Multi-Factor Authentication
Offering the broadest range of authentication methods and form factors, Thales allows customers to address numerous use cases, assurance levels, and threat vectors with unified, centrally managed policies—managed from one authentication back end delivered in the cloud or on premise.
Supported authentication methods include context-based authentication combined with step-up capabilities, OOB, one-time password (OTP) and X.509 certificate-based solutions. All authentication methods are available in numerous form factors, including smart card, USB token, software, mobile app, and hardware tokens.
Thales TCT offers both its own line of government-specific, high assurance authentication solutions and Thales CPL’s commercial-of-the-shelf SafeNet authentication solutions. Thales CPL authentication solutions are available for sale to the U.S. Federal Government exclusively through Thales TCT.
Solutions
-
Certificate-Based Smart Cards
Thales's range of certificate-based smart cards offer strong multi-factor authentication in a traditional credit card form factor and enable organizations to address their PKI security needs. Thales' smart cards offer a single solution for strong authentication and applications access control, including remote access, network access, password management, network logon, as well as corporate ID badges, magnetic stripes and proximity.
Thales's certificate-based smart cards meet the highest security standards, including FIPS 140-2 Common Criteria CC EAL5+ and eIDAS compliancy, and enable compliance with security regulations. Thales TCT’s Smart Card 650 (SC650) is certified for use in defense networks.
Thales TCT Smart Card 650
SC650 enables strong two-factor authentication and proof-positive user identification in all PKI environments and is certified for use in Defense Networks. It supports numerous algorithms, X.509 digital certificates and on-card certificate validation.
SafeNet IDPrime Smart Cards
SafeNet IDPrime smart cards are Minidriver-enabled PKI smartcards that work seamlessly with any Microsoft environment. PKI security enables strong authentication, password management, secure digital signatures, and data security solutions.
SafeNet IDPrime PIV
SafeNet IDPrime PIV is a standards-based smart card for Federal, state and local government, their contractors, private sector and non-federal organizations around the world that want to leverage the benefits of the PIV standard.
-
Certificate-Based USB Token
Thales’s portfolio of certificate-based USB tokens offers strong multi-factor authentication in a traditional USB form factor, enabling organizations to address their PKI security needs. Thales PKI USB tokens offer a single solution for strong authentication and applications access control, including remote access, network access, password management, network logon, as well as advanced applications including digital signature, data and email encryption.
Depending on their configuration, the certificate-based USB tokens can be FIPS and CC certified.
Thales TCT sKey 3250
sKey3250, a high assurance certificate-based USB authenticator ,contains a custom smart card ASIC, the SCC650, developed on-shore by Thales TCT. This SCC650 ASIC designed to the highest security principles, implements a security architecture found in other Thales TCT certified ASICs, and is fabricated at a trusted foundry.
SafeNet eToken 5110
SafeNet eToken 5110 provides PKI based two-factor authentication for secure remote and network access, as well as support for advanced security applications, including digital signature and pre-boot authentication.
SafeNet eToken 5300
SafeNet eToken 5300 is a compact, tamper-evident USB, which creates a third factor of authentication. This next generation eToken features presence detection functionality, is FIPS 140-2 certified and is available in Micro and Mini form factors. It holds CC EAL 6+ certification at the chip boundary.
-
Hardware OTP Tokens
Thales’s SafeNet OTP hardware tokens provide a strong and scalable foundation for securing access to enterprise, web-based and cloud applications, and complying with privacy and security regulations.
Thales’s SafeNet hardware tokens offer rich case-branding options, and are field-programmable by the customer, enabling organizations to maintain stringent control over their own critical OTP security data.
SafeNet OTP Display Card
SafeNet OTP Display Card is an OATH-compliant 2FA token designed in a convenient credit card form factor.
SafeNet OTP 110
SafeNet OTP 110 is a cost effective OATH-compliant OTP hardware token that features waterproof casing, and enables two-factor authentication in time-sync and event-based modes.
