Skip Navigation


Keyword: hsm
Posted by: Alison Maine

VALIDATION SIGNIFIES THAT THE LUNA T-SERIES HARDWARE SECURITY MODULES MEET NIST’S HIGHEST LEVEL OF SECURITY STANDARDS 

April 19, 2021

Thales Trusted Cyber Technologies (TCT), a trusted, U.S. based source for cyber security solutions, today announced that its Luna T-Series Hardware Security Modules (HSMs) have received Federal Information Processing Standards (FIPS) 140-2 Level 3 validation from the National Institution of Standards and Technology (NIST). 

Designated in FIPS 140-2 validation certificate number 3898 as the Luna T7 Cryptographic Module, the Luna T7 is included in the following Thales TCT products:

Luna T-Series HSMs are the choice for government agencies when storing, protecting and managing cryptographic keys used to secure sensitive data and critical applications. Meeting government mandates for U.S. Supply Chain, the high-assurance, tamper-resistant Luna T-Series HSMs are designed, developed, manufactured, sold, and supported in the United States.

INDUSTRY-LEADING PERFORMANCE & SECURITY

Luna T-Series HSMs offer industry-leading cryptographic performance and security optimized for government mandated algorithms and key lengths. Thales TCT’s keys-in-hardware approach protects the entire life-cycle of keys within the FIPS 140-2 validated confines of the HSM.

QUANTUM ENHANCED KEYS

By embedding a quantum random number generator (QRNG) chip within the Luna T7 Crypto Module, Thales TCT is offering the industry’s first FIPS 140-2 compliant HSM capable of generating quantum enhanced keys. Using principles of quantum physics, the QRNG chip produces high quality entropy which is the basis for all random numbers and cryptographic keys generated by the HSM.  With a choice of operating the HSM in FIPS-approved mode using either the embedded, classic physical RNG or the embedded quantum RNG, customers can dynamically change between classical key generation and quantum enhanced keys as threats emerge over time.

AVAILABLE NOW

The FIPS-validated Luna T-Series HSM is available for new deployments today. Organizations who have already deployed Luna T-Series HSMs can now easily perform an in-field upgrade to the latest FIPS-validated firmware. Multiple migration solutions are available to organizations that have the widely deployed Luna SA for Government generation HSMs and need to modernization to the high performance, FIPS-validated Luna T-Series HSMs. Contact Thales TCT customer support for more information on HSM migration and upgrades.

For more information on the Luna T-series HSMs, thalestct.com/hsm.

Posted by: Alison Maine

Thales Trusted Cyber Technologies (TCT) is pleased to announce the release of the Luna HSM firmware 7.11.0 and Luna Client 7.11.1. Following on the heels of the November release of the Luna Network T-Series HSM 7.11, this release includes a firmware update for the Luna T7 Crypto Module and a Luna Client update. The 7.11.0 firmware runs on the Luna T7 Crypto Module delivered as the Luna PCIe product or embedded in the Luna Network HSM. Updates to the Luna Client are also included to address functional and usability enhancements.

Quantum Enhanced Keys

This firmware release also introduces support for Quantum Enhanced Keys. By embedding a quantum random number generator (QRNG) chip within the Luna HSM, Thales TCT is offering the industry’s first FIPS 140-2 compliant HSM capable of generating quantum enhanced keys. Using principles of quantum physics, the QRNG chip produces high quality entropy which is the basis for all random numbers and cryptographic keys generated by the HSM.

FIPS 140-2 Level 3 Compliance

The 7.11.0 firmware release introduces updates to the FIPS approved mode of operation. Specifically, updates to Password Authentication, Cloning, HA Login, and Remote PED Protocols were introduced to comply with FIPS 140-2 Level 3 Certification, including NIST SP 800-131A Revision 2. By updating their Luna HSMs to this 7.11.0 firmware, customers will be running the firmware that is currently in the process of being FIPS certified by NIST.

FIPS 140-2 Status

As previously announced, the Luna T7 Cryptographic Module was submitted (July 2020) to the NIST Cryptographic Module Validation Program and is listed as Module in Process. Most customers (and government contracting officers) accept the official listing on NIST’s Modules in Process List as evidence that the cryptographic module will soon have an official FIPS 140-2 validation certificate issued. Updates regarding FIPS certification will be made as they become available. The NIST Modules in Process List is available here.

Posted by: Alison Maine

Thales Trusted Cyber Technologies (TCT) is pleased to announce the release of the Luna Network HSM 7.11.0, models T-2000 and T-5000. Release 7.11.0 features the introduction of the new T-Series Network HSM chassis. The 7.11.0 Network HSM offers enhanced security, maintenance, and usability features while providing industry leading cryptographic performance. The Luna Client is also updated with installation, functional, and usability enhancements. User Documentation has been significantly revised to reflect the changes incorporated into Luna HSM release 7.11.
Highlights of new features in the Luna T-Series HSM release 7.11 include:

New T-Series Network HSM Appliance Chassis

The Luna T-Series Network HSM contains a new chassis and offers enhanced installation, maintenance, security, and usability features, including the following:

  • A locking faceplate bezel restricts access to the front of the appliance for enhanced security. 
  • A new LCD display provides a quick view of the appliance network configuration and overall health. 
  • Four 1GB Ethernet interface ports with port bonding for redundancy and enhanced reliability. 
  • Rebranded to reflect company name change to Thales Trusted Cyber Technologies. 
  • Appliance is delivered with improved accessories (e.g. longer rack mount rails, RJ-45 console port / cable, etc.). 

