Hypersecu Announces FIPS 140-2 Level 3 Certification for HYP2003 a world leading PKI token

BELLEVUE, Wash. - July 11, 2014 - PRLog -- Richmond, Canada and Bellevue, Washington, USA / Hypersecu Information Systems, Inc., (www.hypersecu.com (http://www.ftsafe.com)), a leading IT security company specializing in building authentication products and solutions announces HYP2003 is now FIPS 140-2 Level 3 certified.

Hypersecu once again has increased their product security offering now announcing the flagship PKI token HYP2003 is now FIPS 140-2 Level 3 certified.  The new level of certification opens doors for projects worldwide the require FIPS 140-2 Level 3 certification that may be regulated by local policies, regulations and common practice policies to offer a higher level of security.   HYP2003 is a popular choice for two factor authentication, smart card logon, encryption, email encryption, document signing and authentication worldwide sold in over 50 countries due to it's compatibility, excellent support and market leading competitive pricing.

NIST (National Institute of Standards and Technology) states the applicability of "FIPS 140-2 to all Federal agencies that use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems (including voice systems) as defined in Section 5131 of the Information Technology Management Reform Act of 1996, Public Law 104-106."  FIPS 140-2 is also set as a standard worldwide for applications used in enterprise.

NIST (National Institute of Standards and Technology) states applications of usage could be “Cryptographic-based security systems may be utilized in various computer and telecommunication applications (e.g., data storage, access control and personal identification, network communications, radio, facsimile, and video) and in various environments (e.g., centralized computer facilities, office environments, and hostile environments). The cryptographic services (e.g., encryption, authentication, digital signature, and key management) provided by a cryptographic module are based on many factors that are specific to the application and environment. “

Below is an explanation of FIPS 140-2 Level 3 Certification from NIST, please visit their site for more information http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf

“In addition to the tamper-evident physical security mechanisms required at Security Level 2, Security Level 3 attempts to prevent the intruder from gaining access to CSPs held within the cryptographic module. Physical security mechanisms required at Security Level 3 are intended to have a high probability of detecting and responding to attempts at physical access, use or modification of the cryptographic module. The physical security mechanisms may include the use of strong enclosures and tamper detection/response circuitry that zeroizes all plaintext CSPs when the removable covers/doors of the cryptographic module are opened.

Security Level 3 requires identity-based authentication mechanisms, enhancing the security provided by the role-based authentication mechanisms specified for Security Level 2. A cryptographic module authenticates the identity of an operator and verifies that the identified operator is authorized to assume a specific role and perform a corresponding set of services.

Security Level 3 requires the entry or output of plaintext CSPs (including the entry or output of plaintext CSPs using split knowledge procedures) be performed using ports that are physically separated from other ports, or interfaces that are logically separated using a trusted path from other interfaces. Plaintext CSPs may be entered into or output from the cryptographic module in encrypted form (in which case they may travel through enclosing or intervening systems).

Security Level 3 allows the software and firmware components of a cryptographic module to be executed on a general purpose computing system using an operating system that

• meets the functional requirements specified in the PPs listed in Annex B with the additional functional requirement of a Trusted Path (FTP_TRP.1) and

• is evaluated at the CC evaluation assurance level EAL3 (or higher) with the additional assurance requirement of an Informal Target of Evaluation (TOE) Security Policy Model (ADV_SPM.1).

An equivalent evaluated trusted operating system may be used. The implementation of a trusted path protects plaintext CSPs and the software and firmware components of the cryptographic module from other untrusted software or firmware that may be executing on the system”

For more information on the HYP2003 PKI token and how to test it today please contact Gregory Dunn at gregory@hypersecu.com

About Hypersecu

Hypersecu Information Systems, incorporated in British Columbia, Canada, is an innovative information security solution provider, dedicated to strong authentication and user identification technology. Hypersecu delivers state-of-the-art authenticator, security middleware and authentication system to business customers world-wide, helps solve their most complex authentication challenges.  For more information about Hypersecu please visit www.hypersecu.com

Follow Hypersecu on Linkedin, Twitter, Facebook and Youtube