API Journal Authors: Yeshim Deniz, Liz McMillan, Elizabeth White, Ruxit Blog, William Schmarzo

News Feed Item

Tough, Tested and Certified - Entrust's PIV Smartcards Earn Pair of Trusted FIPS Certifications

Entrust's new certifications demonstrate interoperability, compatibility with strict NIST standards

DALLAS, Feb. 12, 2013 /PRNewswire/ -- Entrust Inc. finalized a pair of government approvals with FIPS 201 and FIPS 140 certifications for the company's PIV smartcard credential technology, which was reviewed, tested and certified by the National Institute of Standards and Technology (NIST).

These strict certifications demonstrate interoperability with established NIST standards, making them more reliable for governments, private organizations, banks or enterprises deploying security solutions in multivendor environments. To ensure a seamless deployment, many organizations will only purchase solutions that carry certain certifications.

"These certifications demonstrate Entrust's ongoing commitment to high security standards, particularly for large-scale identity authentication and credentialing interoperability," said Entrust President and CEO Bill Conner. "This achievement provides organizations across the world the assurances they need to deploy Entrust solutions and services with confidence and unwavering trust."

Based on strict standards set by the U.S. government, these certifications help ensure interoperability by vetting protocol conformance for smartcards (FIPS 201) and testing cryptography strengths (FIPS 140). These approvals complement and support Entrust's existing Common Criteria EAL 5 certification.

Reviewed by the NIST Personal Identity Verification (PIV) Platform Validation Authority, FIPS 201 certification focuses on interoperability between the PIV application and other parts of the PIV solution, including physical access readers and logical access clients. The strict certification also verifies the smartcard can withstand many years of rigorous wear and tear (e.g., being in a wallet or attached to a lanyard). To address the aspect of physical durability, Entrust relies upon advanced third-party antenna designs that support extended lifespans.

FIPS 140 certification ensures a given solution meets or exceeds U.S. government security standards that specify requirements for cryptography modules and physical tamper-resistance. An example includes testing the elliptic curve cryptography (ECC) implementation used within the solution.

The PIV standard outlines tested and approved systems that support a common smartcard-based platform for managing the identity, and then using that identity for digital signatures, encryption and authentication to multiple types of physical and logical access environments. Smartcards carry and manage the digital identity of the cardholder, protecting the theft of the identity through sophisticated hardware technology.

Entrust also includes additional extensions that enable a new level of customization and versatility within a private environment. Two of the more requested capabilities include PIN unblocking and the ability to execute over-the-air (OTA) tasks on mobile devices. All extensions are configurable and add convenience and customization unrivaled in the market.

"Entrust has long been committed to providing credentialing solutions that are compliant to the necessary PIV standards," said Conner. "Adding additional capabilities and conveniences, however, provides organizations unmatched versatility to achieve identity-based security standards that are a perfect match for their organization and overall goals."

Entrust has established relationships with a leading smartcard vendor to offer PIV credentialing solutions for state governments, private sectors and other non-federal organizations who need identity credentials that are issued in a manner that facilitates trust and technical interoperability with the U.S. federal PIV smartcard standard. Entrust smartcard solutions leverage the latest chip technology for fast, secure performance.

For upgrading organizations, Entrust incorporates advanced technology to allow for easy migration away from outdated legacy systems by simultaneously supporting old and new technology.

For additional convenience, Entrust also provides organizations a PIV-compatible credential that may be placed directly on mobile devices. Entrust's Mobile Smart Credential technology provides PIV authentication, encryption and digital signing without incurring typical deployment costs (e.g., card production and shipping). When the Entrust Mobile Smart Credential application is downloaded from the Apple, Google Play or BlackBerry application stores, and personalized with an identity, it is designed to mirror the behavior of a standard PIV smartcard.

Entrust is one of only a handful of PKI vendors approved to issue digital certificates for U.S. departments and agencies through the Shared Service Provider (SSP) and Federal Bridge CA programs. In addition, Entrust provides the digital certificates for all agencies who receive PIV credentials, from the General Services Administration (GSA), via the USAccess program.

