thalescpl.

com

SafeNet Luna Network HSM

Secure your sensitive data and critical applications by storing,

protecting and managing your cryptographic keys in SafeNet Luna
Network Hardware Security Modules (HSMs) - high-assurance,
tamper-resistant, network-attached appliances offering market-
leading performance.

Contact us to learn how you can integrate SafeNet Luna

Network HSMs into a wide range of applications to accelerate
cryptographic operations, secure the crypto key lifecycle, and PKI
Certificate
provide a root of trust for your entire encryption infrastructure. Document Signing &
Signing Validation
IOT

What you need to know: Secure

Manufacturing

Superior Performance: Code Signing

• Meet your high throughput requirements with over 20,000 ECC Database
and 10,000 RSA operations 20,000 ECC and 10,000 RSA Encryption
operations per second for high performance use cases Post-
Quantum
• Lower latency for improved efficiency SafeNet Luna Network HSMs
Crypto
Agility
Transaction
Processing

SSL/TLS

Smart Card
Issuance
Blockchain
HSMaaS
Private & public
cloud eIDAS
environment
Highest Security & Compliance: Security Certifications
• Keys always remain in FIPS-validated, tamper-evident hardware • FIPS 140-2 Level 3 – Password and Multi-Factor (PED)
• Meet compliance needs for GDPR, eIDAS, HIPAA, PCI-DSS, • eIDAS CC EAL4+ (AVA_VAN.5 and ALC_FLR.2) against the
and more Protection Profile 419221-5 *
• De facto standard for the cloud Host Interface
• Multiple roles for strong separation of duties
• 4 Gigabit Ethernet ports with Port Bonding
• Multi-person MofN with multi-factor authentication for
increased security • IPv4 and IPv6
• Secure audit logging Physical Characteristics
• High-assurance delivery with secure transport mode • Standard 1U 19in. rack mount appliance
• High quality keys through external Quantum RNG seeding • Dimensions: 19” x 21” x 1.725”
Reduce Costs & Save time: (482.6mm x 533.4mm x 43.815mm)
• Weight: 28lb (12.7kg)
• Remotely manage HSMs - no need to travel
• Input Voltage: 100-240V, 50-60Hz
• Reduced audit and compliance costs and burdens
• Power Consumption: 110W maximum, 84W typical
• Automate enterprise systems to manage HSMs via REST API
• Heat Dissipation: 376BTU/hr maximum, 287BTU/hr typical
• Efficiently administer resources by sharing HSMs amongst
multiple applications or tenants • Temperature: operating 0°C – 35°C, storage -20°C – 60°C
• Flexible partition policies to meet your key management and • Relative Humidity: 5% to 95% (38°C) non-condensing
compliance needs Safety & Environmental Compliance
• Increased portability, greater efficiency and less overhead using • UL, CSA, CE
SafeNet Luna Client in a container
• FCC, CE, VCCI, C-TICK, KC Mark
• Functionality Modules
• RoHS2, WEEE
°° Extend native HSM functionality
• TAA
°° Develop and deploy custom code within the secure confines
of the HSM Reliability
• Dual hot-swap power supplies
Technical Specifications • Field-serviceable components
Supported Operating Systems • Mean Time Between Failure (MTBF) 171,308 hrs
• Windows, Linux, Solaris, AIX Management & Monitoring
• Virtual: VMware, Hyper-V, Xen, KVM • HA disaster recovery
API Support • Backup and restore
• SNMP, Syslog
• PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG,
* under evaluation
OpenSSL
• REST API for administration
Cryptography
• Full Suite B support
• Asymmetric: RSA, DSA, Diffie-Hellman, Elliptic Curve
Cryptography (ECDSA, ECDH, Ed25519, ECIES) with named,
user-defined and Brainpool curves, KCDSA, and more
• Symmetric: AES, AES-GCM, Triple DES, DES, ARIA, SEED, RC2,
RC4, RC5, CAST, and more
• Hash/Message Digest/HMAC: SHA-1, SHA-2, SM3, and
more
• Key Derivation: SP800-108 Counter Mode
• Key Wrapping: SP800-38F
• Random Number Generation: designed to comply with AIS
20/31 to DRG.4 using HW based true noise source alongside
NIST 800-90A compliant CTR-DRBG
• Digital Wallet Encryption: BIP32
Available Models
Choose from two series of SafeNet Luna Network HSMs, each
one with 3 different models to fit your requirements.

Luna A Series: Password Authentication for easy management.

A700 A750 A790

2 MB Memory 16 MB Memory 32 MB Memory
Partitions: 5 Partitions: 5 Partitions: 10
Maximum Partitions: 5 Maximum Partitions: 20 Maximum Partitions: 100

Standard Performance: Enterprise Performance: Maximum Performance:

RSA-2048: 1,000 tps RSA-2048: 5,000 tps RSA-2048: 10,000 tps
ECC P256: 2,000 tps ECC P256: 10,000 tps ECC P256: 22,000 tps
AES-GCM: 2,000 tps AES-GCM: 10,000 tps AES-GCM: 17,000 tps

Luna S Series: Multi-factor (PED) Authentication for high assurance

use cases.
S700 S750 S790
2 MB Memory 16 MB Memory 32 MB Memory
Partitions: 5 Partitions: 5 Partitions: 10
Maximum Partitions: 5 Maximum Partitions: 20 Maximum Partitions: 100

Standard Performance: Enterprise Performance: Maximum Performance:

RSA-2048: 1,000 tps RSA-2048: 5,000 tps RSA-2048: 10,000 tps
ECC P256: 2,000 tps ECC P256: 10,000 tps ECC P256: 22,000 tps
AES-GCM: 2,000 tps AES-GCM: 10,000 tps AES-GCM: 17,000 tps

tsp = transactions per second

About Thales
The people you rely on to protect your privacy rely on Thales to
protect their data. When it comes to data security, organizations are
faced with an increasing number of decisive moments. Whether the
moment is building an encryption strategy, moving to the cloud, or
meeting compliance mandates, you can rely on Thales to secure
your digital transformation.

Decisive technology for decisive moments. © Thales - June 2019• ELC, v27

> thalescpl.com <

Americas – Thales eSecurity Inc. 2860 Junction Ave, San Jose, CA 95134 USA • Tel:+1 888 744 4976 or +1 954 888 6200 • Fax:+1 954 888 6211 • E-mail: [email protected]
Asia Pacific – Thales Transport & Security (HK) Lt, Unit 4101-3, 41/F, Sunlight Tower, 248 Queen’s Road East, Wanchai, Hong Kong • Tel:+852 2815 8633 • Fax:+852 2815 8141 • E-mail: [email protected]
Europe, Middle East, Africa – Meadow View House, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ • Tel:+44 (0)1844 201800 • Fax:+44 (0)1844 208550 • E-mail: [email protected]