It takes significant investments of time and money to achieve FIPS validation. Meeting FIPS requirements can cost tens of thousands of dollars and take 8-12 months – assuming you get it right the first time. Most don’t. In fact, according to NIST, 48% of cryptography functions have flaws and 30% of algorithms don’t conform to standards. Rather than slip competitive development schedules and strain tight project budgets, let Certicom enable you to meet FIPS requirements in hours with a proven solution that industry leaders are already using. With a pre-approved FIPS 140-2 Validated level 1cryptographic module from Certicom, you can build government approved client and server side applications without having to go through the lengthy and costly FIPS approval process. In addition, Certicom provides expanded number of crypto classes enables additional high security functions, such as Elliptic Curve Cryptography (ECC) algorithms, which significantly increase application security, boosts efficiency, and provides a lasting competitive advantage. Pre-Validated FIPS for Open Source
It takes significant investments of time and money to achieve FIPS validation or Suite B level security using Open Source code. Meeting FIPS requirements can take 8-12 months – assuming you get it right the first time. Most don’t.
In fact, according to NIST, 48% of cryptography functions have flaws and 30% of algorithms don’t conform to standards. Given the development costs, the added hardware, and the support requirements, Open Source isn’t completely “free.” Rather than slip competitive development schedules and strain tight project budgets, software vendors can rely on third party support to supply crypto classes for OpenSSL implementations. This expanded number of crypto classes enables additional high security functions, such as Elliptic Curve Cryptography (ECC) algorithms, which significantly increase application security, boosts efficiency, and provides a lasting competitive advantage. 
For over 20 years, industry leaders such as General Dynamics, Texas Instruments, RIM, and the NSA rely on Certicom technology because they recognize the value of intuitive programming, high-performance, guaranteed code, professional documentation, solution road maps, immediate FIPS Validation, Suite B-level security, and an enduring commitment to keeping up with evolving standards.
Increase number of transactions processed by 300%, meet Suite B security requirements, and automatically gain FIPS validation on all major platforms Certicom Security Builder API for Open Source enables developers to dramatically improve the performance and enhance the security of their SSL and SSH applications with Elliptic Curve Cryptography (ECC) – without requiring developers to re-code. 
In addition, developers are able to plug into Certicom ECC cryptographic providers quickly and easily – gaining complete Suite-B level security, achieving FIPS 140-2 validation on all major platforms automatically, and enhancing performance to significantly increase the number of SSL/TLS transactions processed.
Key Benefits
Dramatically Improve Performance
Using 224-bit ECC in OpenSSL leads to a performance improvement that enables 300% more transactions to be processed in any given timeframe. This increased efficiency – which results from switching to ECC from RSA –is attributed to the small key size of ECC algorithms.1
Reduce Time-to-Market
Meeting FIPS requirements can take 8-12 months – assuming you get it right the first time. Most don’t. 48% of crypto modules have security flaws and 30% of algorithms do not conform to standard. 20% fail the second time around as well.2 Security Builder API for Open Source enables developers to plug in Certicom’s pre-approved cryptographic module and cryptographic providers– saving an enormous amount of development time without requiring any re-coding or changes to your legacy systems.
Meet Suite B and FIPS Requirements
Companies can’t sell products that use encryption to government agencies without FIPS validation. And since Government networks use a wide range of platforms, Certicom enables customer to meet FIPS 140-2 validation on all major platforms with a pre-approved cryptographic module. As the primary source of Suite B technology, Certicom can help you achieve complete Suite B compliance quickly and easily.
Security Builder API for Open Source Technical Brief
Certicom Security Builder API for Open Source delivers tremendous performance and portability while enabling developers to dramatically enhance security, achieving complete Suite B-level security and automatic FIPS 140-2 validation for all major platforms and leading applications.
| | Security Builder API for Open Source with Certicom Crypto Provider | Security Builder API for Open Source with Certicom Crypto Provider and FIPS | | Programming Language | | | | Cryptographic Providers | Security Builder Crypto-C 5.x | Security Builder GSE-C 2.x* | | Symmetric Encryption | | | | Asymmetric Encryption | | | | Key Agreement/Key Transport | | | | Digital Signatures | | | | Hash Functions | SHA-1, SHA-256, SHA-384, SHA-512, MD5 | SHA-1, SHA-256, SHA-384, SHA-512, MD5 | | Random Number Generation | ANSI X9.62, FIPS 140-2 extension | ANSI X9.62, FIPS 140-2 extension | | Implementation Code Size Range | | | | Open SSL Supported | | | | Open SSH Supported | | | | Platform Support | Linux ARM
Linux x86
Windows x86 | | * FIPS Certificate #542
Security Builder SSL-C vs. Open SSL: Comparing time required for authentication using ECDH/ECDSA cipher suites and RSA cipher suites** 
|
