FIPS-certified security comes to enterprise applications in smartphones

January 17, 2014 // By Jean-Pierre Joosting
INSIDE Secure has announced that it has upgraded its SafeZone FIPS software cryptographic module to improve security for a broad array of smart connected devices.

The enhanced SafeZone cryptographic software enables developers to build for the first time FIPS 140-2 certified applications for Trusted Execution Environments (TEE) based on ARM TrustZone® frameworks. Now able to operate in a Trustonic <t™-base TEE, the SafeZone FIPS cryptography module, together with SafeZone security toolkits for protecting content, data at rest and data in motion, provides the high level of assurance needed to allow smart connected devices to perform high-value transactions with trust for the mobile enterprise, mobile banking and payments or entertainment and premium content service applications.

“We see trusted platform TEEs such as those provided by Trustonic becoming increasingly important as a way to provide a secure environment to protect these applications and sensitive enterprise information and communications as smart connected devices are increasingly used in the enterprise for more high-value applications,” said Simon Blake-Wilson executive vice president for the Mobile Security division at INSIDE Secure. “Using platforms with our FIPS-certified solution, developers can avoid the lengthy and expensive FIPS validation process and get their product to market more quickly. By using our pre-validated module, they can meet current and future security requirements without having to pull valuable resources from their core competency.”

A TEE isolates sensitive operations on smart connected devices from the standard, general-purpose, operating system, providing a safer execution environment for these applications to run within. TEEs have already been deployed in more than 100 million devices. Many popular smartphones now incorporate TEE technology.

INSIDE has worked in close cooperation with Trustonic to ensure that its SafeZone FIPS cryptography module and toolkits integrate with the Trustonic <t-base TEE to provide FIPS- compliant operations within that framework for smart connected devices.

As more and more industries involved in critical infrastructure and other sensitive systems become targets of cyber attacks, they have come under increasing pressure to implement and deploy applications, devices and communications networks that offer greater resistance to attack, in line with government mandates,