OnQ Blog

Cryptographic module in Snapdragon 805 is FIPS 140-2 certified

7 nov. 2014

Qualcomm products mentioned within this post are offered by Qualcomm Technologies, Inc. and/or its subsidiaries.

We are happy to announce that the cryptographic module in the Qualcomm® Snapdragon™ 805 processor has passed FIPS 140-2 security certification. This is significant in that it demonstrates Qualcomm cryptographic compliance and helps qualify our customers to enter government departments and other regulated industries with FIPS 140-2 requirements. The cryptographic module is unique in the industry in that almost all the capabilities are based in hardware, as compared with most software-based alternative solutions.

Cryptographic modules

A cryptographic module is "the set of hardware, software, firmware, or some combination thereof that implements cryptographic logic or cryptographic processes, including cryptographic algorithms, and is contained within the cryptographic boundary of the module”[1].  Protection of a cryptographic module within a security system is important for maintaining the confidentiality and integrity of the information protected by the module. Applications of cryptography include password protection, electronic commerce, software verification, and secure communication.

FIPS 140-2 certification

FIPS (Federal Information Processing Standard) publication 140-2 is a U.S. government computer security standard for accrediting cryptographic modules. More specifically, it is an information technology security accreditation program that enables private sector vendors like us to have our products “certified for use in government departments and regulated industries (such as financial and healthcare institutions) that collect, store, transfer, share and disseminate sensitive but unclassified information” [2]. In the enterprise space, it also enables IT managers to deploy a more secure device fleet.

Benefits of FIPS certification

The following cryptographic use cases most directly benefit from FIPS certification of the Qualcomm hardware cryptographic engine in the Snapdragon 805 processor:

  • Full disk encryption
  • Cryptographic functions for Android applications
  • Random number generator functionality
  • Protection of premium video content

Learn more about how premium video content is protected through Qualcomm® Snapdragon StudioAccess™ technology.

The bigger Qualcomm Security Solutions picture

The Qualcomm hardware cryptographic engine is a critical part of Qualcomm® SecureMSM™ technology, which provides the hardware-based foundation of all Qualcomm Security Solutions. In addition to security code protected by hardware, SecureMSM technology utilizes hardware keys and the hardware cryptographic engine to better protect sensitive data and provide stronger resistance to physical and malware attacks. Qualcomm’s high-speed, low power cryptographic accelerators further enhance the performance and security of cryptographic operations.  A 256-bit random AES hardware key that is inaccessible to software protects storage of data at rest (of data stored in device flash memory).

Our work with atsec

All of the tests under the Cryptographic Module Validation Program are handled by third-party laboratories that are accredited as Cryptographic Module Testing laboratories by the National Voluntary Laboratory Accreditation Program. Vendors interested in validation testing may select any of the thirteen accredited labs. Qualcomm chose atsec information security and greatly appreciates their assistance in the certification process.

Read more about Qualcomm Security Solutions in my previous blog post.

[1] http://csrc.nist.gov/publications/nistpubs/800-32/sp800-32.pdf

[2] http://en.wikipedia.org/wiki/FIPS_140-2

Qualcomm SecureMSM and hardware cryptographic engine are products of Qualcomm Technologies, Inc.