New Luna HSM

(Compiled and produced by Steve Monti

Upgrading Luna HSMs with Functionality Modules (FMs)

Luna HSMs – SafeCipher approach the Quantum Algorithm upgrade challenge using Functionality Modules (FMs)

If your considering upgrading your Luna HSM hardware to the latest Luna firmware version or buying new HSM hardware, be sure you have a future-proof plan to substitute Classical Algorithms with Quantum Algorithms when the Quantum Breakthrough happens.

If you haven’t considered this crucial cryptographic agility requirement, you could have major problems if you have built your PKI with long validity periods using RSA & ECDSA keys for your Root and Subordinate CAs. SafeCipher deals with this problem using Thales Luna Functionality Modules (FMs).

Functionality Modules (FMs) are custom-developed code that can be loaded into and run within the Luna Hardware Security Module (HSM) as part of the HSM’s firmware. FMs are used to customize the functionality of the Luna HSM to meet the specific requirements of an organization. FMs can be created by SafeCipher to add to customers own custom code within the Luna HSM.

FMs are integrated into the logical and physical security of the Luna HSM, ensuring that they operate securely within the HSM environment. FMs allow SafeCipher, or the customers developers, to tailor the functionality of the Luna HSM, according to their specific needs. FMs allow you to introduce new cryptographic algorithms, including those designed for Quantum Computing.

FMs also allow you to implement security-sensitive code that is isolated from the rest of the HSM environment, enhancing security. FMs allow you to manage keys and critical parameters independently from standard PKCS#11 objects, with these being stored in tamper-protected persistent storage.To create Functionality Modules, organizations need to use the Functionality Module Software Development Kit (FM SDK), which is provided along with the Luna HSM Client software.

For more detailed information and instructions on creating Functionality Modules contact SafeCipher directly.