Microsoft seeks certification for cryptographic module

Microsoft Corp. has submitted a cryptographic services module for federal certification
as part of an ongoing drive to fit its Microsoft Windows NT into agency network
environments.


Certification under the Federal Information Processing Standard 140-1 Cryptographic
Module Validation Program could be completed late this year, said Karan Khanna, Microsoft
lead product manager on the Windows NT security team in Redmond, Wash.


The cryptographic module submitted to the National Institute of Standards and
Technology provides public-key services based on the Digital Encryption Standard, Secure
Hash Algorithm 1 (FIPS 180-1) and Digital Signature Standard.


Microsoft also is seeking FIPS 140-1 validation of its native Secure Sockets Layer
communications support for Fortezza encryption, which uses PC Cards and the Skipjack
algorithm. “Part of the FIPS 140-1 validation includes specific tests to see
that the algorithms are working correctly,” said Jim Foti, a technical staff member
at NIST’s Computer Security Division.


If an agency needs to protect sensitive information in computer and telecommunications
systems, its cryptography method must incorporate a validated FIPS 140-1 module, Foti
said.


Microsoft is seeking FIPS 140-1 certification at Level 2 of NIST’s validation
program, which certifies cryptographic products up to Level 4.


So far, no product has been certified higher than Level 3, Foti said.


The Microsoft cryptographic services and Fortezza modules both plug into the Microsoft
Crypto Application Programming Interface, which provides encryption services to any
application written to that API.


After certification, the modules will be free to all NT users, “either in the next
service pack or as a download, we’re not sure yet,” Khanna said. They also will
become part of Windows NT 5.0, expected sometime next year.


Microsoft engineers in Redmond are doing the software design for the federal security
modules.


CygnaCom Solutions Inc., a NIST-accredited lab in McLean, Va., has been evaluating the
software.


Microsoft has two cryptographic APIs in the current versions of NT 4.0, Windows 95 and
Windows 98.


Its Crypto API supports various public-key encryption standards including RC2, RC4 and
X.509 digital certificates.


A second Microsoft API, the Security Support Provider Interface, authenticates users
based on the NT LANManager challenge-response protocol, Khanna said.


In NT 5.0, the interface will support the Kerberos authentication protocol in addition
to NT LANManager. 

inside gcn

  • artificial intelligence (ktsdesign/Shutterstock.com)

    Machine learning with limited data

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group