SafeNet eToken PASS
SafeNet eToken PASS is an OATH compliant OTP hardware token that offers secure two factor authentication, in time- sync and event-based modes.
SafeNet GOLD
Offering an additional layer of security beyond basic OTP, the SafeNet GOLD is activated with a personal identification number (PIN), which prompts the authenticator to provide an OTP. In challenge response mode, users activate GOLD with their PIN, and then must validate a numeric challenge on their GOLD authenticator.
-
Smartphone and Software Tokens
Offering the convenience of phone-as-a-token authentication, Thales offers PUSH OTP software authentication for tablets and mobile phones.
MobilePASS+ Push
MobilePASS+ Push is a next generation software token mobile app that supports both OTP and single-tap out-of-band push authentication for enhanced speed and user convenience.MobilePASS
MobilePASS family of one-time password (OTP) software authentication solutions combines the security of proven two-factor strong authentication with the convenience, simplicity, and ease of use of OTPs generated on personal mobile devices or PCs.
-
Tokenless Authentication Solutions
Thales’s tokenless technology enables any user to be authenticated anytime and anywhere. Thales’s context-based authentication offers convenient, frictionless strong authentication while maintaining the flexibility and agility to add protection with stronger methods of security in higher risk situations. Combined with “step-up” authentication, context-based authentication optimizes a layered approach to access security by assessing user login attributes and matching them against pre-defined security policies.
Pattern-based Authentication
Pattern-based, also called GrIDsure Authentication is a convenient pattern-based authentication solution that overcomes the weakness of passwords without the need for software to be installed or hardware to be provisioned.Pattern-based Authentication works by presenting the user with a matrix of cells during enrollment containing random characters, from which the user selects a Personal Identification Pattern (PIP). Every time the challenge grid appears, the characters in the cells are different, so the user is always entering a one-time passcode.
Context-Based Authentication
Context-based or contextual authentication is central to creating compliance based access policies and preventing security fatigue. Taking into account variables, such as your network, location and operating system, contextual data provides additional information on a login attempt, and fires the appropriate access policy.By assessing a user’s contextual login attributes, single sign on and access management solutions can continuously match the level of authentication required from the user with the access policy defined for each application.
-
Card Readers
Discover the benefits of SafeNet IDBridge family of contact and embedded smart card readers. IDBridge products are backed by more than 30 years of security and cryptography research and development and are reliable, versatile and compliant with relevant standards and certifications for each industry.
IDBridge K30
The IDBridge K30 is a compact, USB device that offers multi-application dynamic smart card functionality. It can be used with any USB connection for Identity and Access Management applications such as network authentication, digital signatures and other services based on Public Key Infrastructure (PKI).IDBridge K50
The IDBridge K50 is a compact, tamper-evident USB that offers multiapplication dynamic smart card functionality. It can be used with any USB connection for Identity and Access Management applications such as network authentication, digital signatures and other services based on Public Key Infrastructure (PKI).
IDBridge CT700
IDBridge CT700 is an ergonomically designed Class 2 readers (Secure PIN entry). Perfect for corporate, administrative, eCommerce and eBanking services that require an extra layer of security, the IDBridge CT700 integrates a tactile 16 key keypad, a 2x17 line display and a USB interface.
IDBridge CT30
The IDBridge CT30 is modular in concept, and several easy-to-use and easy-to-install accessories are available, including a stand for desktop use (vertical insertion) and floppy disk tray to convert the reader to an internal device to be installed in a PC Floppy Disk or CD-ROM bay. -
Resources
Collateral
Authentication Family Brief
Offering the broadest range of multi-factor authentication methods and form factors, Thales TCT facilitates and empowers enterprise-wide security initiatives for maintaining and improving secure access to enterprise resources.Videos
Introduction to Thales TCT Cyber EO-Ready Multi-Factor Authentication Solutions
Passwordless Authentication Solutions by Thales
What is PKI?
Push Authentication from your phone with MobilePass+
Thales IDPrime FIDO 2.0 Smartcard Demo
PODCAST: ZeroTrust from a network-centric concept to a key factor of Identity and Access Management