Microsoft seeks certification for cryptographic module

Microsoft Corp. has submitted a cryptographic services module for federal certification
as part of an ongoing drive to fit its Microsoft Windows NT into agency network

Certification under the Federal Information Processing Standard 140-1 Cryptographic
Module Validation Program could be completed late this year, said Karan Khanna, Microsoft
lead product manager on the Windows NT security team in Redmond, Wash.

The cryptographic module submitted to the National Institute of Standards and
Technology provides public-key services based on the Digital Encryption Standard, Secure
Hash Algorithm 1 (FIPS 180-1) and Digital Signature Standard.

Microsoft also is seeking FIPS 140-1 validation of its native Secure Sockets Layer
communications support for Fortezza encryption, which uses PC Cards and the Skipjack
algorithm. “Part of the FIPS 140-1 validation includes specific tests to see
that the algorithms are working correctly,” said Jim Foti, a technical staff member
at NIST’s Computer Security Division.

If an agency needs to protect sensitive information in computer and telecommunications
systems, its cryptography method must incorporate a validated FIPS 140-1 module, Foti

Microsoft is seeking FIPS 140-1 certification at Level 2 of NIST’s validation
program, which certifies cryptographic products up to Level 4.

So far, no product has been certified higher than Level 3, Foti said.

The Microsoft cryptographic services and Fortezza modules both plug into the Microsoft
Crypto Application Programming Interface, which provides encryption services to any
application written to that API.

After certification, the modules will be free to all NT users, “either in the next
service pack or as a download, we’re not sure yet,” Khanna said. They also will
become part of Windows NT 5.0, expected sometime next year.

Microsoft engineers in Redmond are doing the software design for the federal security

CygnaCom Solutions Inc., a NIST-accredited lab in McLean, Va., has been evaluating the

Microsoft has two cryptographic APIs in the current versions of NT 4.0, Windows 95 and
Windows 98.

Its Crypto API supports various public-key encryption standards including RC2, RC4 and
X.509 digital certificates.

A second Microsoft API, the Security Support Provider Interface, authenticates users
based on the NT LANManager challenge-response protocol, Khanna said.

In NT 5.0, the interface will support the Kerberos authentication protocol in addition
to NT LANManager. 


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected