FIPS 140-2 Encryption – Powerful and Cost-effective Solution

It takes significant investments of time and money to achieve FIPS validation. Meeting FIPS requirements can cost tens of thousands of dollars and take 8-12 months – assuming you get it right the first time. Most don’t.

In fact, according to NIST, 48% of cryptography functions have flaws and 30% of algorithms don’t conform to standards. Rather than slip competitive development schedules and strain tight project budgets, let Certicom enable you to meet FIPS requirements in hours with a proven solution that industry leaders are already using.

With a pre-approved FIPS 140-2 Validated level 1cryptographic module from Certicom, you can build government approved client and server side applications without having to go through the lengthy and costly FIPS approval process.

In addition, Certicom provides expanded number of crypto classes enables additional high security functions, such as Elliptic Curve Cryptography (ECC) algorithms, which significantly increase application security, boosts efficiency, and provides a lasting competitive advantage.

Pre-validated FIPS for Open Source

It takes significant investments of time and money to achieve FIPS validation or Suite B-level security using Open Source code. Meeting FIPS requirements can take 8-12 months – assuming you get it right the first time. Most don’t.

In fact, according to NIST, 48% of cryptography functions have flaws and 30% of algorithms don’t conform to standards. Given the development costs, the added hardware, and the support requirements, Open Source isn’t completely “free.” Rather than slip competitive development schedules and strain tight project budgets, software vendors can rely on third party support to supply crypto classes for OpenSSL implementations. This expanded number of crypto classes enables additional high security functions, such as Elliptic Curve Cryptography (ECC) algorithms, which significantly increase application security, boosts efficiency, and provides a lasting competitive advantage.

For over 20 years, industry leaders such as General Dynamics, Texas Instruments, BlackBerry, and the NSA rely on Certicom technology because they recognize the value of intuitive programming, high-performance, guaranteed code, professional documentation, solution road maps, immediate FIPS Validation, Suite B-level security, and an enduring commitment to keeping up with evolving standards.

Increase number of transactions processed by 300%, meet Suite B security requirements, and automatically gain FIPS validation on all major platforms

Certicom Security Builder API for Open Source enables developers to dramatically improve the performance and enhance the security of their SSL and SSH applications with Elliptic Curve Cryptography (ECC) – without requiring developers to re-code.

In addition, developers are able to plug into Certicom ECC cryptographic providers quickly and easily – gaining complete Suite B-level security, achieving FIPS 140-2 validation on all major platforms automatically, and enhancing performance to significantly increase the number of SSL/TLS transactions processed.

Key Benefits

Dramatically Improve Performance
Using 224-bit ECC in OpenSSL leads to a performance improvement that enables 300% more transactions to be processed in any given timeframe. This increased efficiency – which results from switching to ECC from RSA –is attributed to the small key size of ECC algorithms.1

Reduce Time-to-Market
Meeting FIPS requirements can take 8-12 months – assuming you get it right the first time. Most don’t. 48% of crypto modules have security flaws and 30% of algorithms do not conform to standard. 20% fail the second time around as well.2 Security Builder API for Open Source enables developers to plug in Certicom’s pre-approved cryptographic module and cryptographic providers– saving an enormous amount of development time without requiring any re-coding or changes to your legacy systems.

Meet Suite B and FIPS Requirements
Companies can’t sell products that use encryption to government agencies without FIPS validation. And since Government networks use a wide range of platforms, Certicom enables customer to meet FIPS 140-2 validation on all major platforms with a pre-approved cryptographic module. As the primary source of Suite B technology, Certicom can help you achieve complete Suite B compliance quickly and easily.

Certicom Security Builder API for Open Source delivers tremendous performance and portability while enabling developers to dramatically enhance security, achieving complete Suite B-level security and automatic FIPS 140-2 validation for all major platforms and leading applications.

  Security Builder API for Open Source with Certicom Crypto Provider Security Builder API for Open Source with Certicom Crypto Provider and FIPS
Programming Language

C

C

Cryptographic Providers

Security Builder Crypto-C 5.x

Security Builder GSE-C 2.x*

Symmetric Encryption

AES, DES

AES, DES

Asymmetric Encryption

RSA

RSA

Key Agreement/Key Transport

ECDH

ECDH

Digital Signatures

ECDSA, RSA

ECDSA, RSA

Hash Functions

SHA-1, SHA-256, SHA-384, SHA-512, MD5

SHA-1, SHA-256, SHA-384, SHA-512, MD5

Random Number Generation

ANSI X9.62, FIPS 140-2 extension

ANSI X9.62, FIPS 140-2 extension

Implementation Code Size Range

200-275 KB

approx 1.1 MB

Open SSL Supported

0.9.8e

0.9.8e

Open SSH Supported

4.6p1

4.6p1

Platform Support

Linux ARM
Linux x86
Windows x86

Linux x86
Windows x86

* FIPS Certificate #542

Security Builder SSL-C vs. Open SSL: Comparing time required for authentication using ECDH/ECDSA cipher suites and RSA cipher suites**

Pre-validated FIPS for .NET

In the government market, applications and products associated with the communication of sensitive data must meet FIPS requirements. It can take 8-12 months and significant budget. The .NET community can now meet this requirement in hours and show ROI.

