cpl.thalesgroup.

com

Thales Luna Network HSM

Secure your sensitive data and critical applications by storing,

protecting and managing your cryptographic keys in Thales Luna
Network Hardware Security Modules (HSMs) - high-assurance,
tamper-resistant, network-attached appliances offering market-
leading performance.

Contact us to learn how you can integrate Luna Network HSMs

into a wide range of applications to accelerate cryptographic PKI

operations, secure the crypto key lifecycle, and provide a root of Signing & IOT
Document Validation
trust for your entire encryption infrastructure. Signing
Code Signing

What you need to know: Secure

Manufacturing Post-
Quantum
Crypto
Superior Performance: Agility

Database
• Meet your high throughput requirements with over Encryption
20,000 ECC and 10,000 RSA operations per second 5G
for high performance use cases
• Lower latency for improved efficiency Transaction Luna Network HSMs
Processing

Highest Security & Compliance: SSL/TLS

• Keys always remain in FIPS-validated, tamper-evident hardware

BYOK/HYOK
• Meet compliance needs for GDPR, eIDAS, HIPAA, PCI-DSS, Blockchain
and more
Smart Card
Issuance HSMaaS
Private & public
eIDAS
cloud
environment
• De facto standard for the cloud Security Certifications
• Multiple roles for strong separation of duties • FIPS 140-2 Level 3 – Password and Multi-Factor (PED)
• Multi-person MofN with multi-factor authentication for • Common Criteria EAL4+ (AVA_VAN.5 and ALC_FLR.2) against
increased security the Protection Profile EN 419 221-5
• Secure audit logging • Qualified Signature or Seal Creation Device (QSCD) listing for
• High-assurance delivery with secure transport mode eIDAS compliance
• High quality keys through external Quantum RNG seeding • Singapore NITES Common Criteria Scheme *
• Securely backup and duplicate keys in hardware with Luna
Host Interface
Backup HSM or to the cloud with Data Protection on Demand
for redundancy, reliability and disaster recovery • 2 options: 4 Gigabit ethernet ports with Port Bonding, or
2 x 10G fiber network connectivity and 2 x 1G with Port Bonding
Reduce Costs & Save time: • IPv4 and IPv6
• Remotely manage HSMs - no need to travel
Physical Characteristics
• Reduced audit and compliance costs and burdens
• Standard 1U 19in. rack mount appliance
• Automate enterprise systems to manage HSMs via REST API
• Dimensions: 19” x 21” x 1.725”
• Efficiently administer resources by sharing HSMs amongst
(482.6mm x 533.4mm x 43.815mm)
multiple applications or tenants
• Weight: 28lb (12.7kg)
• Flexible partition policies to meet your key management and
compliance needs • Input Voltage: 100-240V, 50-60Hz
• Increased portability, greater efficiency and less overhead using • Power Consumption: 110W maximum, 84W typical
SafeNet Luna Client in a container • Heat Dissipation: 376BTU/hr maximum, 287BTU/hr typical
• Functionality Modules • Temperature: operating 0°C – 35°C, storage -20°C – 60°C
° Extend native HSM functionality • Relative Humidity: 5% to 95% (38°C) non-condensing
° Develop and deploy custom code within the secure confines Safety & Environmental Compliance
of the HSM
• UL, CSA, CE
Technical specifications • FCC, CE, VCCI, C-TICK, KC Mark
• RoHS2, WEEE
Supported Operating Systems • TAA
• Windows, Linux, Solaris, AIX • India BIS [IS 13252 (Part 1)/IEC 60950-1]
• Virtual: VMware, Hyper-V, Xen, KVM Reliability
API Support • Dual hot-swap power supplies
• PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, • Field-serviceable components
OpenSSL • Mean Time Between Failure (MTBF) 171,308 hrs
• REST API for administration
Management & Monitoring
Cryptography • HA disaster recovery
• Full Suite B support • Backup and restore hardware to hardware on-premises
• Asymmetric: RSA, DSA, Diffie-Hellman, Elliptic Curve or in the cloud
Cryptography (ECDSA, ECDH, Ed25519, ECIES) with named, • SNMP, Syslog
user-defined and Brainpool curves, KCDSA, and more * under evaluation

• Symmetric: AES, AES-GCM, Triple DES, DES, ARIA, SEED,

RC2, RC4, RC5, CAST, and more
• Hash/Message Digest/HMAC: SHA-1, SHA-2, SHA-3, SM2,
SM3, SM4 and more
• Key Derivation: SP800-108 Counter Mode
• Key Wrapping: SP800-38F
• Random Number Generation: designed to comply with AIS
20/31 to DRG.4 using HW based true noise source alongside
NIST 800-90A compliant CTR-DRBG
• Digital Wallet Encryption: BIP32
• 5G Cryptographic Mechanisms for Subscriber Authentication:
Milenage, Tuak, and COMP128
Available models
Choose from two series of Luna Network HSMs, each one with 3 different models to fit your requirements.

Luna A Series:
Password Authentication for easy management.

Standard Performance Enterprise Performance Maximum Performance

A700 A750 A790
2 MB Memory 16 MB Memory 32 MB Memory
Partitions: 5 Partitions: 5 Partitions: 10
Maximum Partitions: 5 Maximum Partitions: 20 Maximum Partitions: 100
Performance: Performance: Performance:
RSA-2048: 1,000 tps RSA-2048: 5,000 tps RSA-2048: 10,000 tps
ECC P256: 2,000 tps ECC P256: 10,000 tps ECC P256: 22,000 tps
AES-GCM: 2,000 tps AES-GCM: 10,000 tps AES-GCM: 17,000 tps

Luna S Series:
Multi-factor (PED) Authentication for high assurance use cases.

Standard Performance Enterprise Performance Maximum Performance

S700 S750 S790
2 MB Memory 16 MB Memory 32 MB Memory
Partitions: 5 Partitions: 5 Partitions: 10
Maximum Partitions: 5 Maximum Partitions: 20 Maximum Partitions: 100
Performance: Performance: Performance:
RSA-2048: 1,000 tps RSA-2048: 5,000 tps RSA-2048: 10,000 tps
ECC P256: 2,000 tps ECC P256: 10,000 tps ECC P256: 22,000 tps
AES-GCM: 2,000 tps AES-GCM: 10,000 tps AES-GCM: 17,000 tps
tps = transactions per second

About Thales
The people you rely on to protect your privacy rely on Thales to
protect their data. When it comes to data security, organizations are
faced with an increasing number of decisive moments. Whether the
moment is building an encryption strategy, moving to the cloud, or
meeting compliance mandates, you can rely on Thales to secure
your digital transformation.

Decisive technology for decisive moments.

© Thales - December 2020•DBV40

> cpl.thalesgroup.com <

Contact us – For all office locations and contact information, please visit cpl.thalesgroup.com/contact-us