Thales TCT Product Updates

Thales Trusted Cyber Technologies (TCT), a trusted, U.S. based source for cyber security solutions, today announced that its Smart Card 650 v4.2 token (SC650) has received approval from the National Security Agency (NSA) for use in defense networks when using an approved applet (CoolKey version 1.5.558cdcff). The SC650 is a high assurance identification and authentication smart card that brings two-factor authentication to applications and networks where security is critical.

This is an update to the previous SC650 which has been the only certificate-based smart card to ever be designed at all levels from NSA requirements and officially awarded NSA Certification. It enables strong two-factor authentication and proof-positive user identification in all SECRET level environments. The SC650 securely stores users’ credentials, such as digitally-signed certificates, private keys, and network login credentials and seamlessly supports secure key generation, secure key storage, encryption/decryption, and digital signature processing. The SC650 is capable of performing all private and public key cryptographic functions directly on the smart card, thus eliminating potential threats resulting from private key exposure. The SC650 contains a custom smart card ASIC developed by Thales TCT and produced at a U.S. based foundry. The SC650 is manufactured and supported exclusively in the United States to mitigate potential supply chain security risks.

For more information on the SC650 visit thalestct.com/sc650.

Thales TCT is pleased to announce the release of Luna Credential System (LCS) 2.0. This first-of-its-kind, patent-pending solution introduces a new approach to multi-factor authentication by maintaining user credentials in a centralized hardware device that is securely accessible by endpoints in a distributed network. It unites the familiarity of certificate-based authentication with the security of a FIPS 140-2 certified hardware security module (HSM). 

Robotic Process Automation (RPA) Cryptographic Authentication

OMB Memo M-19-17 outlines a policy that requires all software robots to have individual digital identities and credentials managed in the same fashion as traditional user identities for authority to operate in U.S. Federal production systems. Software robots can utilize multi-factor login capabilities with a centralized, hardware security module-based authentication system such as LCS. 

LCS 2.0 now integrates with UiPath’s enterprise RPA solution to provide hardware-protected PKI credentials for UiPath’s unattended software robots. Unattended software robots act autonomously in place of a user or operator leveraging its own security credentials. This critical integration will enable UiPath’s unattended software robots to operate in production systems across the federal government. 

New Features

In addition to the UiPath integration, LCS 2.0 also includes new features including:

• Credential HSM with PED authentication (FIPS Level 3) 
• Support larger number of LCS Clients and Credential Bins (up to 200 per Credential HSM)  
• Use case expansion including support for document signing, email signing, additional certificate authorities, and RPA solutions  
• Luna Vault plugin (preview) for UiPath Orchestrator 

For more information on Luna Credential System, visit www.thalestct.com/LCS.

SafeNet AT is pleased to announce the release of Luna Credential System (LCS). This first-of-its-kind, patent-pending solution introduces a new approach to multi-factor authentication by maintaining user credentials in a centralized hardware device that is securely accessible by endpoints in a distributed network. It unites the familiarity of certificate-based authentication with the security of a FIPS 140-2 certified hardware security module (HSM).

LCS Addresses PKI Authentication Challenges

Certificate-based, multi-factor authentication is a mainstay security technique used by the U.S. Federal Government to ensure the identities of entities within a Public Key Infrastructure (PKI). For people, secure storage and distribution of user credentials is easily facilitated by utilizing a smart card or USB token. But, what about non-person entities (NPEs) like a device, software robot or some other automation technology? NPEs must have hardware-secured credentials to meet security mandates. Or what if the entity is indeed a person, but token use is not desirable or not an option?

HSM-Secured Identity Credentials

LCS is a multi-purpose, secure credential system ideally suited for an environment in which the endpoints cannot use a traditional small form-factor token. Composed of the Luna Credential HSM and the Luna Credential Client, LCS supports a number of use cases including Windows Logon and authentication to PK-enabled applications and websites.

Luna Credential System Use Cases

Robotic Process Automation (RPA)

• Manages the digital identities of RPA bots throughout their lifecycle
• Replaces traditional multi-factor auth with an ultra-secure HSM-based authentication system eliminating the need for a smart card
• Maintains PKI credentials and certificates in a secure, centralized location.
• Cryptographic operations take place within a high assurance HSM instead of on a smart card
• Integrates with UiPath and Blue Prism RPA Solutions

Credential Data Protection

• Stores identity credentials within the confines of a centralized HSM thus mitigating the risk of accidental loss or intentional compromise of a physical token

Mobile Workforce with Use of Multiple Devices

• Provides the best of both solutions by offering secure, hardware-based multi-factor PKI authentication with software-like flexibility, scalability, and ease of use
• Ideally suited for virtualized environments in which virtual machines can’t use a smartcard but require hardware secured credentials.

SafeNet Assured Technologies is pleased to announce the release of version 4.2 of the SC650 smartcard and sKey3250 high assurance USB authenticator. These tokens are the most secure, certificate-based authentication tokens available today.

This release adds functionality and security to the product line. Version 4.2 includes the following fixes and features:

• Security enhancement to limit the number of unsuccessful logon attempts 
• Secure Channel Protocol (SCP) 03 functionality 
• Resolution of two AES bugs dealing with error handling and decryption of AES 128 ECB NOPAD data 
• FIPS 140-2 Level 2 certification submission targeted for Q4 2018 

These tokens securely store the user’s credentials, such as digitally-signed certificates, private keys, and network login credentials and seamlessly supports secure key generation, secure key storage, encryption/decryption, digital signature processing (sign and verify), security event logging as well as private and public key cryptographic functions directly on the tokens.

Various deployment models are available for immediate distribution to partners and customers.

• Third Party Applet – for use with customer CoolKey and custom applet installation 
• SafeNet AT PKI Applet – comes pre-installed with the SafeNet AT HA PKI applet 

SafeNet AT is pleased to announce the release of SC650 Card v4.2. SC650 Card v4.2 features support for Secure Channel Protocol 3 (SCP03). This configuration has SCP03 support which uses the Advanced Encryption Standard (AES) algorithm thereby making its encryption scheme un-deterministic and highly secure.

SCP is used for entity authentication and cryptographic protection of subsequent communications. SCP03 provides strong security guarantees including resistance: 

• Replay
• Out-of-order delivery
• Algorithm substitution attacks 

Additionally, this functionality assures that communication through the secure channel cannot undetectably contain hidden backdoors allowing mass surveillance.