Government Certifies First Android Crypto Software with NSA Suite B

Share Article

Official FIPS 140-2 Validation for Mocana NanoCrypto™ Android™ Should Make it Easier for Military, Government and Contractors to Specify Android Devices

This makes it easier for developers to start building cost-effective, security-oriented commercial Android apps for use in federal and military settings

Mocana Corporation, a company that focuses on securing non-PC connected devices, today announced that it has earned the government's first FIPS 140-2 level one validation for a binary cryptographic module with Suite B cryptography running on the Android™ platform.

Mocana was in the news last week after receiving a significant strategic investment from Symantec. The resulting technology partnership will help Symantec expand its offerings from the PC into the faster-growing "smart device" market.

The 140-2 FIPS (Federal Information Processing Standards) are used to accredit the cryptographic "engines" that drive secure software or hardware implementations, and most federal agencies and contractors working on sensitive government projects are prohibited from buying products containing security software that is not officially FIPS-validated. Up until now, FIPS-validated security hasn't been commercially available for Android devices. Today's announcement clears an important obstacle to the more widespread use of these devices in the federal government.

NIST, the National Institute of Standards and Technology, wrote the FIPS 140 Publication Series to standardize federal cryptography requirements. Most federal agencies and departments require that any computer security implementations contain only FIPS-certified cryptographic modules. The FIPS 140-2 program tests security software and hardware approved for government "sensitive, but un-classified" information. The application and testing process is rigorous and non-trivial, but for companies selling security products to the federal government, their contractors or allies overseas, formal FIPS validations are a prerequisite to eligibility for government contracts.

Mocana applied for and received FIPS 140-2 Level 1 validation for its NanoCrypto Android product ( compiled for Linux on ARM-based CPUs; the FIPS-validated NanoCrypto binary will run on all current Android phones and devices. NanoCrypto is a sophisticated cryptographic engine designed for device developers. It's purpose-built for non-PC devices and resource-constrained embedded systems. It is one of the smallest, fastest and most comprehensive cryptographic cores on the market, in addition to being one of the most popular: the cryptographic engine that drives NanoCrypto is already installed on millions of devices from hundreds of device OEMs worldwide, on everything from networked medical devices to unmanned military drones ("UAVs"). With built-in support for over 30 operating systems, NanoCrypto enables device OEMs and ISVs to add sophisticated cryptographic security features to almost any type of device or application.

"This makes it easier for developers to start building cost-effective, security-oriented commercial Android apps for use in federal and military settings," said Adrian Turner, CEO of Mocana. "Many government buyers couldn't purchase Android phones 'off the shelf', because FIPS 140-2 validated solutions weren't available. Now this incredibly popular platform is a more viable, cost-effective option for sensitive federal and military applications that need strong cryptography."

FIPS certification should make it easier for Android to penetrate the medical market, too - another device ecosystem where security is key. Specifying FIPS 140-2 validated encryption software in purchasing contracts is an easy, "best practices" way for hospitals and health networks to take a high assurance approach to data confidentiality and integrity protection, especially as it relates to the security and privacy of patient records. Mocana's CEO, Adrian Turner, was interviewed recently by Maria Bartiromo on CNBC regarding the state of medical device security, and interested parties can view that video at

NanoCrypto, like every Mocana product, is available as a FIPS-validated binary for specific platforms or as platform-independent ANSI C source code. Designed exclusively for developers; NanoCrypto is not a "finished app" or utility for end-users. Developers can request a free trial of the NanoCrypto product at

About Mocana

Mocana secures the "Internet of Things" - the 20 billion datacom, smartgrid, federal, consumer, industrial and medical devices that connect across every sector of our economy. These devices already outnumber PC's on the Internet by five to one, representing a $900 billion market that's growing twice as fast as the PC market. Every day, millions of people use products sold by over 100 companies that leverage Mocana's Device Integrity software, including Dell, Cisco, Honeywell, General Electric, General Dynamics, Avaya, Nortel Networks, Harris and Radvision, among others. Mocana won Frost & Sullivan's Technology Innovation of the Year award for 2008 for Device Security, and was named to the Red Herring Global 100 as one of the "top 100 privately-held technology companies in the world" in January 2009.

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Mat Small
+1 415-365-0396
Email >
Visit website