1. Following on the heels of the November release of the Luna Network T-Series HSM 7.11, this release includes a firmware update for the Luna T7 Crypto Module and a Luna Client update. The 7.11.0 firmware runs on the Luna T7 Crypto Module delivered as the Luna PCIe product or embedded in the Luna Network HSM. Updates to the Luna Client are also included to address functional and usability enhancements.
Quantum Enhanced Keys
This firmware release also introduces support for Quantum Enhanced Keys. By embedding a quantum random number generator (QRNG) chip within the Luna HSM, Thales TCT is offering the industry’s first FIPS 140-2 compliant HSM capable of generating quantum enhanced keys. Using principles of quantum physics, the QRNG chip produces high quality entropy which is the basis for all random numbers and cryptographic keys generated by the HSM.
FIPS 140-2 Level 3 Compliance
The 7.11.0 firmware release introduces updates to the FIPS approved mode of operation. Specifically, updates to Password Authentication, Cloning, HA Login, and Remote PED Protocols were introduced to comply with FIPS 140-2 Level 3 Certification, including NIST SP 800-131A Revision 2. By updating their Luna HSMs to this 7.11.0 firmware, customers will be running the firmware that is currently in the process of being FIPS certified by NIST.
FIPS 140-2 Status
As previously announced, the Luna T7 Cryptographic Module was submitted (July 2020) to the NIST Cryptographic Module Validation Program and is listed as Module in Process. Most customers (and government contracting officers) accept the official listing on NIST’s Modules in Process List as evidence that the cryptographic module will soon have an official FIPS 140-2 validation certificate issued. Updates regarding FIPS certification will be made as they become available. The NIST Modules in Process List is available here.