Thales TCT Product Updates

Thales Trusted Cyber Technologies (TCT), a trusted, U.S. based source for cyber security solutions, today announced that its Smart Card 650 v4.2 token (SC650) has received approval from the National Security Agency (NSA) for use in defense networks when using an approved applet (CoolKey version 1.5.558cdcff). The SC650 is a high assurance identification and authentication smart card that brings two-factor authentication to applications and networks where security is critical.

This is an update to the previous SC650 which has been the only certificate-based smart card to ever be designed at all levels from NSA requirements and officially awarded NSA Certification. It enables strong two-factor authentication and proof-positive user identification in all SECRET level environments. The SC650 securely stores users’ credentials, such as digitally-signed certificates, private keys, and network login credentials and seamlessly supports secure key generation, secure key storage, encryption/decryption, and digital signature processing. The SC650 is capable of performing all private and public key cryptographic functions directly on the smart card, thus eliminating potential threats resulting from private key exposure. The SC650 contains a custom smart card ASIC developed by Thales TCT and produced at a U.S. based foundry. The SC650 is manufactured and supported exclusively in the United States to mitigate potential supply chain security risks.

For more information on the SC650 visit thalestct.com/sc650.

Thales TCT is announcing the release of KeySecure for Government 8.16. Continuing our commitment to provide security improvements for the duration of our products’ lifespans, KeySecure 8.16 includes a number of maintenance items and documentation improvements. KeySecure 8.16 is available on all platforms: G460, G160 (Standard and High Assurance), G350v (VMware and AWS) as a field upgrade package – available through our Customer Support Portal. Review the Customer Release Notes for additional information on the improvements included in this release.

As previously announced, Thales TCT has begun the End-of-Life process for KeySecure. Existing KeySecure for Government customers have several options for migrating from KeySecure for Government to the CipherTrust Data Security Platform. For more information on migration options, please contact your Thales TCT account manager or info@thalestct.com.

The investigation of impact of this vulnerability in Thales TCT product portfolio is continuing and will be updated as results are available. We can confirm that products such as the Luna Network HSMs appliances and clients, CipherTrust Manager are not vulnerable. Cloud Security services such as STA Classic had mitigations deployed immediately and is not vulnerable to this CVE. More details are available through Thales TCT's support portal.

Learn More* 

*The link above requires access to Thales TCT's support portal.

Request access to the support portal. 

Thales Trusted Cyber Technologies (TCT) is pleased to announce the release of version 7.12 of the Luna Network HSM and PCIe HSM. This release encompasses multiple Luna HSM components:

• Luna T-series appliance software 7.12.0 
• Luna T7 Crypto Module firmware 7.12.0 
• Luna Client 7.12.0 
• Luna User Documentation Revision G 

Each of these components is available as a download from the Thales TCT Support Portal.

Release 7.12 includes the following new features:

• New cryptographic mechanisms (SHA-3 and AES key wrap). 
• TLS 1.3 support for NTLS and Remote PED connections 
• PED-initiated Remote PED 
• Additional T7 automatic activation options 
• T7 PCIe passthrough on ESXI Virtual Machines permitting multiple VMs to access the HSM. 
• Additional Operating System support for the Luna Client. 

Details regarding these new capabilities are available in the Luna User Documentation (Rev G) and the Customer Release Notes (Rev N).

June 30, 2021

The FIPS 140-2 certification of the Luna T7 Cryptographic Module and the corresponding release of the Luna T-Series HSMs allows Thales Trusted Cyber Technologies (TCT) to begin the process of retiring the Luna for Government products. Thales TCT is announcing the End-of-Sale (EOS) and End-of-Life (EOL) timeline for the following Thales TCT products:

• Luna SA for Government. The Luna SA 1700 and Luna SA 7000 model HSMs. These network HSM models include the legacy Luna K6 Cryptographic Module running Thales TCT firmware.
• Luna PCI-E for Government. The Luna PCI-E 1700 and 7000 models are the products consisting of the standalone Luna K6 Cryptographic Module running Thales TCT firmware.

End-of-Sale and End-of-Life Timeline
The following table describes the End-of-Sale (EOS) and End-of-Life (EOL) milestones, dates, and definitions for the Luna SA for Government and Luna PCI-E for Government products. The last day to order the affected products is December 31, 2021.

Migration Strategy
The Luna T-Series HSMs include the following features to allow easy migration from the legacy Luna for Government models to the new T-Series models:

• Compatible with applications integrated with Luna HSM for Government
• Multiple techniques to migrate high value keys to T-Series HSMs
• Allows for an incremental deployment model to roll out Luna T-Series

Professional Services offerings specifically designed to assist customers in migrating to Luna T-Series HSMs are available.

For more information on migration options or any other questions, please contact your Thales TCT account manager or info@thalestct.com.

About Luna T-Series HSMs
Thales TCT Luna T-Series HSMs are the choice for government agencies when storing, protecting and managing cryptographic keys used to secure sensitive data and critical applications. Meeting government mandates for U.S. Supply Chain, the high-assurance, tamper-resistant Luna T-Series HSMs are designed, developed, manufactured, sold, and supported in the United States.

Affected Products List
The Thales TCT part numbers affected by this announcement are included in the following table.