Thales Trusted Cyber Technologies  

Thales TCT’s high assurance authenticators bring multi-factor authentication to applications and networks where security is critical. Available in USB and smart card form factors,Thales TCT’s certificate-based authenticators support numerous algorithms and X.509 digital certificates enabling strong two-factor authentication and proof-positive user identification in all Public Key Infrastructure (PKI) environments.

Solutions

Thales’s SafeNet OTP hardware tokens provide a strong and scalable foundation for securing access to enterprise, web-based and cloud applications, and complying with privacy and security regulations.

Thales’s SafeNet hardware tokens offer rich case-branding options, and are field-programmable by the customer, enabling organizations to maintain stringent control over their own critical OTP security data.

SAFENET OTP DISPLAY CARD 

SafeNet OTP Display Card is an OATH-compliant 2FA token designed in a convenient credit card form factor.

Learn More

SAFENET OTP 110

SafeNet OTP 110 is a cost effective OATH-compliant OTP hardware token that features waterproof casing, and enables two-factor authentication in time-sync and event-based modes.

Learn More

SAFENET ETOKEN PASS

SafeNet eToken PASS is an OATH compliant OTP hardware token that offers secure two factor authentication, in time- sync and event-based modes.

Learn More

SAFENET GOLD

Offering an additional layer of security beyond basic OTP, the SafeNet GOLD is activated with a personal identification number (PIN), which prompts the authenticator to provide an OTP. In challenge response mode, users activate GOLD with their PIN, and then must validate a numeric challenge on their GOLD authenticator.

Learn More

As convenient as another credit card in your wallet, Thales’s SafeNet credit card-size form factors enable enhanced security with PKI Certificate-Based-Authentication (CBA) and enable preboot authentication, disk encryption, file encryption, digital signatures, and secure certificate and key storage.

Many of Thales’ smart card authenticators can easily double as physical access cards to secure buildings and sites, in addition to offering rich branding options and support for photo-badging. Depending on the configuration, Thales’s certificate-based authenticators are FIPS or CC certified. Thales TCT’s Smart Card 650 (SC650) is certified for use in defense networks by the National Security Agency. The dual interface versions of SafeNet IDPrime Smart Cards comply with the ISO 14443 standard which is also compatible with some NFC readers present in smartphones and tablets. SafeNet IDPrime Smart Cards are supported by SafeNet Authentication Client Middleware or SafeNet Minidriver.

THALES TCT SMART CARD 650

SC650 enables strong two-factor authentication and proof-positive user identification in all PKI environments and is certified for use in Defense Networks. It supports numerous algorithms, X.509 digital certificates and on-card certificate validation.

Learn More

SAFENET IDPRIME 3940

SafeNet IDPrime 3940 is a dual-interface smart card, allowing communication either via a contact interface or via a contactless ISO14443 interface; also compatible with some NFC readers. The smart card is CC EAL5+ / PP Java Card certified for the Java platform and CC EAL5+ / PP QSCD certified for the combination of Java platform and PKI applet. It is also compliant with eIDAS regulations and qualified by the French ANSSI.

Learn More

SAFENET IDPRIME 940

SafeNet IDPrime 940 is a Plug and Play contact interface smart card and is compliant with eIDAS regulations. IDPrime 940 is CC EAL5+ / PP Java Card certified for the Java platform and CC EAL5+ / PP QSCD certified for the combination of Java platform and PKI applet. It is also compliant with eIDAS regulations and qualified by the French ANSSI.

Learn More

IDPRIME MD 3810

IDPrime MD 3810 is a dual-interface smart card, allowing communication either via a contact interface or via a contactless ISO14443 interface; also compatible with some NFC readers. 

Learn More

IDPRIME MD 830

IDPrime MD 830 is a Plug and Play contact interface smart card and is available in two versions with different security certifications. One is FIPS 140-2 Level 3, and the other is FIPS 140-2 Level 2 certified, for both the Java platform and the combination of Java platform plus PKI applet.

Learn More

SAFENET IDPRIME PIV

SafeNet IDPrime PIV (Personal Identity Verification) card is a FIPS 201 standards-based card for U.S. government agencies, state and local government organizations to issue user credentials that the Federal Government can trust. The same card can be used for either a CIV or PIV-I based deployment depending on company policies and requirements. Available from PIV 3.0, this Smart Card provides premium privacy protection (compliant with the OPACITY protocol). Customers can benefit from enhanced performance and built-in biometric capabilities (Match-on-Card), preparing them for enhanced user authentication.

Learn More

Thales offers effective strong authentication services that enable agencies to pursue consistent authentication policies across the organization by automating and simplifying the deployment and management of a distributed estate of tokens, while securing a broad spectrum of resources, whether on-premises, cloud-based, or virtualized. 

Thales CPL's cloud-based access management solutions are available for sale to the U.S. Federal Government exclusively through Thales TCT. 

Click HERE for more information.

Access Management Solutions

Certificate-based, multi-factor authentication is a mainstay security technique used by the U.S. Federal Government to ensure the identities of entities within a Public Key Infrastructure (PKI).  Two primary components of multi-factor authentication are “what you have” and “what you know.” The “what you have” in a PKI consists of a securely stored private key and an associated digital certificate that are the unique user credentials identifying the entity. The “what you know” is a password to unlock access to the securely-stored credentials.  

When the entity in need of a certified identity is a person, secure storage and distribution of the user credentials is often easily facilitated by utilizing existing technology, such as a secure smart card or USB token.  The person assumes physical ownership and responsibility of the token and can use it as needed to access PK-enabled resources.  But what if the entity in need of credentials is a non-person entity (NPE), like a device, software robot or some other automation technology?  These entities still must have hardware-secured credentials to meet security mandates.  Or what if the entity is indeed a person, but token use is not desirable or not an option?  
   
With this in mind, any or all of the following issues may present roadblocks to the use of a multi-factor token for all users in a PKI:

• Policy may dictate that a token cannot be issued to a non-person entity
• The physical security of a token issued to a non-person entity presents a cumbersome, inefficient, or impossible requirement to meet
• Virtual machines are being used which can’t access physical tokens
• Multiple physical machines require access to the credentials on a single token
• Hardware-based, multi-factor authentication is needed for human users, but token use is either not feasible or undesirable.