Improved Luna HSM Client

  • Improved Client Installer 
  • User-Defined Install Paths 
  • Minimal Client for Linux containers 
  • Cryptographic changes to support changes in upcoming firmware 7.11.0. 

Configurable Cipher Suites

The TLS cipher suites used by NTLS can now be configured on the Luna T-Series Network HSM. This new capability allows administrators to select and configure cipher strength to meet their internal security objectives and compliance requirements.

Hardware Support for Quantum Enhanced Keys

By embedding a quantum random number generator (QRNG) chip within the Luna HSM, Thales TCT is offering the industry’s first FIPS 140-2 compliant HSM capable of generating quantum enhanced keys. Using principles of quantum physics, the QRNG chip produces high quality entropy which is the basis for all random numbers and cryptographic keys generated by the HSM. Although the QRNG is included in this hardware, the ability to utilize the QRNG will not be available until a future release of firmware. All shipping Luna Network HSM hardware will support an in-field firmware upgrade that will introduce this capability.

FIPS 140 Status

As previously announced, the Luna T7 Cryptographic Module was submitted (July 2020) to the NIST Cryptographic Module Validation Program and is listed as Module in Process. Most customers (and government contracting officers) accept the official listing on NIST’s Modules in Process List as evidence that the cryptographic module will soon have an official FIPS 140-2 validation certificate issued. The NIST Modules in Process List is available here.


An in-field upgrade to the FIPS validated firmware will be made available for all Luna T-Series Network HSMs.

Learn More About HSMs

Posted by: Alison Maine

Thales Trusted Cyber Technologies (TCT) is pleased to announce the release of Luna T-Series HSM 7.10.1. Release 7.10.1 is a minor release featuring the introduction of the T-Series PCIe HSM. The new PCIe HSM offers increased performance and functionality similar to the T-Series Network HSM. Additionally, updates to the Luna Client and User Documentation are included in this release.

Release 7.10.1 Summary

  • Initial GA Release of Luna PCIe T-2000 and T-5000
    • NO firmware or hardware updates. Same firmware version 7.10.0 as released in December 2019 on T-Series Network HSM.
  • Updated Luna Client
    • Version 7.10.1
    • Updated PCIe driver for Luna PCIe. (driver in 7.10.0 client is not compatible with Luna PCIe)
    • Additional miscellaneous fixes (see CRN Resolved Issues)
    • Compatible with previously released Luna Network HSM T-series and legacy Luna for Government HSMs.
  • Product Documentation Updates
    • Single documentation set for all HSM products: Network, PCIe, Backup, and G5
    • Additional miscellaneous updates
  • No software changes or hardware changes to Luna Network HSM appliance
  • Updated CRN

Resources

Posted by: Alison Maine

SafeNet AT is pleased to announce the release of Luna T-Series HSM 7.10. Version 7.10 includes the Luna Network HSM T-2000 and T-5000 models along with the Luna Client. The Luna T-Series HSM is the choice for government agencies when storing, protecting and managing cryptographic keys used to secure sensitive data and critical applications. Meeting government mandates for U.S. Supply Chain, the high assurance, tamper-resistant Luna T-Series HSM is designed, developed, manufactured, sold, and supported in the United States exclusively by SafeNet AT.

Luna T-Series HSMs were designed from the ground up as a drop-in replacement for the widely deployed Luna SA for Government HSMs. Luna T-Series HSMs offer secure storage of cryptographic information in a controlled and highly secure environment. All Luna T-Series models can be initialized by the customer to protect proprietary information by using either multifactor (PED) authentication or password authentication.

Industry Leading Performance

The T-Series of Luna Network HSM offers industry leading cryptographic performance and delivers up to 10 times the performance compared to the legacy Luna SA for Government while still providing the critical security features that government customers have relied on for decades.

Luna T-Series models are available at different performance levels:

Luna Network HSM T-2000 Luna Network HSM T-5000
  • Standard performance
  • 16MB memory
  • 2 partitions, upgradable to 10
  • RSA 2048 1,400 tps
  • RSA 4096 350 tps
  • ECC P-256 3,000 tps
  • ECC P-384 2,000 tps
  • Enterprise-level performance
  • 32 MB memory
  • 5 partitions, upgradable to 20
  • RSA 2048 14,000 tps
  • RSA 4096 3,500 tps
  • ECC P-256 16,000 tps
  • ECC P-384 16,000 tps

Luna T-Series HSM Benefits

  • Industry leading cryptographic performance: performance optimized for government mandated algorithms and key lengths
  • Easy transition for deployed solutions: fully backwards compatible and zero changes required to applications integrated with Luna SA for Government
  • Crypto agile: architecture supports in-field introduction of new crypto algorithms
  • Broad integration ecosystem: large number of integrations with industry-leading technology vendors
  • Security first company: HSM products are U.S designed, developed and manufactured

This site uses cookies to store information on your computer. Some are essential to make our site work properly; others help us improve the user experience.

By using the site, you consent to the placement of these cookies. For more information, read our cookie policy and our privacy policy.

Accept