Get Started Today! Contact Us For More Information

SafeZone FIPS cryptographic module

Fulfill your FIPS140-2 requirement quickly and cost effectively

NEEDS FOR FIPS140-2 validation

With an increasing number of number of industries becoming targets of cyber attacks and being categorized as critical infrastructure it will be incumbent on them to deploy more secure applications, devices and communications networks that are inline with government mandates and recognized standards, Federal Information Processing Standard (FIPS) 140-2 is a globally recognized U.S government security standard that is being widely adopted in commercial, government and defense applications.  U.S and Canadian Government agencies have wide ranging requirements that the telecommunications systems it deploys (including mobile devices) must use FIPS140-2 validated cryptographic modules to secure data. This requirement extends to civilian companies who contract to U.S., Canadian or U.K. federal government organizations.  



SafeZone FIPS cryptographic module is a compact and portable cryptographic library validated by NIST ( certificate #2389) providing a wide set of cryptographic algorithms.  It has been designed to provide high performance on resource-constrained environments. It supports a wide range of architecture (ARMv6, ARMv7, ARMv8, ARM64, x86, x86-64 …) and operating systems (Linux, Android, iOS, FreeRTOS, Trustonic TEE…)


Key Features

SafeZone FIPS Cryptographic module supports NIST Approved cryptographic algorithms for symmetric and asymmetric cryptography as shown on the table.  The module has support for using cryptographic secrets like a Root Key or Hardware Unique Key (HUK) on platforms that have them, as a root of trust for a local hierarchy of trusted key material. Keys are securely managed by the asset store.  It also supports self-testing functionality and two operator roles (Crypto Officer and User Role) as defined by the FIPS standard.



Easy to integrate: The package includes detailed APIs documentation and interface adapter for PKCS#11 and OpenSSL.
Secure key management: The keys are stored with their access policy on isolated memory blocks and only leave the asset store encrypted. 
Highly portable: The module has minimum dependency and scales from small footprint embedded operating system (~100k memory) to Android/Linux devices.
Field-proven: The module is integrated with the market leading QuickSec VPN Client for Android, MatrixSSL, MatrixDTLS, QuickSec IPsec Server Toolkit and MatrixDAR products.
Future-proof: Designed for compliance to FIPS 140-4 based on current draft of the standard; Compliant with Suite B and the cryptographic strength transition NIST has planned for 2013.
Easy replacement by hardware crypto modules that are provided with SafeZone product family. 


FIPS Certified Offerings

INSIDE Secure provide a wide range of products with FIPS validation:




Security Concept Algorithm Key length
Confidentiality AES
128 – 256 bits
192 bits
Authenticity SHA-1
80 – 160 bits
112 – 512 bits 
128 – 256 bits
Confidentiality & Authenticity AES CCM, GCM 128 – 256 bits
Digital Signatures RSA
1024 – 4096 bits
1024 – 3072 bits
192 – 521 bits
Key Transport AES-WRAP
128 – 256 bits
1024 – 4096 bits
Key Agreement DH
1024 – 3072 bits
192 – 521 bits
Key Derivation NIST, IKEv2, TLS 1.2 
TLS 1.0-1.1
80 – 512 bits
384 bits
Data At Rest Confidentiality XTS-AES 256 – 512 bits






A Certification Mark of NIST, which does
not imply product endorsement by NIST,
the US or Canadian Governments.