cpl.thalesgroup.

com

Thales Luna Network HSM

Secure your sensitive data and critical applications by storing,

protecting and managing your cryptographic keys in Thales Luna
Network Hardware Security Modules (HSMs) - high-assurance,
tamper-resistant, network-attached appliances offering market-
leading performance.

Contact us to learn how you can integrate Luna Network HSMs

into a wide range of applications to accelerate cryptographic PKI
operations, secure the crypto key lifecycle, and provide a root of Signing & IOT
trust for your entire encryption infrastructure. Document Validation
Signing
Code Signing

What you need to know: Secure

Manufacturing Post-
Quantum
Superior Performance: Crypto
Agility

• Meet your high throughput requirements with over Database

Encryption
20,000 ECC and 10,000 RSA operations per second
5G
for high performance use cases
• Lower latency for improved efficiency Transaction Luna Network HSMs
Processing

SSL/TLS

BYOK/HYOK

Blockchain

Smart Card
Issuance HSMaaS
Private & public
eIDAS
cloud
environment
Highest Security & Compliance: Security Certifications
• Keys always remain in FIPS-validated, tamper-evident hardware • FIPS 140-2 Level 3 – Password and Multi-Factor (PED)
• Meet compliance needs for GDPR, eIDAS, HIPAA, PCI-DSS, • eIDAS CC EAL4+ (AVA_VAN.5 and ALC_FLR.2) against the
and more Protection Profile 419221-5*
• De facto standard for the cloud Host Interface
• Multiple roles for strong separation of duties
• 2 options: 4 Gigabit ethernet ports with Port Bonding, or
• Multi-person MofN with multi-factor authentication for
2 x 10G fiber network connectivity and 2 x 1G with Port Bonding
increased security
• IPv4 and IPv6
• Secure audit logging
• High-assurance delivery with secure transport mode Physical Characteristics
• High quality keys through external Quantum RNG seeding • Standard 1U 19in. rack mount appliance
• Securely backup and duplicate keys in hardware with Luna • Dimensions: 19” x 21” x 1.725”
Backup HSM or to the cloud with Data Protection on Demand (482.6mm x 533.4mm x 43.815mm)
for redundancy, reliability and disaster recovery • Weight: 28lb (12.7kg)
Reduce Costs & Save time: • Input Voltage: 100-240V, 50-60Hz
• Remotely manage HSMs - no need to travel • Power Consumption: 110W maximum, 84W typical
• Reduced audit and compliance costs and burdens • Heat Dissipation: 376BTU/hr maximum, 287BTU/hr typical
• Automate enterprise systems to manage HSMs via REST API • Temperature: operating 0°C – 35°C, storage -20°C – 60°C
• Efficiently administer resources by sharing HSMs amongst • Relative Humidity: 5% to 95% (38°C) non-condensing
multiple applications or tenants Safety & Environmental Compliance
• Flexible partition policies to meet your key management and • UL, CSA, CE
compliance needs
• FCC, CE, VCCI, C-TICK, KC Mark
• Increased portability, greater efficiency and less overhead using
• RoHS2, WEEE
SafeNet Luna Client in a container
• TAA
• Functionality Modules
• India BIS [IS 13252 (Part 1)/IEC 60950-1]
° Extend native HSM functionality
° Develop and deploy custom code within the secure confines Reliability
of the HSM • Dual hot-swap power supplies
• Field-serviceable components
Technical specifications • Mean Time Between Failure (MTBF) 171,308 hrs
Supported Operating Systems Management & Monitoring
• Windows, Linux, Solaris, AIX • HA disaster recovery
• Virtual: VMware, Hyper-V, Xen, KVM • Backup and restore hardware to hardware on-premises
API Support or in the cloud
• SNMP, Syslog
• PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
* under evaluation
• REST API for administration
Cryptography
• Full Suite B support
• Asymmetric: RSA, DSA, Diffie-Hellman, Elliptic Curve
Cryptography (ECDSA, ECDH, Ed25519, ECIES) with named,
user-defined and Brainpool curves, KCDSA, and more
• Symmetric: AES, AES-GCM, Triple DES, DES, ARIA, SEED,
RC2, RC4, RC5, CAST, and more
• Hash/Message Digest/HMAC: SHA-1, SHA-2, SHA-3, SM2,
SM3, SM4 and more
• Key Derivation: SP800-108 Counter Mode
• Key Wrapping: SP800-38F
• Random Number Generation: designed to comply with AIS
20/31 to DRG.4 using HW based true noise source alongside
NIST 800-90A compliant CTR-DRBG
• Digital Wallet Encryption: BIP32
• 5G Cryptographic Mechanisms for Subscriber Authentication:
Milenage, Tuak, and COMP128
Available models
Choose from two series of Luna Network HSMs, each one with 3 different models to fit your requirements.

Luna A Series: Password Authentication for easy management.

A700 A750 A790

2 MB Memory 16 MB Memory 32 MB Memory
Partitions: 5 Partitions: 5 Partitions: 10
Maximum Partitions: 5 Maximum Partitions: 20 Maximum Partitions: 100

Standard Performance: Enterprise Performance: Maximum Performance:

RSA-2048: 1,000 tps RSA-2048: 5,000 tps RSA-2048: 10,000 tps
ECC P256: 2,000 tps ECC P256: 10,000 tps ECC P256: 22,000 tps
AES-GCM: 2,000 tps AES-GCM: 10,000 tps AES-GCM: 17,000 tps

Luna S Series: Multi-factor (PED) Authentication for high assurance

use cases.
S700 S750 S790
2 MB Memory 16 MB Memory 32 MB Memory
Partitions: 5 Partitions: 5 Partitions: 10
Maximum Partitions: 5 Maximum Partitions: 20 Maximum Partitions: 100

Standard Performance: Enterprise Performance: Maximum Performance:

RSA-2048: 1,000 tps RSA-2048: 5,000 tps RSA-2048: 10,000 tps
ECC P256: 2,000 tps ECC P256: 10,000 tps ECC P256: 22,000 tps
AES-GCM: 2,000 tps AES-GCM: 10,000 tps AES-GCM: 17,000 tps
tsp = transactions per second

About Thales
The people you rely on to protect your privacy rely on Thales to
protect their data. When it comes to data security, organizations are
faced with an increasing number of decisive moments. Whether the
moment is building an encryption strategy, moving to the cloud, or
meeting compliance mandates, you can rely on Thales to secure
your digital transformation.

Decisive technology for decisive moments.

© Thales - August 2020• EH, v35

> cpl.thalesgroup.com <

Contact us – For all office locations and contact information, please visit cpl.thalesgroup.com/contact-us