Thales TCT Product Updates

Thales Trusted Cyber Technologies (TCT) is pleased to announce the release of the Luna HSM firmware 7.11.0 and Luna Client 7.11.1. Following on the heels of the November release of the Luna Network T-Series HSM 7.11, this release includes a firmware update for the Luna T7 Crypto Module and a Luna Client update. The 7.11.0 firmware runs on the Luna T7 Crypto Module delivered as the Luna PCIe product or embedded in the Luna Network HSM. Updates to the Luna Client are also included to address functional and usability enhancements.

Quantum Enhanced Keys

This firmware release also introduces support for Quantum Enhanced Keys. By embedding a quantum random number generator (QRNG) chip within the Luna HSM, Thales TCT is offering the industry’s first FIPS 140-2 compliant HSM capable of generating quantum enhanced keys. Using principles of quantum physics, the QRNG chip produces high quality entropy which is the basis for all random numbers and cryptographic keys generated by the HSM.

FIPS 140-2 Level 3 Compliance

The 7.11.0 firmware release introduces updates to the FIPS approved mode of operation. Specifically, updates to Password Authentication, Cloning, HA Login, and Remote PED Protocols were introduced to comply with FIPS 140-2 Level 3 Certification, including NIST SP 800-131A Revision 2. By updating their Luna HSMs to this 7.11.0 firmware, customers will be running the firmware that is currently in the process of being FIPS certified by NIST.

FIPS 140-2 Status

As previously announced, the Luna T7 Cryptographic Module was submitted (July 2020) to the NIST Cryptographic Module Validation Program and is listed as Module in Process. Most customers (and government contracting officers) accept the official listing on NIST’s Modules in Process List as evidence that the cryptographic module will soon have an official FIPS 140-2 validation certificate issued. Updates regarding FIPS certification will be made as they become available. The NIST Modules in Process List is available here.

Thales TCT is pleased to announce the release of KeySecure for Government 8.15. Continuing our commitment to provide innovative products that meet our customers’ security needs, KeySecure 8.15 contains a number of customer requested enhancements, product maintenance items, and documentation improvements. KeySecure 8.15 is available on all platforms: G460, G160 (Standard and High Assurance), G350v (VMware and AWS) as both an orderable product and a field upgrade package. Review the Customer Release Notes for additional information on the improvements included in this release.

Thales Trusted Cyber Technologies (TCT) is pleased to announce the release of the Luna Network HSM 7.11.0, models T-2000 and T-5000. Release 7.11.0 features the introduction of the new T-Series Network HSM chassis. The 7.11.0 Network HSM offers enhanced security, maintenance, and usability features while providing industry leading cryptographic performance. The Luna Client is also updated with installation, functional, and usability enhancements. User Documentation has been significantly revised to reflect the changes incorporated into Luna HSM release 7.11.
Highlights of new features in the Luna T-Series HSM release 7.11 include:

New T-Series Network HSM Appliance Chassis

The Luna T-Series Network HSM contains a new chassis and offers enhanced installation, maintenance, security, and usability features, including the following:

• A locking faceplate bezel restricts access to the front of the appliance for enhanced security. 
• A new LCD display provides a quick view of the appliance network configuration and overall health. 
• Four 1GB Ethernet interface ports with port bonding for redundancy and enhanced reliability. 
• Rebranded to reflect company name change to Thales Trusted Cyber Technologies. 
• Appliance is delivered with improved accessories (e.g. longer rack mount rails, RJ-45 console port / cable, etc.). 

Improved Luna HSM Client

• Improved Client Installer 
• User-Defined Install Paths 
• Minimal Client for Linux containers 
• Cryptographic changes to support changes in upcoming firmware 7.11.0. 

Configurable Cipher Suites

The TLS cipher suites used by NTLS can now be configured on the Luna T-Series Network HSM. This new capability allows administrators to select and configure cipher strength to meet their internal security objectives and compliance requirements.

