Wave Systems Corp. (fka WAVXQ)

[Genz2]

Yubico Replacing YubiKey FIPS Devices Due to Security Issue

https://www.securityweek.com/yubico-replacing-yubikey-fips-devices-due-security-issue

Yubico is in the process of replacing YubiKey FIPS (Federal Information Processing Standards) security keys following the discovery of a potentially serious cryptography-related issue that can cause RSA keys and ECDSA signatures generated on these devices to have reduced strength.

In a security advisory published on Thursday, the company informed customers that the issue impacts YubiKey FIPS series devices running versions 4.4.2 and 4.4.4 of the firmware (version 4.4.3 does not exist), including Nano FIPS, C FIPS and C Nano FIPS devices. No other Yubico products appear to be impacted.

“[Random] values leveraged in some YubiKey FIPS applications contain reduced randomness for the first operations performed after YubiKey FIPS power-up. The buffer holding random values contains some predictable content left over from the FIPS power-up self-tests which could affect cryptographic operations which require random data until the predictable content is exhausted,” Yubico said in its advisory.

“This issue occurs only during the power-up of the YubiKey FIPS Series, version 4.4.2 or 4.4.4. After the predictable content in the random buffer is consumed, the buffer will be filled with the intended full random number generator output, and all subsequent use of randomness will not be affected,” it added.

The issue impacts PIV smart card applications, Universal 2nd Factor (U2F) authentication, OATH one-time passwords, and OpenPGP.

The flaw was discovered internally by Yubico in mid-March and it was patched with the release of firmware version 4.4.5, which received FIPS certification on April 30. The vendor says it’s not aware of any incidents exploiting this weakness.

Yubico has actively reached out to customers to inform them of the free device replacement and says a majority of the affected security keys have already been replaced or are in the process of being replaced. Users who have not heard from the company have been advised to visit a replacement portal set up for this purpose.

The news comes just weeks after Google announced that it was replacing its T1 and T2 Titan Security Key dongles due to a misconfiguration in the Bluetooth pairing protocols.

==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card


Get better security at less than half the cost

Passwords are weak. Tokens are expensive. Don’t compromise on security or price.

Wave Virtual Smart Card does anything your physical smart cards and tokens do, but it starts with hardware you already have: the Trusted Platform Module (TPM), a hardware security chip built into the motherboard of most business-class PCs. You may not even know you have it, but once you do, the TPM can be used in a myriad of ways. Wave turns it into a smart card, embedded directly into your laptop.

What can it be used for?

What do you use your smart card for today? With the exception of keying open the door at work, Wave Virtual Smart Card can perform any of the services or applications you rely on your smart card for today. Secure VPN, WiFi, remote desktop, cloud applications – it can all be done with a virtual smart card.

One helpdesk call you'll never get: "I lost my virtual smart card again..."

There are so many ways to lose a token – couch cushions, street drains, curious toddlers. In fact, up to 30% of all tokens are eventually lost. It’s much harder to lose a laptop, and you notice a lot faster when you do.

The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.

What will you do with >50% TCO savings?*

Tokens and smart cards require an additional hardware purchase, plus the time and money to ship to remote users. Use something that’s already in the users’ hands (the TPM), and your acquisition and deployment costs are lower.

Then consider the management savings in not having to replace lost and stolen tokens. That means fewer helpdesk calls, less interruption of user productivity, and fewer acquisition and shipping costs.

When we say “secure”…

…we mean it. Our solution starts with a proven hardware root-of-trust. Multi-factor authentication is an established best-practice for strong authentication: the TPM-based virtual smart card is one factor (something you have) and the user PIN is a second factor (something you know).

*Actual number may vary. Contact us today to receive more details and a free quote.

Key Features:

• Full lifecycle management of virtual smart cards
• Intuitive interface to create (or delete) virtual smart cards
• Command line option to create and delete virtual smart cards
• Flexible PIN policies
• Helpdesk-assisted PIN reset and recovery
• Generates reports for compliance
• Integrates with Active Directory
• Supports familiar use cases ? Virtual Private Network (VPN)
? Local logon
? Remote logon
? Remote desktop access
? Intranet/Extranet
? Cloud applications
==================================================================
Wave Systems Announces First U.S. Federal Government Customer for Wave Virtual Smart Card 2.0

https://www.wavesys.com/buzz/pr/wave-systems-announces-first-us-federal-government-customer-wave-virtual-smart-card-2.0

Lee, MA -

October 2, 2014 -

Wave Systems Corp. (NASDAQ: WAVX) marked an important sales milestone by announcing the first U.S. federal government customer for its Virtual Smart Card 2.0.

Since the Virtual Smart Card 2.0 became commercially available in late July 2014, Wave has entered into dozens of pilot deployments in multiple sectors, including healthcare, financial services, automotive, energy and utilities. However, today’s announcement marks the product’s first sale in the government sector.

“This is an important milestone for Wave,” said Bill Solms, CEO of Wave. “Wave Virtual Smart Card 2.0 has been purchased by a government agency with significant security requirements and one that requires redundant means of system authentication due to national security interests. This initial sale is modest compared to the addressable market within the Federal Government sector, but it is important to our strategy for marketing the Virtual Smart Card to address critical government infrastructure defense.”

“We believe that this sale, which was completed on a shorter sales cycle than we had anticipated, supports our view that customers are interested in the type of cyber security solution that Wave’s Virtual Smart Card 2.0 provides,” Solms added.

Wave Virtual Smart Card 2.0 is the industry’s only enterprise-grade virtual smart card management solution that works on Windows 7. It also supports Windows 8 and 8.1. Wave’s new solution emulates the functionality of physical smart cards or tokens, but offers greater convenience to users, lower total cost of ownership, and a reduced risk of unauthorized use.

Wave Virtual Smart Card 2.0 gives IT the ability to:
• Remotely create and delete virtual smart cards
• Provide help desk-assisted recovery
• Configure PIN and card policies
• View the status of virtual smart cards and enrolled certificates
• Generate reports for compliance
• Support virtual smart cards on laptops, tablets and desktops with TPM 1.2 or TPM 2.0
==================================================================
https://www.wavesys.com/

https://www.wavesys.com/contact-information