Created by the U.S. NIST, the Federal Information Processing Standards (FIPS) outline general requirements for cryptographic modules within computer and telecommunication systems. A cryptographic module is defined as any combination of hardware, firmware or software that implements cryptographic functions such as encryption, decryption, digital signatures, authentication techniques and random-number generation.

An agency of the U.S. Department of Commerce, NIST is one of the nation's oldest physical science laboratories. Founded by Congress in 1901, the agency was established to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life.

Common Criteria certification is recognized globally by many national governments including the United States, Canada, United Kingdom, Germany, France, Italy, Netherlands, Israel, Spain, Japan, Australia and New Zealand. The standards help build the broadest possible international framework for mutual recognition of IT security products. To achieve Common Criteria certification, organizations must submit IT security products to be evaluated by competent and independent licensed laboratories so as to determine the fulfillment of particular security properties, to a certain extent or assurance (EAL level).

For more information on Entrust's PIV solutions, visit entrust.com/piv-standard.

Tweet It: Tough, Tested and Certified. Entrust receives government approvals with FIPS 201 and FIPS 140 certifications, www.entrust.com/news.

About Entrust
A trusted provider of identity-based security solutions, Entrust secures enterprises, governments, financial institutions, citizens and websites in more than 5,000 organizations spanning 85 countries. Entrust's customer-centric focus is the foundation to delivering organizations an unmatched level of security, trust and value. For strong authentication, credentialing, physical and logical access, mobile security, digital certificates, SSL and PKI, call 888-690-2424, email [email protected] or visit www.entrust.com

Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In Canada, Entrust is a registered trademark of Entrust Limited. All Entrust product names are trademarks or registered trademarks of Entrust, Inc. or Entrust Limited. All other company and product names are trademarks or registered trademarks of their respective owners.

(Logo: http://photos.prnewswire.com/prnh/20060720/NYTH074LOGO)

SOURCE Entrust, Inc.

