Thales Luna PCIe HSM

Thales Luna PCIe HSM is a hardware security module of very high flexibility. Extensive features and a large number of available options make it the flagship device in Thales’ portfolio of general-purpose HSM modules. The presented model is a device in the form of a PCI Express card, for applications dedicated to a single server. For applications where multiple clients are required to be served, the network option is suitable, i.e. Thales Luna Network HSM, allowing to serve, in the appropriate performance version, a very large number of clients. For the most demanding solutions, it is possible to use multiple network devices working in parallel.

Security

The HSM has been certified according to FIPS 140-2 methodology to level 3 and according to CommonCriteria to EAL4+ level. The module can also be used for trust services as defined by the European eIDAS (Electronic Identification and Trust Services Regulation).
A specific element of the design is the possibility of using partitions, i.e. isolated spaces for storing cryptographic keys for different applications. This gives an additional layer of protection to the cryptographic material.
The HSM is equipped with mechanisms that are obvious in this class of devices, such as multi-component authentication with key partitioning and extensive operation recording. Convenient and advanced monitoring of device operation is also possible, as well as fully remote management.
The PCI version of the Luna module is a typical low-profile PCI Express card. Admittedly, compared to the network version, the number of available options is smaller, but nevertheless many important design decisions still need to be made. Therefore, each implementation requires careful preparation with the help of an experienced partner.

Datasheet

Performance

The current generation of Luna devices, designated as Luna 7, is available in three versions that have different capabilities. The detailed differences can be seen in the table below. The wide range of device performance allows you to choose the right solution for each application.

Performance is measured in transactions/signatures per second (TPS):

PerformanceRSAECC
model 700 Standard Performance
Memory: 2MB
Maximum Partitions:: 5
1000 - 2048 bit

2000 - 256 bit
model 750 Enterprise Performance
Memory: 16MB
Maximum Partitions: 20
5000 - 2048 bit

10000 - 256 bit
model 790 Maximum Performance
Memory: 32MB
Maximum Partitions: 100
10000 - 2048 bit

20000 - 256 bit
Note: performance may depend on the operating system, applications and other factors.
Supported cryptographic algorithms
Symmetric algorithmsAES, AES-GCM, Triple DES, DES, ARIA, SEED, RCS, RC4, RC5, CAST
Asymmetric algorithmsRSA, DSA, Diffie-Hellman, Elliptic Curve, Cryptography (ECDSA, ECDH, Ed25519, ECIES)
HASH algorithmsSHA-1, SHA-2, SHA-3, SM2, SM3, SM4
Technical specification
Physical characteristics69,6mm x 167mm x 187mm
Power consumption: 18W max, 14W typical
Supported OS*Windows
Linux
APIPKCS#11
Microsoft CAPI and CNG
Java JCA/JCE
OpenSSL
Certifications &CompliancesFIPS 140-2 Level 3—Password and Multi-Factor (PED)
eIDAS CC EAL4+ (AVA_VAN.5 and ALC_FLR.2) against the Protection Profile 419221-5 (w trakcie)
UL, CSA, CE, FCC, CE, VCCI, C-TICK, KC MARK, RoHS2, WEEE, TAA
* Contact us in order to obtain detailed information regarding support for a specific OS version.