Thales Luna PCIe HSM

Cryptographic Acceleration from an Embedded HSM

Thales Luna PCIe Hardware Security Modules (HSMs) can be embedded directly in an appliance or application server for an easy-to-integrate and cost-efficient solution for cryptographic acceleration and security. The high-security hardware design of Thales Luna PCIe HSM ensures the integrity and protection of encryption keys throughout their life cycle.

All digital signing and verification operations are performed within the HSM to increase performance and maintain security.

Thales Luna PCIe HSM at a Glance:

Meet Your Compliance Needs

Meet your compliance needs by leveraging our certified Thales Luna PCIe HSMs. As Thales’s sole focus is security, we make third-party certifications a priority.

Overcome Resource Constraints

As the need to provide security for resource constrained devices (smart phones, tablets, smart meters) grows, vendors must be able to provide solutions that leverage ECC algorithms. ECC algorithms offer high key strength, at a greatly reduced key length when compared to RSA keys.

Thales Luna PCIe HSM includes a wide range of hardware accelerated ECC algorithms, including custom curves, that can be used in the development of solutions.

Operational Cost Savings

Thales Luna PCIe HSM benefits from a robust and forward thinking feature set. These features – including remote management, secure transport, and remote backup – will greatly reduce the management and operational costs of a deployment that utilizes this HSM.

Partner Spotlight: Microsoft Forefront TMG

Microsoft Forefront Threat Management Gateway (TMG), the company’s secure web gateway, integrates with SafeNet Luna PCIe HSMs to secure SSL transactions by storing master SSL private key in Thales’s FIPS 140-2 Level 3 tamper-proof hardware appliance.

The Thales Luna PCIe HSM integration also significantly improves server performance by offloading resource intensive cryptographic operations to the purpose-built encryption appliance.

Sample Applications

  • PKI key generation & key
  • Storage (online CA keys & offline CA keys)
  • Card Issuance & Management
  • Code & Document Signing
  • Database & File Encryption
  • Email Encryption
  • Infrastructure Security
  • Identity & Rights Management
  • Key Management
  • Timestamping
  • SSL & TLS

Security at a Glance

  • Keys in hardware
  • Remote Management
  • Secure transport mode for high-assurance delivery
  • Multi-level access control
  • Multi-part splits for all access control keys
  • Intrusion-resistant, tamper evident hardware
  • Secure Audit Logging
  • Strongest cryptographic algorithms
  • Suite B algorithm support
  • Secure decommission


  • Intrusion-resistant, tamper-evident hardware
  • Field Serviceable Components
  • Software upgradable
  • Multiple Roles for Administration
  • Strong Separation of Duties
  • Load Balancing and Scalability

Additional Information

Operating System Support
OS SupportWindows, Linux, Solaris
Cryptographic Support
CryptographyFull Suite B support
Asymmetric: RSA (1024-8192), DSA (1024-3072), Diffie-Hellman, KCDSA, Elliptic Curve Cryptography (ECDSA, ECDH, ECIES) with named, user-defined and Brainpool curves
Symmetric: AES, RC2, RC4, RC5, CAST, DES, Triple DES, ARIA, SEED
Hash/Message Digest/HMAC: SHA-1, SHA-2 (224-512), SSL3-MD5-MAC, SSL3-SHA-1-MAC
Random Number Generation: FIPS 140-2 approved DRBG (SP 800-90 CTR mode)
Crytographic APIsPKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
Physical Characteristics
DimensionsFull Height, Half Length 4.16" x 6.6" (106.7mm x 167.65mm)
Power Consumption12W maximum, 8W typical
TemperatureOperating 0°C to 50°C
Host InterfacePCI-Express X4, PCI CEM 1.0a
Security Certifications
CertificationsFIPS 140-2 Level 2 and Level 3
Common Criteria EAL4+
BAC & EAC ePassport Support
Safety and Environmental Compliance
ComplianceUL, CSA, CE
Management, Logging, and Monitoring
ManagementM of N support for division of command


Related Products