RSA Provides Technology To Canon U.S.A. For Government Smart Card Solution
RSA, The Security Division of EMC, recently announced that RSA Professional Services has worked with Canon U.S.A. Inc. to provide U.S. government standard encryption for its embedded platform used to validate smartcards in Canon printers, copiers and multifunction products (MFP). RSA's technology has enabled the company to sell equipment that achieves the security requirements for smart card authentication to the U.S. public sector, such as the U.S. Department of Defense.
In order to sell products containing cryptography capability to the U.S. government, information technology and office equipment must meet Federal Information Processing Standardization 140 (FIPS 140) regulations. The FIPS 140 regulations require that software undergo extensive third-party testing to prove that it is robust and secure. Once the software has been tested, the National Institute of Standards and Technology (NIST) evaluates the software code as well as its documentation, to ensure the cryptography algorithms meet the federally-mandated standard.
"In the current economy, time to market is critical, and compliance requirements can slow down development dramatically," said Brian Zeman, senior director of professional services for RSA, The Security Division of EMC. "RSA Professional Services brings the expertise and the validated security components that can dramatically accelerate development of new products to be released into the U.S. government market as quickly as possible."
RSA Professional Services worked in conjunction with Canon during the development of Canon's Smart Card Services for MEAP (Multifunction Embedded Application Platform) to integrate RSA BSAFE security software into the solution. To achieve the federal standard, RSA provided a complete set of common libraries written in Java that meet FIPS 140 requirements that also serve as the basis for the solution's cryptographic functions.
In addition to providing the FIPS 140 certified Java libraries, RSA commissioned and managed the third-party validation activities, which included thorough examination of the software and documentation as well as extensive solution testing including forced failure tests where the program was modified to determine whether it could identify its own failure and respond with accurate error notifications. The process of integrating and independently verifying FIPS 140 encryption into Smart Card Services for MEAP lasted six months.