September 18, 2017 -
Trustonic revealed that its cryptographic library has been validated in line with the Federal Information Processing Standard (FIPS) 140-2, which ensures that apps developed using Trustonic’s security technology meet the strict security requirements implemented by both the US government and other regulated industries.
“As mobility expands, devices such as smartphones and tablets are being used to access and share government information,” said George Kanuck, SVP of sales and marketing at Trustonic. “Keeping this data secure presents challenges, especially if employees are able to use their own devices. Now, service providers using Trustonic’s FIPS-certified crypto library can be sure that their apps are protected by the highest levels of hardware security. This enables them to work with government agencies and organizations, whose security requirements are, necessarily, strict.”
The National Institute of Standards and Technology (NIST) issued FIPS 140-2 to coordinate the standards for cryptography modules that include both hardware and software components.
The standard pertains to services that collect, store, transfer, share and distribute sensitive information.
Trustonic’s Trusted Execution Environment (TEE) hardware security technology has already been embedded into more than one billion devices.
The secure operating system is isolated from the normal device operating system, which makes it and the trusted applications housed inside it immune to all software threats resident on the device.
The system enables advanced device security, such as biometric authentication and secure PIN entry.
In addition, the unique Root of Trust that is embedded into the devices ensures that a trusted identity is maintained, which prevents fraudulent use or cloning.
“Governments are increasingly focused on cybersecurity and hardware protection is central to the fight against hacking and fraud,” Kanuck said. “This is where our open TEE technology comes into its own. Uniquely, third-party apps, like secure messaging, can be provisioned after the handset or device has been deployed, which means that they too can benefit from secure isolation. This certification demonstrates our commitment to ensuring the highest levels of security for governments and enterprises across all devices and services.”
Trustonic’s TEE product was the first to receive Common Criteria security certification in March, providing device manufacturers in the mobile and IoT space with the assurance that the product meets an industry-defined security baseline.