Trustonic’s cryptographic library has been validated in line with the Federal Information Processing Standard (FIPS) 140-2. This new certification ensures that apps developed using Trustonic’s security technology meet the stringent security requirements implemented by both the US government and other regulated industries.
“As mobility expands, devices such as smartphones and tablets are being used to access and share government information,” comments George Kanuck, SVP of Sales and Marketing, Trustonic. “Keeping this data secure presents challenges, especially if employees are able to use their own devices. Now, service providers using Trustonic’s FIPS-certified crypto library can be sure that their apps are protected by the highest levels of hardware security. This enables them to work with government agencies and organizations, whose security requirements are, necessarily, strict.”
The National Institute of Standards and Technology (NIST) issued FIPS 140-2 to coordinate the standards for cryptography modules that include both hardware and software components. The standard relates to services that collect, store, transfer, share and disseminate sensitive information.
Already embedded into more than one billion devices, Trustonic’s Trusted Execution Environment (TEE)* hardware security technology offers a secure operating system, isolated from the normal device operating system. This makes it, and trusted applications residing in it, immune to all software threats resident on the device and enables advanced device security, such as biometric authentication and secure PIN entry. A unique Root of Trust, also embedded into the devices ensures that a trusted identity is preserved, preventing fraudulent use or cloning.
“Governments are increasingly focused on cybersecurity and hardware protection is central to the fight against hacking and fraud,” added Kanuck. “This is where our open TEE technology comes into its own. Uniquely, third-party apps, like secure messaging, can be provisioned after the handset or device has been deployed, which means that they too can benefit from secure isolation. This certification demonstrates our commitment to ensuring the highest levels of security for governments and enterprises across all devices and services.”
This achievement follows news earlier this year that Trustonic’s TEE product was the first to receive Common Criteria security certification.