Thales TCT Product Updates

SafeNet AT is pleased to announce the release of Luna Credential System (LCS). This first-of-its-kind, patent-pending solution introduces a new approach to multi-factor authentication by maintaining user credentials in a centralized hardware device that is securely accessible by endpoints in a distributed network. It unites the familiarity of certificate-based authentication with the security of a FIPS 140-2 certified hardware security module (HSM).

LCS Addresses PKI Authentication Challenges

Certificate-based, multi-factor authentication is a mainstay security technique used by the U.S. Federal Government to ensure the identities of entities within a Public Key Infrastructure (PKI). For people, secure storage and distribution of user credentials is easily facilitated by utilizing a smart card or USB token. But, what about non-person entities (NPEs) like a device, software robot or some other automation technology? NPEs must have hardware-secured credentials to meet security mandates. Or what if the entity is indeed a person, but token use is not desirable or not an option?

HSM-Secured Identity Credentials

LCS is a multi-purpose, secure credential system ideally suited for an environment in which the endpoints cannot use a traditional small form-factor token. Composed of the Luna Credential HSM and the Luna Credential Client, LCS supports a number of use cases including Windows Logon and authentication to PK-enabled applications and websites.

Luna Credential System Use Cases

Robotic Process Automation (RPA)

• Manages the digital identities of RPA bots throughout their lifecycle
• Replaces traditional multi-factor auth with an ultra-secure HSM-based authentication system eliminating the need for a smart card
• Maintains PKI credentials and certificates in a secure, centralized location.
• Cryptographic operations take place within a high assurance HSM instead of on a smart card
• Integrates with UiPath and Blue Prism RPA Solutions

Credential Data Protection

• Stores identity credentials within the confines of a centralized HSM thus mitigating the risk of accidental loss or intentional compromise of a physical token

Mobile Workforce with Use of Multiple Devices

• Provides the best of both solutions by offering secure, hardware-based multi-factor PKI authentication with software-like flexibility, scalability, and ease of use
• Ideally suited for virtualized environments in which virtual machines can’t use a smartcard but require hardware secured credentials.

SafeNet AT is pleased to announce the release of KeySecure for Government 8.14. Continuing our commitment to provide innovative products that meet our customers’ security needs, KeySecure 8.14 contains a number of customer requested enhancements, product maintenance items, and documentation improvements. KeySecure 8.14 is available on all platforms: G460, G160 (Standard and High Assurance), G350v (VMware and AWS) as both an orderable product and a field upgrade package.

Review the Customer Release Notes for additional information on the release including the following new features and enhancements:

• Advanced logging features
• Scheduling of multiple independent backups
• Display of admin and user status
• Enhanced ProtectFile management
• Improved clustering performance

To learn more about KeySecure for Government, visit www.safenetat.com/keysecure.

SafeNet AT is pleased to announce the release of Luna T-Series HSM 7.10. Version 7.10 includes the Luna Network HSM T-2000 and T-5000 models along with the Luna Client. The Luna T-Series HSM is the choice for government agencies when storing, protecting and managing cryptographic keys used to secure sensitive data and critical applications. Meeting government mandates for U.S. Supply Chain, the high assurance, tamper-resistant Luna T-Series HSM is designed, developed, manufactured, sold, and supported in the United States exclusively by SafeNet AT.

Luna T-Series HSMs were designed from the ground up as a drop-in replacement for the widely deployed Luna SA for Government HSMs. Luna T-Series HSMs offer secure storage of cryptographic information in a controlled and highly secure environment. All Luna T-Series models can be initialized by the customer to protect proprietary information by using either multifactor (PED) authentication or password authentication.

Industry Leading Performance

The T-Series of Luna Network HSM offers industry leading cryptographic performance and delivers up to 10 times the performance compared to the legacy Luna SA for Government while still providing the critical security features that government customers have relied on for decades.

Luna T-Series models are available at different performance levels:

Luna T-Series HSM Benefits

• Industry leading cryptographic performance: performance optimized for government mandated algorithms and key lengths
• Easy transition for deployed solutions: fully backwards compatible and zero changes required to applications integrated with Luna SA for Government
• Crypto agile: architecture supports in-field introduction of new crypto algorithms
• Broad integration ecosystem: large number of integrations with industry-leading technology vendors
• Security first company: HSM products are U.S designed, developed and manufactured

As cloud service providers such as Microsoft roll out new services at a staggering rate, customers must take advantage of these capabilities while still fulfilling their obligation to “own the data” by securing the data with encryption and cloud independent key management. Now, customers can leverage the encryption capabilities built into the Microsoft cloud while using SafeNet AT KeySecure for Government to manage and maintain ownership of their encryption keys.

Using the ProtectApp APIs supported by KeySecure for Government and Azure Key Vault, SafeNet AT has developed a reference tool called SafeNet AT ManageAKV that implements the integration between KeySecure for Government and Azure Key Vault. The ManageAKV tool securely authenticates to KeySecure for Government (using the ProtectApp Java/JCE SDK) and Azure (using the Azure APIs) and is used as the secure conduit to issue commands to KeySecure for Government and Azure Key Vault related to the management of customer managed keys.

The ManageAKV tool is provided as part of ProtectApp JCE. For more information, download the Azure Key Vault and KeySecure for Government Solution Brief. 

The ProtectV release 4.7.3 is a minor release that specifically addresses two high severity issues found in release 4.7.0. Refer to the ProtectV 4.7.3 Customer Release Notes for details. Details on release 4.7.0 are included below.

ProtectV 4.7.0 Release Summary (Released released 30 January 2019)

SafeNet ProtectV 4.7.0 release also supports ProtectV clients for Ubuntu 18.04 LTS and RHEL 7.6, and enable either automatic or manual control of disk encryption in Windows servers.

Feature Details:

• Password Expiration Policy – SafeNet ProtectV 4.7.0 incorporates a password expiration policy for SafeNet ProtectV users. Passwords of the users (including the SafeNet ProtectV administrators) now have an expiration period of 90 days.
• Password Complexity Validation – Complexity of the passwords of SafeNet ProtectV users and the SafeNet ProtectV Manager Database (SPVMDB) is now validated. The new passwords must be at least ten characters, contain at least one upper case letter, one lower case letter, one digit, and one special character.
• Enhanced Account Lockout – The account lockout feature has been enhanced. A user’s account will be locked for 10 minutes after three failed login attempts instead of five. The remaining time until the account is locked will be displayed on the login screen.
• Windows Auto Protection – A new option, Windows Auto Protection, is provided on the ProtectV Manager Console. This can be used to configure automatic encryption behavior of Windows client instances on registration. By default, encryption of a Windows client instance starts as soon as it is registered with SafeNet ProtectV Manager.
• Support for Oracle Cloud Infrastructure – SafeNet ProtectV 4.7.0 extends support for ProtectV Manager on Oracle Cloud Infrastructure. You can launch your ProtectV Manager virtual machine on Oracle Cloud Infrastructure.
• Improved User Name Conventions – SafeNet ProtectV now validates values entered in the Username and Display Name fields on the ProtectV Manager Console. These fields allow alphabets and numbers only; special characters are not allowed. If a special character is entered, the message “Username and Display Name should contain alphabets and numbers only.” is displayed.