Thales TCT Product Updates

Thales TCT is pleased to announce the release of High Speed Encryption (HSE) Firmware (FW) V5.1. Continuing our commitment to provide innovative products that meet our customers’ security needs, HSE FW 5.1 contains a number of customer requested enhancements, product maintenance items, and documentation improvements.

Thales TCT recommends that all HSEs be updated to the V5.1 firmware as soon as possible. The V5.1 is not backward compatible with prior versions of code but provides extensive feature advancements, updates to meet the latest security standards, and address critical known issues as outlined below. Thales TCT will still offer HSE FW V 2.7.1 to customers who require previous versions of code.

Feature Enhancement

The V5.1 firmware release introduces Transport Independent Mode (TIM) which provides network independent encryption allowing customers to secure data in motion at layer 2, 3, or 4. In addition to the TIM enhancement, 100G Forward Error Correction (FEC) and GCM mode, and support for EQKD were added. Please refer to the Customer Release Note (CRN) and Users Guide for a full list of features now available.

Security Standard Updates

V5.1 firmware meets the latest NIST guidance set out in the Transitioning the Use of Cryptographic Algorithms and Key Lengths publication (SP800-131A). These updates to the V5.1 firmware render it inoperable with any prior version. It is recommended that all fielded units be upgraded to Firmware V5.1 to meet the latest NIST guidance and to ensure interoperability within the network. Please see the Release Notes for further details on interoperability and upgrade caveats.

Known Issue/Bug Fix

The HSE software library requires modification in order to address an undesired function. The fix removes an authentication mechanism whereby self-signed encryptor certificates may be accepted during session establishment. The change reduces the scope of accepted certificates, but does not alter the underlying security or cryptographic mechanism. Patches are available via Thales TCT customer support to address this issues.

To learn more about high speed encryption, visit www.thalestct.com/hse.

Thales Trusted Cyber Technologies (TCT) is pleased to announce the release of Luna T-Series HSM 7.10.1. Release 7.10.1 is a minor release featuring the introduction of the T-Series PCIe HSM. The new PCIe HSM offers increased performance and functionality similar to the T-Series Network HSM. Additionally, updates to the Luna Client and User Documentation are included in this release.

Release 7.10.1 Summary

• Initial GA Release of Luna PCIe T-2000 and T-5000
  • NO firmware or hardware updates. Same firmware version 7.10.0 as released in December 2019 on T-Series Network HSM.
• Updated Luna Client
  • Version 7.10.1
  • Updated PCIe driver for Luna PCIe. (driver in 7.10.0 client is not compatible with Luna PCIe)
  • Additional miscellaneous fixes (see CRN Resolved Issues)
  • Compatible with previously released Luna Network HSM T-series and legacy Luna for Government HSMs.
• Product Documentation Updates
  • Single documentation set for all HSM products: Network, PCIe, Backup, and G5
  • Additional miscellaneous updates
• No software changes or hardware changes to Luna Network HSM appliance
• Updated CRN

Resources

• Luna PCIe Product Brief
• Website
• Customer Release Notes (available upon request)

SafeNet AT is pleased to announce the release of Luna Credential System (LCS). This first-of-its-kind, patent-pending solution introduces a new approach to multi-factor authentication by maintaining user credentials in a centralized hardware device that is securely accessible by endpoints in a distributed network. It unites the familiarity of certificate-based authentication with the security of a FIPS 140-2 certified hardware security module (HSM).

LCS Addresses PKI Authentication Challenges

Certificate-based, multi-factor authentication is a mainstay security technique used by the U.S. Federal Government to ensure the identities of entities within a Public Key Infrastructure (PKI). For people, secure storage and distribution of user credentials is easily facilitated by utilizing a smart card or USB token. But, what about non-person entities (NPEs) like a device, software robot or some other automation technology? NPEs must have hardware-secured credentials to meet security mandates. Or what if the entity is indeed a person, but token use is not desirable or not an option?

