Skip Navigation

Offering the broadest range of authentication methods and form factors, Thales allows customers to address numerous use cases, assurance levels, and threat vectors with unified, centrally managed policies—managed from one authentication back end delivered in the cloud or on premise.

Supported authentication methods include context-based authentication combined with step-up capabilities, OOB, one-time password (OTP) and X.509 certificate-based solutions. All authentication methods are available in numerous form factors, including smart card, USB token, software, mobile app, and hardware tokens.

Thales TCT offers both its own line of government-specific, high assurance authentication solutions and Thales CPL’s commercial-of-the-shelf SafeNet authentication solutions. Thales CPL authentication solutions are available for sale to the U.S. Federal Government exclusively through Thales TCT. 


  • Hardware OTP Tokens

    Thales’s SafeNet OTP hardware tokens provide a strong and scalable foundation for securing access to enterprise, web-based and cloud applications, and complying with privacy and security regulations.

    Thales’s SafeNet hardware tokens offer rich case-branding options, and are field-programmable by the customer, enabling organizations to maintain stringent control over their own critical OTP security data.

    SafeNet OTP Display Card 

    SafeNet OTP Display Card is an OATH-compliant 2FA token designed in a convenient credit card form factor.

    Learn More

    SafeNet OTP 110

    SafeNet OTP 110 is a cost effective OATH-compliant OTP hardware token that features waterproof casing, and enables two-factor authentication in time-sync and event-based modes.

    Learn More

    SafeNet eToken PASS

    SafeNet eToken PASS is an OATH compliant OTP hardware token that offers secure two factor authentication, in time- sync and event-based modes.

    Learn More

    SafeNet GOLD

    Offering an additional layer of security beyond basic OTP, the SafeNet GOLD is activated with a personal identification number (PIN), which prompts the authenticator to provide an OTP. In challenge response mode, users activate GOLD with their PIN, and then must validate a numeric challenge on their GOLD authenticator.

    Learn More

  • Certificate-Based Smart Cards

    As convenient as another credit card in your wallet, Thales’s SafeNet credit card-size form factors enable enhanced security with PKI Certificate-Based-Authentication (CBA) and enable preboot authentication, disk encryption, file encryption, digital signatures, and secure certificate and key storage.

    Many of Thales’ smart card authenticators can easily double as physical access cards to secure buildings and sites, in addition to offering rich branding options and support for photo-badging. Depending on the configuration, Thales’s certificate-based authenticators are FIPS or CC certified. Thales TCT’s Smart Card 650 (SC650) is certified for use in defense networks by the National Security Agency. The dual interface versions of SafeNet IDPrime Smart Cards comply with the ISO 14443 standard which is also compatible with some NFC readers present in smartphones and tablets. SafeNet IDPrime Smart Cards are supported by SafeNet Authentication Client Middleware or SafeNet Minidriver.

    Thales TCT Smart Card 650

    SC650 enables strong two-factor authentication and proof-positive user identification in all PKI environments and is certified for use in Defense Networks. It supports numerous algorithms, X.509 digital certificates and on-card certificate validation.

    Learn More

    SafeNet IDPrime 3940

    SafeNet IDPrime 3940 is a dual-interface smart card, allowing communication either via a contact interface or via a contactless ISO14443 interface; also compatible with some NFC readers. The smart card is CC EAL5+ / PP Java Card certified for the Java platform and CC EAL5+ / PP QSCD certified for the combination of Java platform and PKI applet. It is also compliant with eIDAS regulations and qualified by the French ANSSI.

    Learn More

    SafeNet IDPrime 940

    SafeNet IDPrime 940 is a Plug and Play contact interface smart card and is compliant with eIDAS regulations. IDPrime 940 is CC EAL5+ / PP Java Card certified for the Java platform and CC EAL5+ / PP QSCD certified for the combination of Java platform and PKI applet. It is also compliant with eIDAS regulations and qualified by the French ANSSI.

    Learn More

    IDPrime MD 3810

    IDPrime MD 3810 is a dual-interface smart card, allowing communication either via a contact interface or via a contactless ISO14443 interface; also compatible with some NFC readers. 

    Learn More

    IDPrime MD 830

    IDPrime MD 830 is a Plug and Play contact interface smart card and is available in two versions with different security certifications. One is FIPS 140-2 Level 3, and the other is FIPS 140-2 Level 2 certified, for both the Java platform and the combination of Java platform plus PKI applet.

    Learn More

    SafeNet IDPrime PIV

    SafeNet IDPrime PIV (Personal Identity Verification) card is a FIPS 201 standards-based card for U.S. government agencies, state and local government organizations to issue user credentials that the Federal Government can trust. The same card can be used for either a CIV or PIV-I based deployment depending on company policies and requirements. Available from PIV 3.0, this Smart Card provides premium privacy protection (compliant with the OPACITY protocol). Customers can benefit from enhanced performance and built-in biometric capabilities (Match-on-Card), preparing them for enhanced user authentication.

