Thales TCT Product Updates

Thales Trusted Cyber Technologies (TCT) is pleased to announce the release of version 7.12 of the Luna Network HSM and PCIe HSM. This release encompasses multiple Luna HSM components:

• Luna T-series appliance software 7.12.0 
• Luna T7 Crypto Module firmware 7.12.0 
• Luna Client 7.12.0 
• Luna User Documentation Revision G 

Each of these components is available as a download from the Thales TCT Support Portal.

Release 7.12 includes the following new features:

• New cryptographic mechanisms (SHA-3 and AES key wrap). 
• TLS 1.3 support for NTLS and Remote PED connections 
• PED-initiated Remote PED 
• Additional T7 automatic activation options 
• T7 PCIe passthrough on ESXI Virtual Machines permitting multiple VMs to access the HSM. 
• Additional Operating System support for the Luna Client. 

Details regarding these new capabilities are available in the Luna User Documentation (Rev G) and the Customer Release Notes (Rev N).

June 30, 2021

The FIPS 140-2 certification of the Luna T7 Cryptographic Module and the corresponding release of the Luna T-Series HSMs allows Thales Trusted Cyber Technologies (TCT) to begin the process of retiring the Luna for Government products. Thales TCT is announcing the End-of-Sale (EOS) and End-of-Life (EOL) timeline for the following Thales TCT products:

• Luna SA for Government. The Luna SA 1700 and Luna SA 7000 model HSMs. These network HSM models include the legacy Luna K6 Cryptographic Module running Thales TCT firmware.
• Luna PCI-E for Government. The Luna PCI-E 1700 and 7000 models are the products consisting of the standalone Luna K6 Cryptographic Module running Thales TCT firmware.

End-of-Sale and End-of-Life Timeline
The following table describes the End-of-Sale (EOS) and End-of-Life (EOL) milestones, dates, and definitions for the Luna SA for Government and Luna PCI-E for Government products. The last day to order the affected products is December 31, 2021.

Migration Strategy
The Luna T-Series HSMs include the following features to allow easy migration from the legacy Luna for Government models to the new T-Series models:

• Compatible with applications integrated with Luna HSM for Government
• Multiple techniques to migrate high value keys to T-Series HSMs
• Allows for an incremental deployment model to roll out Luna T-Series

Professional Services offerings specifically designed to assist customers in migrating to Luna T-Series HSMs are available.

For more information on migration options or any other questions, please contact your Thales TCT account manager or info@thalestct.com.

About Luna T-Series HSMs
Thales TCT Luna T-Series HSMs are the choice for government agencies when storing, protecting and managing cryptographic keys used to secure sensitive data and critical applications. Meeting government mandates for U.S. Supply Chain, the high-assurance, tamper-resistant Luna T-Series HSMs are designed, developed, manufactured, sold, and supported in the United States.

Affected Products List
The Thales TCT part numbers affected by this announcement are included in the following table.

Thales Trusted Cyber Technologies (TCT) is pleased to announce the release of the Luna HSM firmware 6.21.6 and Luna Client 7.11.2. The 6.21.6 firmware update is specific to Luna PCIe HSM for Government (K6), Luna SA for Government, G5 HSM, and Backup HSM (collectively called “Legacy HSMs”). With this release cloning, partition backup and restore, and HA synchronization operations can be performed between a FIPS enabled 7.11.1 T-Series HSM and Legacy HSMs. The 6.21.6 firmware also includes additional security enhancements relevant to the Legacy HSMs. Updates to the Luna Client (7.11.2) are also included to address functional and usability enhancements.

Thales Trusted Cyber Technologies (TCT) is pleased to announce the introduction of the new Thales TCT CipherTrust k570 appliance, now available with the release of CipherTrust Manager 2.3. The Thales TCT CipherTrust k570, which includes a FIPS 140-2 Level 3 certified Thales TCT Luna T7 Cryptographic Module, is the newest addition to the CipherTrust Data Security Platform. 

CipherTrust Data Security Platform unifies data discovery, classification, data protection, and unprecedented granular access controls with centralized key management – all on a single platform. This results in less resources dedicated to data security operations, ubiquitous compliance controls, and significantly reduced risk.

CipherTrust Manager is the center of the CipherTrust Data Security Platform. It serves as the central point for managing configuration, policy and key material for data discovery, encryption, on-premise and cloud based use cases. CipherTrust Manager is the successor to the Thales eSecurity (formerly Vormetric) Data Security Manager, Gemalto (formerly SafeNet) KeySecure, and SafeNet Assured Technologies KeySecure for Government platforms.

CipherTrust Data Security Platform, including the Thales TCT CipherTrust k570, is available for sale to the U.S. Federal Government exclusively through Thales TCT.

Resources

• Thales TCT CipherTrust Data Security Platform web page
• CipherTrust 2.3 Product Documentation
• CipherTrust 2.3 Release Notes

VALIDATION SIGNIFIES THAT THE LUNA T-SERIES HARDWARE SECURITY MODULES MEET NIST’S HIGHEST LEVEL OF SECURITY STANDARDS 

Thales Trusted Cyber Technologies (TCT), a trusted, U.S. based source for cyber security solutions, today announced that its Luna T-Series Hardware Security Modules (HSMs) have received Federal Information Processing Standards (FIPS) 140-2 Level 3 validation from the National Institution of Standards and Technology (NIST). 

Designated in FIPS 140-2 validation certificate number 3898 as the Luna T7 Cryptographic Module, the Luna T7 is included in the following Thales TCT products:

• Luna PCIe HSM (T-Series)
• Luna Network HSM (T-Series)
• CipherTrust Manager

Luna T-Series HSMs are the choice for government agencies when storing, protecting and managing cryptographic keys used to secure sensitive data and critical applications. Meeting government mandates for U.S. Supply Chain, the high-assurance, tamper-resistant Luna T-Series HSMs are designed, developed, manufactured, sold, and supported in the United States.

INDUSTRY-LEADING PERFORMANCE & SECURITY

Luna T-Series HSMs offer industry-leading cryptographic performance and security optimized for government mandated algorithms and key lengths. Thales TCT’s keys-in-hardware approach protects the entire life-cycle of keys within the FIPS 140-2 validated confines of the HSM.

QUANTUM ENHANCED KEYS

By embedding a quantum random number generator (QRNG) chip within the Luna T7 Crypto Module, Thales TCT is offering the industry’s first FIPS 140-2 compliant HSM capable of generating quantum enhanced keys. Using principles of quantum physics, the QRNG chip produces high quality entropy which is the basis for all random numbers and cryptographic keys generated by the HSM.  With a choice of operating the HSM in FIPS-approved mode using either the embedded, classic physical RNG or the embedded quantum RNG, customers can dynamically change between classical key generation and quantum enhanced keys as threats emerge over time.

AVAILABLE NOW

The FIPS-validated Luna T-Series HSM is available for new deployments today. Organizations who have already deployed Luna T-Series HSMs can now easily perform an in-field upgrade to the latest FIPS-validated firmware. Multiple migration solutions are available to organizations that have the widely deployed Luna SA for Government generation HSMs and need to modernization to the high performance, FIPS-validated Luna T-Series HSMs. Contact Thales TCT customer support for more information on HSM migration and upgrades.

For more information on the Luna T-series HSMs, thalestct.com/hsm.