Enterprise Applications Security, Embedded SSH, Embedded SSL, Embedded SSH, Embedded IPSEC and OpenSSH/OpenSSL Alternatives, FIPS certified, FIPS certification, FIPS 140-2 - Device Security Framework
Mocana Corporation - Securing Devices, Applications & the Enterprise.
NEWSLETTER   
Newsletter Sign Up contactus
COST COMPARISON:
Mocana vs Open Source
Cost Comparision: Build vs Buy Button
Features & Benefits
IETF compliant implementations, full featured
Easy to install and use
High Performance
Speeds development cycle
Supports automatic and manual enrollment
Source Code or FIPS-certified binaries available
Advanced well documented APIs
Advanced cryptography support
Ongoing development, maintenance and support
Includes HTTP client and server
RTOS neutral and transport agnostic
Home > Products >
  • About


Certificate-based authentication is a prerequisite for the Public Key Infrastructure (PKI) and for securely administering networked devices and services that participate in it. PKI is widely deployed, and many wireless and wireline technologies and protocols depend upon it, including WiFi, 3G, LTE, WiMax, 802.11i, IPSec/IKE, SSL and SSH. Certificates need to be updated frequently to ensure the device is operated by the assigned user, that the device has the most updated user privileges, and that the device has the most recent upgrades in its service. But manually updating certificates is error-prone, inefficient and simply doesn’t scale… especially when you’ve got tens of millions of devices in the field.

NanoCert™is your certificate management solution.

NanoCert is specially designed for embedded device and consumer electronics manufacturers and their ISVs. It automates certificate management in devices and applications, and is available in carrier-grade editions that can scale to handle millions upon millions of wireless subscribers. NanoCert’s client software requests certificates, renews them or pulls down revocation lists from most any certification authority (CA). NanoCert’s certificate server software can act as CA’s that issue and revoke certificates at scale and publish CRLs (Certificate Management Lists); or as Registration Authorities that register users and devices.

NanoCert uses SCEP (the Simple Certificate Enrollment Protocol), an evolution of the certificate enrollment protocol developed by Verisign and Cisco Systems, and extends the SCEP protocol by automating the formerly manual certificate management administrative tasks of registering end entities, revoking certificates, and publishing CRLs. NanoCert makes embedding certificate management on devices easy, fast, and reliable. Mocana NanoCert also supports OCSP, which enables applications to determine the revocation state and overall status of any certificate. It may be used to provide more timely revocation information than is possible with Certificate Revokation Lists (CRLs) and may also be used to obtain additional status information.

A special edition of the product, NanoCert LTE uses CMPv2 to add security to LTE (Long Term Evolution) infrastructure devices for device-to-device and subscriber authentication under the 3GPP standards. NanoCert LTE’s LDAPv3 client implementation retrieves certificates and CRLs from LDAP servers.

NanoCert uses a FIPS-compliant cryptographic library for key generation and all cryptographic operations. The product is available either in source code or as a FIPS 140-2 Level 1 certified binary.

NanoCert Untitled Document
 
Supported processor platforms:
Processor Platforms
Awards and Certifications
Awards and Certifications
Nominations
2010 Spiffy Awards Nominee

Sales | Support | Library Info | Contact
Privacy Policy | FAQs | Site Map | Referral Program
Copyright © 2010 Mocana Corporation
  • Features


NanoCert™ Certificate-Based Authentication Product Features

NanoCert leverages mature technologies such as the Public Key Cryptography Standards (PKCS), specifically PKCS #10 and PKCS #7. Mocana internal HTTP implementation code provides the client-server transport protocol. Certificate management utility functions in the Mocana crypto library provide extremely efficient key generation and management, certificate parsing, encoding and decoding, and certificate store functions.

Very High Performance
NanoCert, like all of Mocana’s device security solutions, is designed with an asynchronous core to fully leverage hardware acceleration. In fact, NanoCert is the smallest, fastest embedded certificate management engine you can buy.

Ultra-Small Size
Optimized for size and memory usage, NanoCert has been specifically designed and coded to operate on resource-constrained devices, requiring as little as 80 KB for the client.

Full (not partial) IETF Compliance
  • IETF Draft: draft-nourse-scep-14.txt
  • X.509 v3 certificate
  • X.509 v2 CRL format
  • RFC-2251 Lightweight Directory Access Protocol (v3)
  • RFC-2252 Lightweight Directory Access Protocol (v3):Attribute Syntax Definitions
  • RFC-2254 The String Representation of LDAP Search Filters
  • RFC-2255 The LDAP URL Format
  • RFC-2256 A Summary of the X.500(96) User Schema for use with LDAPv3
  • RFC-2560 Online Certificate Status Protocol - OCSP
  • RFC-2616, Hypertext Transfer Protocol - HTTP/1.1
  • RFC-2617, HTTP Authentication: Basic and Digest Access
  • RFC-2830 Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security
  • RFC-3280’s X.509 certificate and CRL profiles
  • RFC 4210 Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP)
  • draft-ietf-ldapext-ldap-c-api-05 The C LDAP Application Program Interface
  • 3GPP TS 33.310 Network Domain Security/Authentication Framework (NDS/AF)
Advanced Cryptography Support
  • PKCS #7
  • PKCS #10
  • Configurable encryption and message digest algorithms:
      – 3DES   – RC4   – RC2   – AES   – MD2, MD4, MD5
  • Digest algorithms with RSA encryption:
      – SHA-1, SHA-256, SHA-384, SHA-512, SHA-224
Untitled Document
 
