Resource Library

Certifications

SecureParser Certifications

NIST FIPS 140-2 Certificate #1180

This certificate is for a Hybrid cryptographic module as defined by FIPS Implementation

Guidance for FIPS 140-2: IG 1.9 Definition and Requirements of a Hybrid Cryptographic

Module. The SecureParser encryption module is a special type of software cryptographic module

that, as part of its operation, utilizes special purpose hardware to accelerate cryptographic

operations. The module was tested on Ubuntu 8 and Windows

Server 2003. and runs without recompilation on other GPC’s equipped with x64

compatible processors running kernels compatible with Ubuntu 8 and Windows Server 2003.

Additionally, the following encryption algorithms were certified to be appropriately utilized as validated by the Cryptographic Algorithm Validation Program (CAVP):

- AES Cert # 1017,1027,1028)

- DSA: Cert # 346

- RSA: Cert # 491

- ECDSA: Cert # 123

- SHA: SHA 1and SHA 256

- RNG: Cert # 584

- HMAC :Cert# 575 and 576

FIPS-approved algorithms: AES (Certs. #1017, #1027 and #1028); RNG (Cert. #584); RSA (Cert. #491); DSA (Cert. #346); SHS (Certs. #980 and #981); HMAC (Certs. #575 and #576); ECDSA (Cert. #123)

NIST FIPS 140-2 Certificate #920

The SecureParser cryptographic module has been evaluated by the National Institute of Standards and Technology (NIST) against the cryptographic module standard, FIPS 140-2, and been assigned certificate number 920 validating the security claims made in the submitted security policy. The certification is valid on four different platforms environments (X86-compatible w/ Windows 2003 Server; X86-compatible w/ Windows XP X86-compatible w/Red Hat Enterprise Linux 4; X86-compatible w/ Suse Enterprise Linux 10; X86-compatible w/ Windows XP) and for user mode, kernel mode and multi threaded mode.

Additionally, the following encryption algorithms were certified to be appropriately utilized as validated by the Cryptographic Algorithm Validation Program (CAVP):

- AES Modes: (ECB(e/d; 128,192,256); CBC(e/d; 128,192,256); CTR(int/ext; 128,192,256),

- DSA: SIG(gen) MOD(1024); SIG(ver) MOD(1024);

- RSA: ALG[RSASSA-PSS]; SIG(gen); SIG(ver); 1024 , 2048 , 4096 , SHS:

- ECDSA: SIG(gen): CURVES( P-521) and SIG(ver): CURVES( P-521 )

- SHA: SHA 1and SHA 256

- RNG: ANSI X9.31, [ AES-128Key ]

- HMAC: HMAC-SHA1 and HMAC SHA 256

Learn more

Whitepapers

SecureParser^® Overview

For the owners of valuable data, the need to protect it has reached new heights of focus and concentration. This problem can be viewed from many perspectives, but two common categories are its privacy and its availability. The former frequently breaks down as well-known elements of security (encryption, signatures and hashes) while the latter is solved by backups and redundant systems, each introducing its own new problems vis-à-vis the former (i.e., the security of data backups and redundant systems.) Learn more

Data-Centric Protection

Today's Information Assurance (IA) solutions are built in stove-piped architectures with "bolt on" perimeter based protection. As a result, IA solutions are complex, hard to scale, prone to points of vulnerability and do not facilitate information sharing. Whether it's IA for "Data at Rest" or" Data in Motion", solutions require a collection of complex hardware and software that must be replicated or added as IT infrastructure grows. Learn more

Robust Computational Secret Sharing and a Unified Account of Classical Secret-Sharing Goals

We give a unified account of classical secret-sharing goals from a modern cryptographic vantage. Our
treatment encompasses perfect, statistical, and computational secret sharing; static and dynamic adversaries;
schemes with or without robustness; schemes where a participant recovers the secret and those where an external
party does so. We then show that Krawczyk’s 1993 protocol for robust computational secret sharing
(RCSS) need not be secure, even in the random-oracle model and for threshold schemes, if the encryption
primitive it uses satisfies only one-query indistinguishability (ind1), the only notion Krawczyk defines. Learn more

The Unisys Stealth Solution and SecureParser: A new Method for Securing and Segregating Network Data

This white paper presents a new method of network security and virtualization that allows the consolidation of multiple network infrastructures, each dedicated to a single security level or community of interest, onto a single, virtualized
network. The overview of state-of-the-art network security protocols includes the use of SSL, IPSec, and HAIPE IS, followed by a discussion of the SecureParser® technology and Unisys Stealth architecture, which in combination allow secure sharing in consolidated networks. Learn more