    Learn More

  • Certificate-Based USB Token

    Thales’s portfolio of certificate-based USB tokens offers strong multi-factor authentication in a traditional USB form factor, enabling organizations to address their PKI security needs. Thales PKI USB tokens offer a single solution for strong authentication and applications access control, including remote access, network access, password management, network logon, as well as advanced applications including digital signature, data and email encryption. 

    Depending on their configuration, the certificate-based USB tokens can be FIPS and CC certified.

    Thales TCT sKey 3250

    sKey3250, a high assurance certificate-based USB authenticator ,contains a custom smart card ASIC, the SCC650, developed on-shore by Thales TCT. This SCC650 ASIC designed to the highest security principles, implements a security architecture found in other Thales TCT certified ASICs, and is fabricated at a trusted foundry.

    Learn More

    SafeNet eToken 5110

    SafeNet eToken 5110 provides PKI based two-factor authentication for secure remote and network access, as well as support for advanced security applications, including digital signature and pre-boot authentication.

    Learn More

    SafeNet eToken 5300

    SafeNet eToken 5300 is a compact, tamper-evident USB, which creates a third factor of authentication. This next generation eToken features presence detection functionality, is FIPS 140-2 certified and is available in Micro and Mini form factors. It holds CC EAL 6+ certification at the chip boundary.

    Learn More

  • Smartphone and Software Tokens

    Offering the convenience of phone-as-a-token authentication, Thales offers PUSH OTP software authentication for tablets and mobile phones.

    SMS Out-of-Band Authentication

    Delivered by SMS text messages, out-of-band authentication reduces the administrative overhead of a strong authentication solution by removing the need to install software or distribute hardware. Delivery is also available via email.

    Learn More

    SafeNet MobilePASS+ Out of Band Push Authentication
    Offering frictionless strong authentication to hundreds of applications, including SaaS and VPNs, push authentication on mobile devices lets users authenticate with a single tap of a finger print or face ID on their mobile device.

    SafeNet MobilePASS+ is a next generation software token that lets users generate OTPs on their mobile devices, while also offering convenient out-of-band, single-tap push authentication. 

    SafeNet MobilePASS+ offers enhanced user experience, with optional QR code enrollment and optional biometric PIN: Face ID & Touch ID on iOS, fingerprint on Android and Windows Hello on Windows devices.

    Learn More

  • Tokenless Authentication Solutions

    Thales’s tokenless technology enables any user to be authenticated anytime and anywhere. Thales’s context-based authentication offers convenient, frictionless strong authentication while maintaining the flexibility and agility to add protection with stronger methods of security in higher risk situations. Combined with “step-up” authentication, context-based authentication optimizes a layered approach to access security by assessing user login attributes and matching them against pre-defined security policies.

    Pattern-based Authentication

    Pattern-based, also called GrIDsure Authentication is a convenient pattern-based authentication solution that overcomes the weakness of passwords without the need for software to be installed or hardware to be provisioned.

    Pattern-based Authentication works by presenting the user with a matrix of cells during enrollment containing random characters, from which the user selects a Personal Identification Pattern (PIP). Every time the challenge grid appears, the characters in the cells are different, so the user is always entering a one-time passcode.

    Learn More

    Context-Based Authentication

    Context-based or contextual authentication is central to creating compliance based access policies and preventing security fatigue. Taking into account variables, such as your network, location and operating system, contextual data provides additional information on a login attempt, and fires the appropriate access policy.

    By assessing a user’s contextual login attributes, single sign on and access management solutions can continuously match the level of authentication required from the user with the access policy defined for each application.

    Learn More

  • Card Readers

    Interface devices, or readers, are an essential component of any smart card deployment and ensure communication between smart cards and network services, but they must do so in a convenient yet secure manner. Thales’s full range of smart card readers provide the perfect balance of ease of use, backed by the highest level of security.

    IDBridge CT30

    IDBridge CT30 is a USB contact reader, with a compact and transparent casing, and an optional stand accessory.

    Learn More

    IDBridge CT31

    IDBridge CT31 is a PIV and TAA-certified USB contact reader, with a compact and transparent casing, and an optional stand accessory.

    IDBridge CT40

    IDBridge CT40 is a USB contact reader, with a compact and slim-line casing.

    IDBridge CT700

    The IDBridge CT700 is a desktop pinpad for secure pin entry.

    Learn More

  • Resources


    Authentication Family Brief
    Offering the broadest range of multi-factor authentication methods and form factors, Thales TCT facilitates and empowers enterprise-wide security initiatives for maintaining and improving secure access to enterprise resources.

    Download Now


    Passwordless Authentication Solutions by Thales


    What is PKI?


    Push Authentication from your phone with MobilePass+


    Thales IDPrime FIDO 2.0 Smartcard Demo


    PODCAST: ZeroTrust from a network-centric concept to a key factor of Identity and Access Management


This site uses cookies to store information on your computer. Some are essential to make our site work properly; others help us improve the user experience.

By using the site, you consent to the placement of these cookies. For more information, read our cookie policy and our privacy policy.