Hardware Support for Quantum Enhanced Keys

By embedding a quantum random number generator (QRNG) chip within the Luna HSM, Thales TCT is offering the industry’s first FIPS 140-2 compliant HSM capable of generating quantum enhanced keys. Using principles of quantum physics, the QRNG chip produces high quality entropy which is the basis for all random numbers and cryptographic keys generated by the HSM. Although the QRNG is included in this hardware, the ability to utilize the QRNG will not be available until a future release of firmware. All shipping Luna Network HSM hardware will support an in-field firmware upgrade that will introduce this capability.

FIPS 140 Status

As previously announced, the Luna T7 Cryptographic Module was submitted (July 2020) to the NIST Cryptographic Module Validation Program and is listed as Module in Process. Most customers (and government contracting officers) accept the official listing on NIST’s Modules in Process List as evidence that the cryptographic module will soon have an official FIPS 140-2 validation certificate issued. The NIST Modules in Process List is available here.

An in-field upgrade to the FIPS validated firmware will be made available for all Luna T-Series Network HSMs.

Learn More About HSMs

Thales is pleased to announce the launch of CipherTrust Data Security Platform that enables customers to Discover, Protect and Control sensitive data anywhere with next-generation data protection. Our new platform is built on a modern micro-services architecture, is designed for the cloud, includes Data Discovery and Classification, and fuses together the best capabilities from the Vormetric Data Security Platform and KeySecure and connector products.

This innovative platform solves our customers’ largest data security challenges by removing complexity from data security, accelerating time to compliance, and securing cloud migrations. We are seamlessly unifying data discovery, classification and data protection with strong access controls and centralized key management. Now for the first time, our customers can discover, protect and control their data anywhere on one platform.

CipherTrust Data Security Platform is available for sale to the U.S. Federal Government exclusively through Thales TCT.

Key Capabilities

• Data discovery and classification
  • Risk analysis with data visualization
• Data protection techniques
• Transparent encryption for files, databases, big data, and containers
• Application-layer data protection
• Tokenization with dynamic data masking
• Format preserving encryption
• Static data masking
• Privileged user access controls
• Centralized enterprise key management
• FIPS 140-2 compliant key management
• Multi-cloud key management
• Unparalleled partner ecosystem of KMIP integrations
• Database encryption key management
• Monitoring and reporting
• Centralized management console

For more information, visit thalestct.com/ciphertrust-dsp.

Thales TCT is pleased to announce the release of Luna Credential System (LCS) 2.0. This first-of-its-kind, patent-pending solution introduces a new approach to multi-factor authentication by maintaining user credentials in a centralized hardware device that is securely accessible by endpoints in a distributed network. It unites the familiarity of certificate-based authentication with the security of a FIPS 140-2 certified hardware security module (HSM). 

Robotic Process Automation (RPA) Cryptographic Authentication

OMB Memo M-19-17 outlines a policy that requires all software robots to have individual digital identities and credentials managed in the same fashion as traditional user identities for authority to operate in U.S. Federal production systems. Software robots can utilize multi-factor login capabilities with a centralized, hardware security module-based authentication system such as LCS. 

LCS 2.0 now integrates with UiPath’s enterprise RPA solution to provide hardware-protected PKI credentials for UiPath’s unattended software robots. Unattended software robots act autonomously in place of a user or operator leveraging its own security credentials. This critical integration will enable UiPath’s unattended software robots to operate in production systems across the federal government. 

New Features

In addition to the UiPath integration, LCS 2.0 also includes new features including:

• Credential HSM with PED authentication (FIPS Level 3) 
• Support larger number of LCS Clients and Credential Bins (up to 200 per Credential HSM)  
• Use case expansion including support for document signing, email signing, additional certificate authorities, and RPA solutions  
• Luna Vault plugin (preview) for UiPath Orchestrator 

For more information on Luna Credential System, visit www.thalestct.com/LCS.