RSA, the Security Division of EMC, announced RSA Professional Services has worked with Canon U.S.A., a provider of digital imaging, to provide US government standard encryption for its embedded platform used to validate smart cards in Canon printers, copiers and multifunction products. RSA's technology has enabled the company to sell equipment that achieves the security requirements for smart card authentication to the U.S. public sector, such as the US Department of Defense.
In order to sell products containing cryptography capability to the US government, information technology and office equipment must meet Federal Information Processing Standardization 140 (FIPS 140) regulations. The FIPS 140 regulations require that software undergo third-party testing to prove that it is robust and secure. Once the software has been tested, the National Institute of Standards and Technology (NIST) evaluates the software code as well as its documentation, to ensure the cryptography algorithms meet the federally-mandated standard.
"In the current economy, time to market is critical, and compliance requirements can slow down development dramatically," said Brian Zeman, Senior Director, Professional Services, RSA, The Security Division of EMC. "RSA Professional Services brings the expertise and the validated security components that can accelerate development of new products to be released into the U.S. government market as quickly as possible."
RSA Professional Services worked in conjunction with Canon during the development of Canon's smart card services for multifunction embedded application platform (MEAP) to integrate security software into the solution. To achieve the federal standard, RSA provided a set of common libraries written in Java that meet FIPS 140 requirements that also serve as the basis for the solution's cryptographic functions.
In addition to providing the FIPS 140 certified Java libraries, RSA commissioned and managed the third-party validation activities, which included thorough examination of the software and documentation as well as extensive solution testing including forced failure tests where the program was modified to determine whether it could identify its own failure and respond with accurate error notifications. The process of integrating and verifying FIPS 140 encryption into smart card services for MEAP lasted six months.
"Canon chose to work with RSA on the development of our smart card services for the MEAP platform because of RSA's reputation for providing reliable cryptographic products that are accepted by the Department of Defense and other government entities. By utilizing their proven software solution and the expertise of RSA Professional Services, Canon was able to accelerate its FIPS 140 compliance and gain entry to this important market," said Nick Del Re, Director, Solutions Development, ISG Solution Development Division, Canon U.S.A.