Parsec HSID5000 is now FIPS 140-2 certified
SA-manufactured hybrid devices bring high-end portable encryption to market.
South African Original Design Manufacturer Parsec has announced that its innovative cryptographic security devices have completed FIPS 140-2 certification process.
Parsec, a specialist in defence solutions and crypto-based information security products, has submitted its HSID5000 A device to the US National Institute of Standards and Technology (NIST) for FIPS 140-2 Level 3 certification, to give defence, government and enterprise clients the assurance that the device meets international best practice.
The HSID5000A was certified as a FIPS 140-2 level 3 compliant product in December 2016. The product's NIST certificate number is 2806 and the Security Policy can be downloaded from http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm
The FIPS 140-2 standard is an information technology security accreditation programme for cryptographic modules for use in government departments and regulated industries.
"Reaching this advanced stage required stringent quality checks and controls, which has taken us a few years," reports Stephen Robson, security product manager at Parsec. "This is a major milestone for us," he says.
The HSID5000 has already been successfully deployed to customers in the South African and international markets according to Jaco Botha, senior product manager at Parsec.
Parsec's HSID5000 solutions are USB-based devices that offer a combination of an encrypted flash drive and PKI smart card and smart card reader, in one convenient package. The multifunctional hybrid tokens are used for PKI authentication, encryption of digital correspondence, signing and verification of advanced electronic signatures (AES) in line with the ECT act, and have an encrypted storage partition. Because the encryption keys are within a protected envelope on the USB hardware itself, and never on the PC, they are not vulnerable to attack in the way software-only solutions are.
Robson notes that the devices are also used as hardware security modules (HSMs) in applications that require highly secure key generation, storage and management. They could for example be used to encrypt credit card information in storage and in transit.
The HSID5000 family of solutions offer defence, government and enterprise customers an advanced hybrid approach to data protection, along with the assurance that they have been developed by a trusted South African firm in line with international gold standards. Parsec follows stringent development quality processes and controls within high security development and manufacturing environments, as well as submitting its products for independent quality verification to meet the highest possible security and quality standards.
Tobie van Loggerenberg, director of Parsec, notes that the protection of confidential information is critically important in several sectors, making Parsec's HSID5000 applicable across multiple industry verticals. "In addition to government and defence, where data sovereignty and national security is the highest priority, we envisage strong uptake in financial and legal services, where encryption and advanced electronic signatures will become increasingly important," he says. "For example, in the legal fraternity, advanced electronic signatures generated using the HSID5000 can stand up in court as valid; while lawyers and their clients will also be able to use the devices to encrypt and exchange confidential case information."
Botha concludes that while the first HSID5000 is designed to satisfy the demands of the defence sector, Parsec is also developing secure authentication products for consumers and small to medium enterprises. Parsec's SOLID webKey is an example of a product that provides both FIDO U2F second factor authentication as well as a 2 000 entry password vault. The product been successfully Beta tested and is planned to launch in Q3 of 2017.