Thales TCT Luna Tablet Security Module

Handheld Appliance

The Luna T-Series Tablet HSM is a small form factor HSM that is widely used by government agencies to protect data, applications, and digital identities in order to reduce risk and ensure regulatory compliance. It is well suited for a wide variety of applications, including the strong protection of PKI root keys. Meeting government mandates for U.S. Supply Chain Luna T-Series Tablet HSM is designed, developed, manufactured, sold, and supported in the United States by Thales Trusted Cyber Technologies (TCT).

Luna T-Series Tablet HSM Overview

The Luna T-Series Tablet HSM delivers high assurance key protection, maintaining all key materials encrypted within the confines of the tamper-resistant hardware. The small form factor and offline key storage capability set the product apart, making it ideal for protecting mission critical keys in a secure offline environment.

Highlights

  • Portable, handheld, small form factor device
  • Easy setup – up and running in minutes
  • LCD display enables quick review of status including firmware, memory capacity, and more
  • Host-powered USB – no need for an external power adaptor
  • Support of Quorum (MofN) multi-factor authentication for increased security

Common Architecture

Luna T-Series HSMs benefit from a common architecture across the entire product line including Luna Network, Luna PCIe, and Luna as a Service HSMs where the client, APIs, algorithms, and authentication methods are consistent. This eliminates the need to design applications around a specific HSM, and provides the flexibility to clone keys from HSM to HSM and from on-premises to the cloud as your needs change.

Commercial National Security Algorithm (CNSA) Suite 2.0

All Thales TCT Luna T-Series HSMs address CNSA Suite 2.0 requirements for post-quantum cryptographic algorithms. Luna T-Series HSMs utilize Leighton-Micali Signature (LMS) Asymmetric algorithm for digitally signing firmware and have pre-standards implementations of CNSA 2.0 quantum-resistant public-key algorithms.

High Assurance Security

  • Keys always remain in FIPS 140-3 validated*, intrusion-resistant hardware
  • Remote management, backup and restore for quick disaster recovery
  • Password Authentication or Quorum (MofN) multi-factor authentication for increased security and strong separation of duties

Sample Applications

  • PKI key generation and key storage/protection (online and offline CA keys)
  • CNSA 2.0 compliant software and firmware code-signing
  • Certificate validation and signing
  • Offline hardware protection/security of critical keys
  • Support Bring Your Own Key (BYOK) use cases

Crypto Agility

Luna T-Series Tablet HSM supports a broad range of asymmetric key encryption and key exchange capabilities, as well as support for all standard symmetric encryption algorithms. It also supports all standard hashing algorithms and message authentication codes (MAC). The Luna T-Series Tablet HSM has a hardware based random number generator, compliant with NIST SP 800-90A and B.

PQC Algorithms Now Offered in Luna T-Series HSMs

Luna T-Series 7.13.0 now includes pre-standards implementations of NIST-selected PQC algorithms and stateful hash-based signature algorithms.

Available Models and Performance

Operation

Key

TPS

Sign

RSA-2048

62

Sign

RSA-4096

8

Sign

ECC P256

383

Sign

ML-DSA-87

20

Technical Specifications

Luna T-Series Tablet HSM (T-300)

  • 1 partition, 32MB

Operating System Support

  • Windows, Linux Client
  • Cryptographic API Support
  • PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL

Cryptography

  • Full support for NSA Commercial National Security Algorithm (CNSA) Suite
  • Support for FIPS-approved and NIST recommended algorithms, modes, curves and key sizes for RSA, DSA, Diffie-Hellman, AES, SHA-2, SHA-3, and Elliptic Curve Cryptography (ECC)
  • Support for CNSA 2.0 Software- and Firmware-Signing with Leighton-Micali Signature (LMS) algorithm
  • Support for post-quantum cryptographic algorithms: ML-DSA (Dilithium), ML-KEM (Kyber), and FN-DSA (Falcon)
  • NIST 800-900A compliant Hardware Random Number Generator
  • Additional non-approved algorithms and key sizes are supported for use with legacy applications
  • Refer to product documentation for complete details

Security Certification

  • FIPS 140-3 Level 3*

Physical Characteristics

  • Dimensions: 6.3” x 3.43” x 1.03” (160.02mm x 87.12mm x 26.16mm)
  • Weight: 0.9lb (410g)
  • 4.7” LCD display
  • Temperature:
    • Operating 0°C – 40°C
    • Storage -20°C – 70°C
  • Relative Humidity: 20% to 95% (38°C) non-condensing
  • Power Consumption: 7.2W maximum, 4.5W typical
  • External USB AC: Input Voltage: 100 – 240V, 50 – 60Hz /Output 5VDC 3A
  • Host Interface: USB 3.0 Type C connector
  • Peripheral Interface: USB 3.0 Type C connector + USB-C (M) to USB-A (F) adapter

Safety and Environmental Compliance

  • UL, CSA, CE
  • FCC, KC Mark, VCCI, CE
  • RoHS, WEEE

Reliability

  • MTBF: 560073 hrs@40C, Telcordia SR-332, Issue C

Trade Agreement Compliance

  • TAA

*FIPS Validation in process.

Resources

ImageTitleLink
Luna Tablet HSM Product Brief