Expert FIPS 140 Certification Service Available

Digital Data Security (DDS) is pleased to announce that we have specialist technical resource available to manage the FIPS* certification process for products and applications utilising Cryptlib. Typically, obtaining FIPS certification for a cryptographic module is a highly technical and expensive exercise, requiring a great deal of time and effort. However, DDS has an experienced team available that will ensure your FIPS certification objectives are met, in a timely and cost-effective manner.
 
Please contact the Cryptlib sales team if you would like to discuss FIPS certification requirements further.
 
*The Federal Information Processing Standard (FIPS) publication is a US-government computer security standard used to accredit cryptographic modules and applications. The standard defines the security requirements that must be satisfied by a cryptographic module (Cryptographic Module Validation Program – CMVP) used in a security system protecting unclassified information within information technology systems. FIPS 140-2 certification is required for the sale of products implementing cryptography to the US Federal Government.

Cryptlib Software Meets TLS 1.2 Standard, Adds ECC Support

November 30, 2010. – The latest release of the widely-used Cryptlib security software development toolkit is now available. Significant new features includes support for TLS* 1.2, meaning Cryptlib is one of the first to provide developers with capabilities to meet the latest internet security standards. Elliptic Curve Cryptography** (ECC) is supported, both at the lower crypto-mechanism level and in high-level protocols like X.509, SSL/TLS, S/MIME, and SSH. Cryptlib developers will now find it easy to integrate various ECC requirements into their software applications.

For example, leading international traffic enforcement solutions provider Gatsometer (http://www.gatsometer.com) recently needed ECC. Managing Director Mr Timo Gatsonides says “since we are a longtime Cryptlib customer and like the trustworthy, easy-to-use library we approached them to include support for ECC. After a short period and some testing, we had a stable version which gave us the functionality we needed. Choosing Cryptlib really made our task very easy. There was no error-prone testing and debugging required in our application, and we only needed to alter a few lines of code to change from RSA to ECC.”

“Cryptlib 3.4 also introduces support for RFC 5083 authenticated encryption in CMS and PKCS #15, ECDSA, ECDH, X.509, TLS, SSH and CMS/SMIME with ECC, and RPKI support” says Dr Peter Gutmann, Cryptlib author and respected security expert.

The Cryptlib security software development toolkit allows even inexperienced programmers to easily add strong, robust encryption and authentication services to their software applications, without needing to know any of the complex lower-level details. Developers need only learn a single API. Cryptlib enhances system security and privacy, helps to reduce development costs significantly and protects vital commercial information.

Cryptlib has been used and trusted for over 12 years by significant organizations worldwide including American Power Conversion Corp., Lexmark International, the Netherlands Internal Revenue Service, and Mutual & Federal Insurance Co., among others.

Visit http://www.cryptlib.com for more information, or to download a free evaluation copy of the latest Cryptlib 3.4 software release.

End.

* TLS is an enhanced secure connection and authentication mechanism that represents the current version of the widely-used Internet security technology – formerly known as SSL.

**Elliptic Curve Cryptography is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. The US National Security Agency has endorsed it by including schemes based on ECC in its ‘Suite B’ set of recommended algorithms and allows their use for protecting information classified up to ‘top secret’ with 384-bit keys.

Contact:
Mr Shayne Jones
Business Development Manager
Digital Data Security Limited
Ph: +649 411 7297
mailto:shayne.jones@cryptlib.com

$US1Trillion Lost In Stolen IP & Data Theft; 2009

A 2009 McAfee report indicated businesses around the world lose more than $US1trillion annually

through data theft and cybercrime. Read more:

http://www.nzherald.co.nz/world/news/article.cfm?c_id=2&objectid=10679112

New cryptlib 3.3 Release Meets TLS Standard

Open-source security toolkit leads the way in ease-of-use and protection

The latest version of the popular Cryptlib security toolkit is now available. Cryptlib 3.3 is the first open-source software development toolkit to support the TLS-PSK standard*. By building strong mutual authentication into the existing TLS process, TLS-PSK provides a high level of security against phishing attacks that existing HTTP and TLS solutions can’t provide.

“Phishing is a multi-billion dollar growth industry that shows no signs of slowing down, because there are almost no effective defences against it. TLS-PSK is a direct drop-in upgrade to TLS that provides a high level of resistance to any phishing attack, and Cryptlib is the first open-source security toolkit that allows you to implement this defence” says Peter Gutmann, Ph.D., creator of Cryptlib, security specialist and international crypto-consultant.

A recent survey of CIO’s in US Federal Agencies** revealed that ensuring system security and privacy remains their highest priority. Cryptlib allows even inexperienced crypto-programmers to easily add strong, robust encryption and authentication services to software applications, without needing to know any of the complex low-level details, by providing powerful and easy-to-use digital signature, encryption, key management, and secure session routines. These provide implementations of complete security services such as SSL/TLS, SSH, S/MIME, PGP, and various PKI services that can be easily dropped into existing applications. In this manner Cryptlib enhances system security and privacy, helps to reduce development costs significantly and protects vital commercial information.

Christopher D. Leidigh, Director of Communications and Technology Research at American Power Conversion Corp., (www.apcc.com) says “Cryptographic libraries are at the heart of secure communication systems. If these libraries are poorly designed, or difficult to use, they could be the Achilles heel in any system. However, Cryptlib’s architecture has been carefully crafted to protect systems at all levels. The compact and modular nature of Cryptlib enabled APC to implement multiple secure protocols in a very small platform. The wide range of Cryptlib code and extensive documentation make this library the only complete choice for cryptographic needs.”

Cryptlib has been used and trusted for over 10 years by significant organizations worldwide including American Power Conversion Corp., Lexmark International, the Netherlands Internal Revenue Service, and Mutual & Federal Insurance Co., among others.

Visit www.cryptlib.com for more information, or to download a free evaluation copy of the software.

###
* TLS-PSK is an enhanced secure connection and authentication mechanism used with TLS, the widely-used Internet security technology formerly known as SSL.

** Information Technology Association of America’s Sixteenth Annual Survey of Federal CIO’s. February, 2006.

Contact:
Shayne Jones
Business Development Manager
Digital Data Security Limited
Ph: +64 9 411 7297
shayne.jones@cryptlib.com