SafeNet's Luna hardware security module achieves Common Criteria EAL4+ certification

(28/01/2010)

In the hardware security market, Common Criteria certification is a regulatory requirement in government, financial, and insurance institutions. The international Common Criteria standard was developed to unify and supersede national IT security certification schemes from several different countries, including the U.S., Canada, Germany, the U.K., France, and the Netherlands.

SafeNet, Inc. has announced that its Luna PCI for Luna SA 4.1 Hardware Security Module (HSM) has achieved Common Criteria EAL4+ certification.

The Common Criteria Evaluation laboratory tested SafeNet’s PCI for Luna SA 4.1 and determined that this product’s security features are sufficient to protect against known and theoretical attacks. Under Common Criteria, a product is evaluated to one of seven specific Evaluation Assurance Levels (EALs).

The evaluation tested a total of 70 features, 63 more than were tested in competitors’ HSMs; for example, Physical Protection, Authentication Tokens, HSM Firmware, Logical Protections, Host API, Tamper Response, and Flaw Reporting Procedures.

“SafeNet designed the Luna SA 4.1 to unprecedented security standards and submitted it to an evaluation that was ten times more stringent than other HSM vendors on the market. The Luna SA had more features analysed in this certification,” said Tsion Gonen, corporate vice president, SafeNet. “Other Common Criteria-certified HSMs cannot compare to SafeNet’s Luna SA 4.1. SafeNet achieved a higher certification, which provides assurance to our customers that they are utilising the best HSM in the market.”

Testing was performed by the Netherlands Scheme for Certification in the Area of IT Security, Brightsight BV, an ISO 17l21-accredited lT Security Evaluation Facility, licensed by BSI and NSCIB to perform Common Criteria evaluations.

SafeNet Luna PCI for SA 4.1 HSM was evaluated at EAL4+, the highest level permitted by international mutual recognition arrangements, and was augmented in Flaw Remediation and in Vulnerability Analysis to meet the requirement of protection against highly motivated and skilled attackers.

SafeNet Luna SA 4.1 HSM is a flexible, network-attached hardware security module containing a FIPS 140-2 Level 2- and Level 3-certified cryptographic module. The HSM features powerful cryptographic processing and industry-leading hardware key management to ensure the security and performance of applications. SafeNet’s Luna cryptographic platform solves the problem of cryptographic performance, storage, and scalability. The Luna SA HSM is part of SafeNet’s complete Data Protection Solution Suite that protects identities, transactions, data and communications and provides database and application data encryption, disk and file encryption, centralised key management, network and WAN encryption, and two-factor authentication.

About SafeNet and Aladdin Knowledge Systems
In 2007, SafeNet was acquired by Vector Capital, a $2 billion private equity firm specialising in the technology sector. Vector Capital acquired Aladdin in March of 2009, and placed it under common management with SafeNet. Together, these leading global companies are the third largest information security company in the world, which brings to market integrated solutions required to solve customers’ increasing security challenges. SafeNet’s encryption technology solutions protect communications, intellectual property, and digital identities for enterprises and government organisations. Aladdin’s software protection, licensing, and authentication solutions protect companies’ information assets and employees from piracy and fraud. Together, SafeNet and Aladdin have more than 50 years of security expertise in more than 100 countries around the world. Aladdin is expected to be fully integrated into SafeNet in the future.

Related topics:  Computer and PC Security 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources