Control Access to Sensitive Data and Protect User Identities.
Certificate-based, multi-factor authentication is a widespread security technique used by the U.S. Federal Government to ensure the identities of entities within a Public Key Infrastructure (PKI). Two primary components of multi-factor authentication are “what you have” and “what you know.” The “what you have” in a PKI consists of a securely stored private key and an associated digital certificate that are the unique user credentials identifying the entity. The “what you know” is a password to unlock access to the securely-stored credentials.
When the entity in need of a certified identity is a person, secure storage and distribution of the user credentials is often easily facilitated by utilizing existing technology, such as a secure smart card or USB token. But what if the entity in need of credentials is a non-person entity (NPE), like a device, software robot or some other automation technology? These entities still must have hardware-secured credentials to meet security mandates. Or what if the entity is indeed a person, but token use is not desirable or not an option?
Thales TCT offers authentication solutions that address the evolution of identities. From traditional high assurance authentication tokens to first-of-a-kind hardware security module-secured identity credentials, Thales TCT offers the most secure, certificate-based authentication platforms available to the U.S. Federal Government.
Network-attached HSM that protects encryption keys used by applications in on-premise, virtual, and cloud environments.
Certificate-based smart card that enables strong two-factor authentication and proof-positive user identification in all PKI environments.
Certificate-based USB authenticator that provides multi-factor access to sensitive networks and workstations through a single device.