Certicom Security Architecture Boston MA

provided by: 
Originally published at Internet.com

ECC, according to the vendor, "...provides the most security per bit of any known public-key scheme..."; allowing it to offer comparable security to competing technologies but with smaller key sizes. Standing for "Elliptic Curve Cryptography," ECC was discovered in 1985 as an alternative mechanism for implementing public-key cryptography.

The vendor's Certicom Security Architecture (CSA) platform enables the use of this technology within developed applications and devices by providing at its heart a core API (Security Builder API) that serves as an abstraction layer between the higher level applications that need to use the cryptography and the lower level modules or hardware that actually provide it. The high level application, therefore, needn't be drastically altered should a new crypto provider be needed or the underlying hardware (chipset) need to be changed. The API has the ability to access the fastest or strongest security available within the platform; whether that security is provided within the chipset or in a specific crypto provider.

The Security Builder API is further abstracted via additional layers specifically for use with OpenSSL (the Security Builder API for Open Source), and the new Security Builder API for .NET. These secondary abstraction layers provide developers working within these technologies the ability to interact with the Security Builder API without having to recode their applications.

Beneath the Security Builder API are the vendor's crypto providers themselves, including:

- Security Builder Crypto, for integration of encryption, public-key cryptography and other security mechanisms into C, C# and Java apps

- Security Builder NSE, for NSA compatible deployments. Includes ECMQV and ECDSA, and supports Windows and Linux platforms

- Security Builder GSE, for the creation of apps that meet FIPS 140-2 and NSA Suite B requirements

- Security Builder MCE, software cryptographic module for microcontroller devices

- Security Builder BSP, board support package for access to hardware-based cryptography

- Hardware IP Cores, for the implementation of crypto within hardware. These include the Certicom ECC Core, for the acceleration of ECC on microcontroller devices (such as sensor networks)

On top of this core platform can be deployed multiple service modules, which support the implementation of specific protocols or applications. Among these security services are:

- Security Builder IPSec, a client-side VPN module

- Security Builder ETS, for the implementation services including secure key storage, key management and authentication services for trusted platforms. ETS interfaces with hardware-based trusted platform modules through Security Builder BSP

- DRM Agent, a digital rights management client

- Security Builder SSL, an SSL protocol module with support for 20+ SSL and TLS cipher suites, including ECC for C and Java applications. Supports SSL 2.0, SSL 3.0, TLS 1.0, and WAP 2.0 and extensible authentication such as EAP-TLS, EAP-TTLS, and EAP-PEAP

- Security Builder PKI, digital certificate management module for apps in C or Java

Also available from the vendor is the Certicom Suite B Web Security Power Bundle, which is targeted to the implementation of ECC-based Web communications. The bundle includes the Security Builder GSE, Security Builder IPSec, and Security Builder SSL components described above; and adds to them the Security Builder SSL mod-SSL plug-in for Apache, allowing the Apache Web server to become Suite B compliant; and the Certicom Suite B CSP for Firefox, allowing Firefox browsers to become Suite B compliant.

The Certicom product line is available now. Visit the vendor's Web site for further information.Author: EITPlanet Staff

Read article at Internet.com site