Supported processor platforms:
Processor Platforms
Awards and Certifications
Awards and Certifications
Nominations
2010 Spiffy Awards Nominee

Sales | Support | Library Info | Contact
Privacy Policy | FAQs | Site Map | Referral Program
Copyright © 2010 Mocana Corporation
  • Benefits


NanoCert™ Certificate-Based Authentication Product Benefits

Platform Independent
NanoCert, like all the toolkits in Mocana’s Device Security Framework, is CPU architecture and platform independent. NanoCert is immediately available for more than 100 processor/OS combinations, and ports to new platforms typically take only a few hours. Out-of-the-box support is provided for Linux, Monta Vista, VxWorks, OSE, Nucleus, Solaris, ThreadX, Windows, MacOS X, (ARC) MQX, pSOS, and Cygwin. NanoCert is endian-neutral, and can be used without any RTOS.

FIPS Certified with NSA Suite B Support
All government agencies and most contractors require FIPS-certification of cryptographic engines—a difficult certification to achieve. NanoCert’s core cryptographic engine is available to you in source, or as a government-certified FIPS 140-2 Level 1 validated binary. Both source and binary versions include full support for NSA’s Suite B algorithms, providing secure communications between high-assurance (classified) and basic-assurance systems.

Complete Solution
There are a lot of other certificate-based authentication packages out there. But almost all of them are incomplete—missing critical standards, algorithms or code that you’ll need to finish your certificate- based authentication implementation. Only NanoCert offers everything you need together in one package, to get the job done right—and fast. Guaranteed.

GPL-Free Code
NanoCert is usually less expensive than “free” open source code, especially when engineering, testing and support costs are factored in. Since we guarantee that NanoSSH contains absolutely no GPL code, you can be confident your intellectual property won’t accidentally become public domain because of “GPL contamination”— something open source projects can’t do.

Hardware Acceleration Support
NanoCert is ready-made to take advantage of hardware offload by leveraging the Mocana Acceleration Harness, a software layer that virtualizes and manages crypto offload from software to hardware, speeding up crypto operations, and enabling the main CPU(s) to do your application’s work in parallel.

No Crypto Expertise Needed
Because we built NanoCert from the ground up, it’s easy to install and use. You don’t need to be a crypto expert because the NanoCert API hides the complexity of cryptography. You can focus on your application development, and let NanoCert take care of the security. Plus, Mocana’s developer support team is always available to answer all your questions, be they about crypto, our toolkits, or embedded development in general.

Dramatically Shortens Your Development Cycle
NanoCert is a ready-made, optimized, exhaustively tested certificate management framework that frees your in-house development resources to focus on what’s really important: the functionality of your device and its application. The NanoCert API is well documented and provides all the initialization, setup, crypto, and communication functions you need, enabling you to speed through your development and integration efforts and simplify customization. And as always, Mocana’s developer support team is available to answer your questions.


Untitled Document
 
Supported processor platforms:
Processor Platforms
Awards and Certifications
Awards and Certifications
Nominations
2010 Spiffy Awards Nominee

Sales | Support | Library Info | Contact
Privacy Policy | FAQs | Site Map | Referral Program
Copyright © 2010 Mocana Corporation
  • Editions


Which NanoCert™ Edition is Right for You?


FEATURES NanoCert
Client		 NanoCert
Advanced		 NanoCert
LTE
SCEP client Yes Yes no
OCSP client Yes Yes no
SCEP server no Yes no
CMPv2 client no no Yes
LDAPv3 Client no no Yes
Embedded Oracle Berkeley Database no no Yes
IKE Pre-Integrated no no Yes
3GPP certificate client support no no Yes
carrier-grade; scales to millions of certificates no no Yes
Untitled Document
 
Supported processor platforms:
Processor Platforms
Awards and Certifications
Awards and Certifications
Nominations
2010 Spiffy Awards Nominee

Sales | Support | Library Info | Contact
Privacy Policy | FAQs | Site Map | Referral Program
Copyright © 2010 Mocana Corporation
  • Architecture


NanoCert™ Architecture

NanoCert is part of the Mocana Device Security Framework ™, designed to secure all aspects of any connected device. All components of the Device Security Framework are built on a common architecture and share a common API and code base. As a device designer, you can choose only the components you need for your particular project... or standardize company-wide on the DSF, future-proofing your investment with this broad, cross platform, flexible and extensible security architecture.


NanoCert Architecture
[enlarge]
Untitled Document
 
Supported processor platforms:
Processor Platforms
Awards and Certifications
Awards and Certifications
Nominations
2010 Spiffy Awards Nominee

Sales | Support | Library Info | Contact
Privacy Policy | FAQs | Site Map | Referral Program
Copyright © 2010 Mocana Corporation
Mocana products are built for developers, OEMs and ISVs. DSF for Android, NanoSSH and other products are delivered as ANSI-C source code and are not finished security applications usable by IT personnel or end users.
Please fill out the form below. All fields are required.
First Name
Last Name
Company
Job Title
Phone
State
Email

Your Privacy

Country
Embedded security source code packages can only be delivered to valid business email addresses.
When is your project starting?

How did you find us?
I'd like to receive email updates and news from Mocana*
I have read the Mocana Terms and Conditions
Malware Free!