Apr 16, 2020
Qualcomm products mentioned within this post are offered by Qualcomm Technologies, Inc. and/or its subsidiaries.
One of the ways Qualcomm Technologies is helping the world better connect is by enhancing the security of our products. We do this in part by constantly strengthening our security certification portfolio.
Our latest achievement is acquiring Federal Information Processing Standard (FIPS) certifications on the cryptographic modules on the Qualcomm Trusted Execution Environment (TEE) and Qualcomm Secure Processing Unit, found in the Qualcomm Snapdragon 855 mobile platform.
The crypto modules on the Qualcomm TEE received a FIPS Level 140-2 Level 1 certification, while the modules on the Qualcomm Secure Processing Unit were awarded a FIPS 140-2 Level 2 certification. Both subsystems are designed to help safeguard vital and sensitive end user data.
Our newest FIPS certifications
The newly certified crypto modules, listed below, are used in applications requiring robust security such as mobile payments and biometrics, integrated SIM (iUICC), and key management for user data and privacy like Android Keymaster and Strongbox.
- Qualcomm Trusted Execution Environment Software Cryptographic Library – FIPS 140-2 Level 1 (#3559)
- Qualcomm Secure Processing Unit
- FIPS 140-2 Level 2 (#3549)
- Previously certified in Common Criteria EAL4+ (BSI-DSZ-CC-1045-2019) AVA_VAN.5 (resistance to high attack potential)
Because these certified modules meet government and military standards, end users can rest assured that their data is stored and processed in a highly protective manner. In addition, the Qualcomm TEE cryptographic ACVP test framework is available to customers on the Snapdragon 855, making software-cryptographic certifications easier for mobile OEMs.
These two newly certified modules will enhance our current portfolio of FIPS-certified hardware cryptographic modules, which are utilized in key generation and File Based Encryption (FBE) features:
- Qualcomm Crypto Engine Core – FIPS Level 2 (#3434)
- Qualcomm Pseudo Random Number Generator– FIPS Level 1 (#3114)
- Qualcomm Inline Crypto Engine – FIPS Level 1 (#3124)
The significance of FIPS 140-2 certifications
Cryptographic modules are responsible for device functions that require the highest level of security, such as encryption, digital signatures, and authentication methods. The information protected by these cryptographic modules — which includes passwords, personal biometric information, mobile payment tokens, and SIM profiles— need to be well-guarded.
While FIPS 140-2 Level 1 certification focuses on a basic level of compliance, Level 2 concentrates on a tougher authentication implementation and a physical protection of the plaintext cryptographic keys and critical security parameters within the module. To meet the requirement, modules need to have tamper-evident mechanisms that are designed to prevent clever hackers from stealing information.
These additional protocols are engineered to support an increased level of security that’s needed for important and valuable personal data on a device. They’re especially critical when it comes to protecting biometric data, such as an individual’s fingerprint or iris.
What this means for smartphone manufacturers and buyers
Incorporating a system-on-chip with multiple FIPS 140-2 certifications enables device manufacturers to qualify for additional business opportunities, including government contracts that need to standardize purchases across numerous branches, enterprise customers, automobile contracts that want to enhance overall security practices, and healthcare devices.