Thales Trusted Cyber Technologies (TCT) is pleased to announce the release of the Luna HSM firmware 7.11.0 and Luna Client 7.11.1. Following on the heels of the November release of the Luna Network T-Series HSM 7.11, this release includes a firmware update for the Luna T7 Crypto Module and a Luna Client update. The 7.11.0 firmware runs on the Luna T7 Crypto Module delivered as the Luna PCIe product or embedded in the Luna Network HSM. Updates to the Luna Client are also included to address functional and usability enhancements.
Quantum Enhanced Keys
This firmware release also introduces support for Quantum Enhanced Keys. By embedding a quantum random number generator (QRNG) chip within the Luna HSM, Thales TCT is offering the industry’s first FIPS 140-2 compliant HSM capable of generating quantum enhanced keys. Using principles of quantum physics, the QRNG chip produces high quality entropy which is the basis for all random numbers and cryptographic keys generated by the HSM.
FIPS 140-2 Level 3 Compliance
The 7.11.0 firmware release introduces updates to the FIPS approved mode of operation. Specifically, updates to Password Authentication, Cloning, HA Login, and Remote PED Protocols were introduced to comply with FIPS 140-2 Level 3 Certification, including NIST SP 800-131A Revision 2. By updating their Luna HSMs to this 7.11.0 firmware, customers will be running the firmware that is currently in the process of being FIPS certified by NIST.
FIPS 140-2 Status
As previously announced, the Luna T7 Cryptographic Module was submitted (July 2020) to the NIST Cryptographic Module Validation Program and is listed as Module in Process. Most customers (and government contracting officers) accept the official listing on NIST’s Modules in Process List as evidence that the cryptographic module will soon have an official FIPS 140-2 validation certificate issued. Updates regarding FIPS certification will be made as they become available. The NIST Modules in Process List is available here.
Thales TCT is pleased to announce the release of KeySecure for Government 8.15. Continuing our commitment to provide innovative products that meet our customers’ security needs, KeySecure 8.15 contains a number of customer requested enhancements, product maintenance items, and documentation improvements. KeySecure 8.15 is available on all platforms: G460, G160 (Standard and High Assurance), G350v (VMware and AWS) as both an orderable product and a field upgrade package. Review the Customer Release Notes for additional information on the improvements included in this release.To learn more about KeySecure for Government, visit www.thalestct.com/keysecure
Thales Trusted Cyber Technologies (TCT) is pleased to announce the release of the Luna Network HSM 7.11.0, models T-2000 and T-5000. Release 7.11.0 features the introduction of the new T-Series Network HSM chassis. The 7.11.0 Network HSM offers enhanced security, maintenance, and usability features while providing industry leading cryptographic performance. The Luna Client is also updated with installation, functional, and usability enhancements. User Documentation has been significantly revised to reflect the changes incorporated into Luna HSM release 7.11.
Highlights of new features in the Luna T-Series HSM release 7.11 include:
New T-Series Network HSM Appliance Chassis
The Luna T-Series Network HSM contains a new chassis and offers enhanced installation, maintenance, security, and usability features, including the following:
Improved Luna HSM Client
Configurable Cipher Suites
The TLS cipher suites used by NTLS can now be configured on the Luna T-Series Network HSM. This new capability allows administrators to select and configure cipher strength to meet their internal security objectives and compliance requirements.
Hardware Support for Quantum Enhanced Keys
By embedding a quantum random number generator (QRNG) chip within the Luna HSM, Thales TCT is offering the industry’s first FIPS 140-2 compliant HSM capable of generating quantum enhanced keys. Using principles of quantum physics, the QRNG chip produces high quality entropy which is the basis for all random numbers and cryptographic keys generated by the HSM. Although the QRNG is included in this hardware, the ability to utilize the QRNG will not be available until a future release of firmware. All shipping Luna Network HSM hardware will support an in-field firmware upgrade that will introduce this capability.
FIPS 140 Status
As previously announced, the Luna T7 Cryptographic Module was submitted (July 2020) to the NIST Cryptographic Module Validation Program and is listed as Module in Process. Most customers (and government contracting officers) accept the official listing on NIST’s Modules in Process List as evidence that the cryptographic module will soon have an official FIPS 140-2 validation certificate issued. The NIST Modules in Process List is available here.
An in-field upgrade to the FIPS validated firmware will be made available for all Luna T-Series Network HSMs.
Thales is pleased to announce the launch of CipherTrust Data Security Platform that enables customers to Discover, Protect and Control sensitive data anywhere with next-generation data protection. Our new platform is built on a modern micro-services architecture, is designed for the cloud, includes Data Discovery and Classification, and fuses together the best capabilities from the Vormetric Data Security Platform and KeySecure and connector products.
This innovative platform solves our customers’ largest data security challenges by removing complexity from data security, accelerating time to compliance, and securing cloud migrations. We are seamlessly unifying data discovery, classification and data protection with strong access controls and centralized key management. Now for the first time, our customers can discover, protect and control their data anywhere on one platform.
CipherTrust Data Security Platform is available for sale to the U.S. Federal Government exclusively through Thales TCT.
For more information, visit thalestct.com/ciphertrust-dsp.
Thales TCT is pleased to announce the release of Luna Credential System (LCS) 2.0. This first-of-its-kind, patent-pending solution introduces a new approach to multi-factor authentication by maintaining user credentials in a centralized hardware device that is securely accessible by endpoints in a distributed network. It unites the familiarity of certificate-based authentication with the security of a FIPS 140-2 certified hardware security module (HSM).
Robotic Process Automation (RPA) Cryptographic Authentication
OMB Memo M-19-17 outlines a policy that requires all software robots to have individual digital identities and credentials managed in the same fashion as traditional user identities for authority to operate in U.S. Federal production systems. Software robots can utilize multi-factor login capabilities with a centralized, hardware security module-based authentication system such as LCS.
LCS 2.0 now integrates with UiPath’s enterprise RPA solution to provide hardware-protected PKI credentials for UiPath’s unattended software robots. Unattended software robots act autonomously in place of a user or operator leveraging its own security credentials. This critical integration will enable UiPath’s unattended software robots to operate in production systems across the federal government.
In addition to the UiPath integration, LCS 2.0 also includes new features including:
For more information on Luna Credential System, visit www.thalestct.com/LCS.