SafeNet PCIe HSM – Cryptographic Acceleration from an Embedded HSM

SafeNet PCIe HSM crypographic accelerator

SafeNet PCIe HSM – formerly Luna PCI-E – can be embedded directly in an appliance or application server for an easy-to-integrate and cost-efficient solution for cryptographic acceleration and security.  The high-security hardware design of SafeNet PCIe HSM ensures the integrity and protection of encryption keys throughout their life cycle.

All digital signing and verification operations are performed within the hardware security module (HSM) to increase performance and maintain security.

SafeNet PCIe HSM at a Glance:

Achieve FIPS 140-2 and Common Criteria Validation

Achieving FIPS and Common Criteria certification can be a lengthy process and cost hundreds of thousands of dollars for each product certified. As Gemalto's sole focus is security, we make third-party certifications a priority. Our team has years of experience in designing products that adhere to FIPS 140-2 and Common Criteria.

Leveraging SafeNet PCIe HSM in your appliance or service represents a cost effective way to bring FIPS 140-2 and Common Criteria validated solutions to market.

Overcome Resource Contstraints

As the need to provide security for resource constrained devices (smart phones, tablets, smart meters) grows, vendors must be able to provide solutions that leverage ECC algorithms. ECC algorithms offer high key strength, at a greatly reduced key length when compared to RSA keys.

SafeNet PCIe HSM offers hardware accelerated ECC algorithms that can be used in the development of solutions without the need to purchase additional licenses.

Operational Cost Savings

SafeNet PCIe HSM benefits from a robust and forward thinking feature set. These features – including remote management, secure transport, and remote backup – will greatly reduce the management and operational costs of a deployment that utilizes this HSM.


Partner Spotlight: Microsoft Forefront TMG

Microsoft logo

Microsoft Forefront Threat Management Gateway (TMG), the company's secure web gateway, integrates with SafeNet PCIe HSMs to secure SSL transactions by storing master SSL private key in Gemalto's FIPS 140-2 Level 3 tamper-proof hardware appliance.

The SafeNet PCIe HSM integration also significantly improves server performance by offloading resource intensive cryptographic operations to the purpose-built encryption appliance.

Available in Two Performance Models

SafeNet PCIe HSM is available in two performance models: SafeNet PCIe HSM 7000 and 1700.

  • SafeNet PCIe HSM 7000 is a high performance HSM capable of best in class performance across a breadth of algorithms including ECC, RSA, and symmetric transactions.
  • The 1700 variant, is capable of 1700 RSA 1024-bit transactions per second.



SafeNet PCIe HSM 1700 Model


SafeNet PCIe HSM 7000 Model








ECC P256









SafeNet PCIe HSM Cryptographic Accelerator Specifications



OS Support Windows, Linux, Solaris
  • Full Suite B support
  • Asymmetric: RSA (1024-8192), DSA (1024-3072), Diffie-Hellman, KCDSA, Elliptic Curve Cryptography (ECDSA, ECDH, ECIES) with named, user-defined and Brainpool curves
  • Symmetric: AES, RC2, RC4, RC5, CAST, DES, Triple DES, ARIA, SEED
  • Hash/Message Digest/HMAC: SHA-1, SHA-2 (224-512), SSL3-MD5-MAC, SSL3-SHA-1-MAC
  • Random Number Generation: FIPS 140-2 approved DRBG (SP 800-90 CTR mode)
Crytographic APIs PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
Dimensions Full Height, Half Length 4.16” x 6.6” (106.7mm x 167.65mm)
Power Consumption 12W maximum, 8W typical
Temperature Operating 0° to 50°C
Host Interface PCI-Express X4, PCI CEM 1.0a
  • FIPS 140-2 Level 2 and Level 3
  • Common Criteria EAL4+
  • BAC & EAC ePassport Support
  • UL, CSA, CE
  • FCC, KC Mark, VCCI, CE
  • RoHS, WEEE
Management M of N support for division of command
Logging Syslog
Monitoring SNMPv3

SafeNet PCIe HSM Features & Benefits

Hardware Security Modules Icon

Sample Applications:

  • PKI key generation & key
  • Storage (online CA keys & offline CA keys)
  • Card Issuance & Management
  • Code & Document Signing
  • Database & File Encryption
  • Email Encryption
  • Infrastructure Security
  • Identity & Rights Management
  • Key Management
  • Cryptographic Accelerator
  • Timestamping
  • SSL & TLS

Security at a Glance:

  • Keys in hardware
  • Remote Management
  • Secure transport mode for high-assurance delivery
  • Multi-level access control
  • Multi-part splits for all access control keys
  • Intrusion-resistant, tamper evident hardware
  • Secure Audit Logging
  • Strongest cryptographic algorithms
  • Suite B algorithm support
  • Secure decommission


  • Intrusion-resistant, tamper-evident hardware
  • Field Serviceable Components
  • Software upgradable
  • Multiple Roles for Administration
  • Strong Separation of Duties
  • Load Balancing and Scalability

Informationen anfordern


Vielen Dank für Ihr Interesse an unseren Lösungen. Bitte füllen Sie das Formular aus, um weitere Informationen zu erhalten oder um von einem SafeNet Mitarbeiter kontaktiert zu werden.


Ihre Angaben

* E-Mail-Adresse:  
* Vorname:  
* Nachname:  
* Unternehmen:  
* Telefon:  
* Land:  
* State (US Only):  
* Province (Canada/Australia Only):  
* Stadt:  
* Interessengebiet:

br />Mit dem Ausfüllen dieses Formulars willige ich ein, im Rahmen der beschriebenen Datenschutzbestimmungen Informationen von Gemalto und seinen Tochtergesellschaften zu erhalten.