Security and trust are all about keeping promises, doing what you say you’re going to do. Standardized security and conformance testing offer a convenient way of quickly identifying whether a product or service can fulfil the operational and security needs of the user.
GlobalPlatform conformance testing offers independent proof that a TEE correctly implements the core APIs and behaves in the way expected of the GlobalPlatform core API standards. Trustonic technology has been through several ‘test fests’ at GlobalPlatform meetings and has demonstrated full compliance.
Administered by the National Institute of Standards and Technology (NIST) in the USA, Federal Information Processing Standard (FIPS) is a set of standards and procedures that govern the way that US government departments and related bodies have to protect their information and their businesses in order to keep the country safe.
Due to their strong pedigree and high quality, many of the FIPS documents have been adopted by non-government industries around the world as the template for information security standards. Most notable among them is FIPS 140-2 which governs the construction and behaviour of cryptographic modules but there are other equally important documents covering cryptographic algorithm implementation, key management and high quality random number generation.
The cryptographic software elements of the Trustonic product set are written to the standards demanded by the FIPS specifications, pass the independent quality tests provided by NIST and have been proven in FIPS 140-2 certified products.
Standardized security and conformance testing offer a convenient way of quickly identifying whether a product or service can fulfil the operational and security needs of the user, but at the same time such a general stamp can never take account of the unique security needs of individual applications or services. While many services share common security concerns with common solutions, each service will have some unique requirements that apply because of it particular design, user base or context.
Because of this at Trustonic we don’t just rely on the general certification stamps. We also have the technology inspected by experienced independent professionals who look wider and deeper into specific use cases to ensure that Trustonic products and the applications that rely on them can confidently keep their security promises.