HSM-Secured Identity Credentials

LCS is a multi-purpose, secure credential system ideally suited for an environment in which the endpoints cannot use a traditional small form-factor token. Composed of the Luna Credential HSM and the Luna Credential Client, LCS supports a number of use cases including Windows Logon and authentication to PK-enabled applications and websites.

Luna Credential System Use Cases

Robotic Process Automation (RPA)

• Manages the digital identities of RPA bots throughout their lifecycle
• Replaces traditional multi-factor auth with an ultra-secure HSM-based authentication system eliminating the need for a smart card
• Maintains PKI credentials and certificates in a secure, centralized location.
• Cryptographic operations take place within a high assurance HSM instead of on a smart card
• Integrates with UiPath and Blue Prism RPA Solutions

Credential Data Protection

• Stores identity credentials within the confines of a centralized HSM thus mitigating the risk of accidental loss or intentional compromise of a physical token

Mobile Workforce with Use of Multiple Devices

• Provides the best of both solutions by offering secure, hardware-based multi-factor PKI authentication with software-like flexibility, scalability, and ease of use
• Ideally suited for virtualized environments in which virtual machines can’t use a smartcard but require hardware secured credentials.

SafeNet AT is pleased to announce the release of KeySecure for Government 8.14. Continuing our commitment to provide innovative products that meet our customers’ security needs, KeySecure 8.14 contains a number of customer requested enhancements, product maintenance items, and documentation improvements. KeySecure 8.14 is available on all platforms: G460, G160 (Standard and High Assurance), G350v (VMware and AWS) as both an orderable product and a field upgrade package.

Review the Customer Release Notes for additional information on the release including the following new features and enhancements:

• Advanced logging features
• Scheduling of multiple independent backups
• Display of admin and user status
• Enhanced ProtectFile management
• Improved clustering performance

To learn more about KeySecure for Government, visit www.safenetat.com/keysecure.

SafeNet AT is pleased to announce the release of Luna T-Series HSM 7.10. Version 7.10 includes the Luna Network HSM T-2000 and T-5000 models along with the Luna Client. The Luna T-Series HSM is the choice for government agencies when storing, protecting and managing cryptographic keys used to secure sensitive data and critical applications. Meeting government mandates for U.S. Supply Chain, the high assurance, tamper-resistant Luna T-Series HSM is designed, developed, manufactured, sold, and supported in the United States exclusively by SafeNet AT.

Luna T-Series HSMs were designed from the ground up as a drop-in replacement for the widely deployed Luna SA for Government HSMs. Luna T-Series HSMs offer secure storage of cryptographic information in a controlled and highly secure environment. All Luna T-Series models can be initialized by the customer to protect proprietary information by using either multifactor (PED) authentication or password authentication.

Industry Leading Performance

The T-Series of Luna Network HSM offers industry leading cryptographic performance and delivers up to 10 times the performance compared to the legacy Luna SA for Government while still providing the critical security features that government customers have relied on for decades.

Luna T-Series models are available at different performance levels:

Luna Network HSM T-2000	Luna Network HSM T-5000
Standard performance 16MB memory 2 partitions, upgradable to 10 RSA 2048 1,400 tps RSA 4096 350 tps ECC P-256 3,000 tps ECC P-384 2,000 tps	Enterprise-level performance 32 MB memory 5 partitions, upgradable to 20 RSA 2048 14,000 tps RSA 4096 3,500 tps ECC P-256 16,000 tps ECC P-384 16,000 tps

Luna T-Series HSM Benefits

• Industry leading cryptographic performance: performance optimized for government mandated algorithms and key lengths
• Easy transition for deployed solutions: fully backwards compatible and zero changes required to applications integrated with Luna SA for Government
• Crypto agile: architecture supports in-field introduction of new crypto algorithms
• Broad integration ecosystem: large number of integrations with industry-leading technology vendors
• Security first company: HSM products are U.S designed, developed and manufactured