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
SYS-CON Events announced today that Roundee / LinearHub will exhibit at the WebRTC Summit at @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. LinearHub provides Roundee Service, a smart platform for enterprise video conferencing with enhanced features such as automatic recording and transcription service. Slack users can integrate Roundee to their team via Slack’s App Directory, and '/roundee' command lets your video conference ...
SYS-CON Events announced today that Enzu will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to focus on the core of their online busine...
SYS-CON Events announced today that SoftNet Solutions will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. SoftNet Solutions specializes in Enterprise Solutions for Hadoop and Big Data. It offers customers the most open, robust, and value-conscious portfolio of solutions, services, and tools for the shortest route to success with Big Data. The unique differentiator is the ability to architect and...
Why do your mobile transformations need to happen today? Mobile is the strategy that enterprise transformation centers on to drive customer engagement. In his general session at @ThingsExpo, Roger Woods, Director, Mobile Product & Strategy – Adobe Marketing Cloud, covered key IoT and mobile trends that are forcing mobile transformation, key components of a solid mobile strategy and explored how brands are effectively driving mobile change throughout the enterprise.
In past @ThingsExpo presentations, Joseph di Paolantonio has explored how various Internet of Things (IoT) and data management and analytics (DMA) solution spaces will come together as sensor analytics ecosystems. This year, in his session at @ThingsExpo, Joseph di Paolantonio from DataArchon, will be adding the numerous Transportation areas, from autonomous vehicles to “Uber for containers.” While IoT data in any one area of Transportation will have a huge impact in that area, combining senso...
"Matrix is an ambitious open standard and implementation that's set up to break down the fragmentation problems that exist in IP messaging and VoIP communication," explained John Woolf, Technical Evangelist at Matrix, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
@ThingsExpo has been named the Top 5 Most Influential Internet of Things Brand by Onalytica in the ‘The Internet of Things Landscape 2015: Top 100 Individuals and Brands.' Onalytica analyzed Twitter conversations around the #IoT debate to uncover the most influential brands and individuals driving the conversation. Onalytica captured data from 56,224 users. The PageRank based methodology they use to extract influencers on a particular topic (tweets mentioning #InternetofThings or #IoT in this ...
The IoT has the potential to create a renaissance of manufacturing in the US and elsewhere. In his session at 18th Cloud Expo, Florent Solt, CTO and chief architect of Netvibes, discussed how the expected exponential increase in the amount of data that will be processed, transported, stored, and accessed means there will be a huge demand for smart technologies to deliver it. Florent Solt is the CTO and chief architect of Netvibes. Prior to joining Netvibes in 2007, he co-founded Rift Technologi...
For basic one-to-one voice or video calling solutions, WebRTC has proven to be a very powerful technology. Although WebRTC’s core functionality is to provide secure, real-time p2p media streaming, leveraging native platform features and server-side components brings up new communication capabilities for web and native mobile applications, allowing for advanced multi-user use cases such as video broadcasting, conferencing, and media recording.
24Notion is full-service global creative digital marketing, technology and lifestyle agency that combines strategic ideas with customized tactical execution. With a broad understand of the art of traditional marketing, new media, communications and social influence, 24Notion uniquely understands how to connect your brand strategy with the right consumer. 24Notion ranked #12 on Corporate Social Responsibility - Book of List.
Established in 1998, Calsoft is a leading software product engineering Services Company specializing in Storage, Networking, Virtualization and Cloud business verticals. Calsoft provides End-to-End Product Development, Quality Assurance Sustenance, Solution Engineering and Professional Services expertise to assist customers in achieving their product development and business goals. The company's deep domain knowledge of Storage, Virtualization, Networking and Cloud verticals helps in delivering ...
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
@ThingsExpo has been named the Top 5 Most Influential M2M Brand by Onalytica in the ‘Machine to Machine: Top 100 Influencers and Brands.' Onalytica analyzed the online debate on M2M by looking at over 85,000 tweets to provide the most influential individuals and brands that drive the discussion. According to Onalytica the "analysis showed a very engaged community with a lot of interactive tweets. The M2M discussion seems to be more fragmented and driven by some of the major brands present in the...
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...
In the next five to ten years, millions, if not billions of things will become smarter. This smartness goes beyond connected things in our homes like the fridge, thermostat and fancy lighting, and into heavily regulated industries including aerospace, pharmaceutical/medical devices and energy. “Smartness” will embed itself within individual products that are part of our daily lives. We will engage with smart products - learning from them, informing them, and communicating with them. Smart produc...
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, will discuss the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docke...
As ridesharing competitors and enhanced services increase, notable changes are occurring in the transportation model. Despite the cost-effective means and flexibility of ridesharing, both drivers and users will need to be aware of the connected environment and how it will impact the ridesharing experience. In his session at @ThingsExpo, Timothy Evavold, Executive Director Automotive at Covisint, will discuss key challenges and solutions to powering a ride sharing and/or multimodal model in the a...
Just over a week ago I received a long and loud sustained applause for a presentation I delivered at this year’s Cloud Expo in Santa Clara. I was extremely pleased with the turnout and had some very good conversations with many of the attendees. Over the next few days I had many more meaningful conversations and was not only happy with the results but also learned a few new things. Here is everything I learned in those three days distilled into three short points.
SYS-CON Events announced today that Embotics, the cloud automation company, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Embotics is the cloud automation company for IT organizations and service providers that need to improve provisioning or enable self-service capabilities. With a relentless focus on delivering a premier user experience and unmatched customer support, Embotics is the fas...
SYS-CON Events announced today that Coalfire will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Coalfire is the trusted leader in cybersecurity risk management and compliance services. Coalfire integrates advisory and technical assessments and recommendations to the corporate directors, executives, boards, and IT organizations for global brands and organizations in the technology, cloud, health...