Thales HSM Luna PCIe A700

Product detailed description

Key Features

• PCIe card for server installation
• Tamper resistant cryptographic key protection
• FIPS 140-2/140-3 Level 3
• Common Criteria EAL4+ compliant architecture
• PKCS#11, Microsoft CNG/CAPI and Java JCA/JCE support
• Password-based authentication
• Basic audit functions

Performance and specifications

• RSA-2048: up to 1,000 operations/s
• ECC P-256: up to 2,000 operations/s
• AES-GCM: up to 2,000 operations/s
• Key memory: 2 MB (newer firmware up to 4 MB)
• Form factor: PCIe card
• Designed for standard workloads and small to medium infrastructures

Typical uses

• PKI and certification authorities
• Digital signatures and qualified services
• Database protection
• TLS/SSL acceleration
• IoT infrastructure

Supported Algorithms & Cryptography

• Full Suite B support
• Asymmetric: RSA, DSA, Diffie-Hellman, ECC (ECDSA, ECDH, Ed25519, ECIES) with named, user-defined and Brainpool curves, KCDSA, and more
• Symmetric: AES, AES-GCM, Triple DES, DES, ARIA, SEED, RCS, RC4, RC5, CAST, and more
• Hash / Message Digest / HMAC: SHA-1, SHA-2, SHA-3, SM2, SM3, SM4, and more
• Key Derivation: SP800-108 Counter Mode
• Key Wrapping: SP800-38F
• Random Number Generation: NIST SP 800-90 A/B/C certified, AIS 20/31 compliant to DRG.4
• Digital Wallet Encryption: BIP32

Operating Systems & API (additional)

• Supported OS: Windows, Linux
• API: also OpenSSL (in addition to PKCS#11, Microsoft CAPI/CNG and Java JCA/JCE already listed)

Security Features

• Multiple roles for strong separation of duties
• Multi-person MofN with multi-factor authentication
• Secure audit logging
• High-assurance delivery with secure transport mode
• Functionality Modules – extend native HSM functionality and deploy custom code within the secure confines of the HSM
• Compliance with GDPR, eIDAS, HIPAA, PCI-DSS, and more

Certifications (additional)

• FIPS 140-2 / 140-3 Level 3 also available with Multi-Factor (PED) authentication
• Common Criteria EAL4+ specifics: AVA_VAN.5 and ALC_FLR.2, against Protection Profile EN 419221-5
• QSCD listing for eIDAS compliance
• Singapore NITES Common Criteria Scheme
• Brazil INMETRO Approved (formerly ITI)
• NATO Approved for Use up to Restricted

Physical Characteristics

• Low profile PCIe card
• Dimensions: 69.6 mm × 167 mm × 18.7 mm (2.74" × 6.57" × 0.74")
• Power consumption: 18 W maximum, 14 W typical
• Heat dissipation: 61.4 BTU/hr maximum, 47.8 BTU/hr typical
• Temperature: operating 0 °C – 50 °C, storage −20 °C – 60 °C
• Relative humidity: 5% to 95% (38 °C), non-condensing

Host Interface & Standards

• PCI-Express CEM 3.0, PCI, PCI Express Base 2.0
• UL, CSA, CE, FCC, VCCI, C-TICK, KC MARK
• RoHS2, WEEE, India BIS [IS 13252 (Part 1)/IEC 60950-1]

Reliability

• Backup/restore
• High Availability (HA)
• Mean Time Between Failure (MTBF): 997,508 hours

Positioning within the Luna PCIe HSM Range

• A700 – Standard Performance, Luna A Series (Password Authentication), up to 4 MB memory
• Higher models: A750 (Enterprise) and A790 (Maximum Performance)
• Luna S Series (S700/S750/S790) with multi-factor (PED) authentication for high-assurance use cases