"With Security Builder API for .NET, Certicom is providing a valuable tool for developers to add advanced security to applications built on .NET.”  - Thom Robbins, Director .NET Platform, Product Management at Microsoft

Beyond government requirements, mobile devices are expected to work with a host of applications, networks, and other devices. By nature, remote devices are subject to interoperability and security concerns that are resolved by universal standards and effective porting of inherent security applications. Microsoft’s .NET Framework for Desktops and .NET Compact Framework for mobile devices makes it easy for developers to address interoperability issues, but doesn’t automatically port cryptographic functions. Certicom Security Builder API for .NET solves these issues by enhancing the security and flexibility of applications. By enabling complete FIPS 140-2 and Suite B-level security in mobile devices, developers can port existing security into and between .NET Frameworks to deliver superior security.

This comprehensive solution also functions inside the .NET environment as managed code, to offer the dual advantage of leveraging existing operating system interactions while still allowing calls to the native, unmanaged code maintained within the wrappers. This means code can be reused in any .NET Framework application, drastically speeding up development and increasing ROI.

Enable Suite B support for .NET applications and reduce development time

Certicom Security Builder API for .NET enhances the security and flexibility of your applications by enabling you to quickly and easily achieve complete Suite B-level security.

Whether you’re running applications on a desktop or a mobile device, Certicom enables you to port existing security into and between the .NET Framework and the .NET Compact Framework quickly and easily - saving you time and money while delivering superior security.

Security Builder API for .NET facilitates seamless access to a richer set of cryptographic classes, enabling you to achieve Suite B-level security and FIPS 140-2 validation. When used with a pre-approved cryptographic module that supports popular protocols including TLS and VPN in FIPS mode, Security Builder API for .NET can save you 8-12 months of development time.

Key Benefits

Increase ROI
Leverage your legacy systems, reduce development time required, and re-use existing code because components built using Security Builder API for .NET can be used by any of the 20+ approved .NET languages - including C# and Visual Basic. Security Builder API for .NET is also interoperable with Microsoft CAPI, the new Microsoft CNG architecture, and supports all .NET platforms.

Reduce Time-to-Market
Designed to the same standard as those supported by Microsoft, Security Builder API for .NET crypto classes integrate into the .NET Framework architecture with ease, cutting development time. The .NET API enables ECC-based security to be ported seamlessly between existing desktops to both the .NET and .NET Compact Frameworks. To speed up development even more and show how the APIs are used, Certicom also supplies C# and Visual Basic samples.

Achieve Suite B-level Security
Certicom is the only provider to enable legacy .NET applications and newer environments to attain complete Suite B-level security with highly optimized implementations. The .NET API also supports RFC 4492 and the new Suite B TLS and IPSec standards co-authored by the NSA.

Key Features
Security Builder API for .NET facilitates seamless access to a richer set of cryptographic classes, enabling you to achieve Suite B-level security and FIPS 140-2 validation. When used with a pre-approved cryptographic module that supports popular protocols including TLS and VPN in FIPS mode, Security Builder API for .NET can save you 8-12 months of development time.

  Security Builder API for .NET Security Builder API for .NET with FIPS
Cryptographic Providers Security Builder Crypto-C 5.x Security Builder GSE-C 2.x*
Symmetric Encryption AES AES
Asymmetric Encryption N/A N/A
Key Agreement/Key Transport ECDH, ECMQV ECDH, ECMQV
Digital Signatures ECDSA ECDSA
Hash Functions SHA-1, SHA-256, SHA-384, SHA-512, MD5 SHA-1, SHA-256, SHA-384, SHA-512, MD5
Random Number Generation ANSI X9.62, FIPS 140-2 extension ANSI X9.62, FIPS 140-2 extension
Implementation Code Size Range 200-275 KB approx 1.1 MB
Code Sample Languages C#, Visual Basic C#, Visual Basic
Platform Support .NET 1.0/1.1
Win32 .NET
Win64 .NET
Windows Mobile 2003
Windows Mobile 2003Emulator
Windows CE 4.x/ 5.x
.NET 2.0
Win32 .NET
Win64 .NET
Windows Mobile 2003
Windows Mobile 2003Emulator
Windows CE 5.x
.NET 1.0/1.1
Win32 .NET
Windows Mobile 2003
Windows Mobile 2003Emulator
Windows CE 4.x/ 5.x
.NET 2.0
Win32 .NET
Windows Mobile 2003
Windows Mobile 2003Emulator
Windows CE 5.x