News & Press

Government Grants First Certification for iPhone, iPad Crypto

FIPS 140-2 Validation for Mocana NanoCrypto™ Removes An Obstacle to Federal Purchases of Apple Devices "Off the Shelf"

San Francisco, CA (PRWEB) April 05, 2010
 -- Mocana Corporation, a company that focuses on securing non-PC connected devices, today announced that it has earned the government's first FIPS 140-2 level one validation for an encryption product running on the Apple iPhone or iPad.

Consumers, Please Note: Mocana's FIPS 140-2 validated NanoCrypto™ product is not a finished security application for end-users. Rather, it is a comprehensive cryptographic software developers' kit (SDK) designed for companies that manufacture or create software for iOS devices. Customers interested in Mocana's FIPS 140-2 validated cryptography solution should understand that familiarity with C programming code is required, and that NanoCrypto's modules must be compiled into a binary application (that you design and code), before they can be used to secure data.

The 140-2 FIPS (Federal Information Processing Standards) are used to accredit the cryptographic "engines" that drive secure software or hardware implementations, and most federal agencies and contractors working on sensitive government projects are prohibited from buying products containing security software that is not officially FIPS-validated. Up until now, FIPS-validated security hasn't been commercially available for iPhone, iPod Touch or iPad devices. Today's announcement clears an important obstacle to the more widespread use of these devices in the federal government.

NIST, the National Institute of Standards and Technology, wrote the FIPS 140 Publication Series to standardize federal cryptography requirements. Most federal agencies and departments require that any computer security implementations contain only FIPS-certified cryptographic modules. The FIPS 140-2 program tests security software and hardware approved for government "sensitive, but un-classified" information. The application and testing process is rigorous and non-trivial, but for companies selling security products to the federal government, their contractors or allies overseas, formal FIPS validations are a prerequisite to eligibility for government contracts.

Mocana applied for and received FIPS 140-2 Level 1 validation for its NanoCrypto product ( compiled for iPhone OS on ARM-based CPUs; the FIPS-validated NanoCrypto binary will run on all current iPhone, iPad and iPod touch models. NanoCrypto is a sophisticated cryptographic engine designed for device developers. It's purpose-built for non-PC devices and resource-constrained embedded systems. It is one of the smallest, fastest and most comprehensive cryptographic cores on the market, in addition to being one of the most popular: the cryptographic engine that drives NanoCrypto is already installed on millions of devices from hundreds of device OEMs worldwide, on everything from wireless networked medical devices to unmanned military drones. With built-in support for over 30 operating systems, NanoCrypto enables device OEMs and ISVs to add sophisticated cryptographic security features to almost any type of device or application.

"This opens the door for developers to start building cost-effective, security-oriented commercial iPhone and iPad apps for use in federal and even military settings," said Adrian Turner, CEO of Mocana. "Many government buyers couldn't purchase iPhones 'off the shelf' for environments where encryption or authentication was required, because FIPS 140-2 validated "apps" simply weren't available. Now these revolutionary platforms - including the new iPad - are more viable, cost-effective options for sensitive federal and military applications."

FIPS certification should make it easier for iPhones and iPads to penetrate the medical market, too - another device ecosystem where security is key. Specifying FIPS 140-2 validated encryption software in purchasing contracts is an easy, "best practices" way for hospitals and health networks to take a high assurance approach to data confidentiality and integrity protection, especially as it relates to the security and privacy of patient records. Mocana's CEO, Adrian Turner, was interviewed recently by Maria Bartiromo on CNBC regarding the state of medical device security, and interested parties can view that video at

NanoCrypto, like every Mocana product, is available as a FIPS-validated binary for specific platforms or as platform-independent ANSI C source code. NanoCrypto is not a "finished app" for end-users. It's designed exclusively for developers using Apple's Objective-C™, a reflective, object-oriented programming language which underpins the iPhone OS that drives the iPhone, the iPad and the iPod touch. Developers can request a free trial of the NanoCrypto product at

About Mocana 
Mocana secures the "Internet of Things" - the 20 billion datacom, smartgrid, federal, consumer, industrial and medical devices that connect across every sector of our economy. These devices already outnumber PC's on the Internet by five to one, representing a $900 billion market that's growing twice as fast as the PC market. Every day, millions of people use products sold by over 100 companies that leverage Mocana's Device Integrity software, including Dell, Cisco, Honeywell, General Electric, General Dynamics, Avaya, Nortel Networks, Harris and Radvision, among others. Mocana won Frost & Sullivan's Technology Innovation of the Year award for 2008 for Device Security, and was named to the Red Herring Global 100 as one of the "top 100 privately-held technology companies in the world" in January 2009.

Media and analyst contact:
Patrick Corman
Corman Communications, LLC
+1 (650) 326-9648

Company Contact:
Kurt Stammberger, CISSP
VP Market Development, Mocana
Twitter: @wurtis

For Immediate Release