Microsoft seeks certification for cryptographic module

Microsoft Corp. has submitted a cryptographic services module for federal certification
as part of an ongoing drive to fit its Microsoft Windows NT into agency network

Certification under the Federal Information Processing Standard 140-1 Cryptographic
Module Validation Program could be completed late this year, said Karan Khanna, Microsoft
lead product manager on the Windows NT security team in Redmond, Wash.

The cryptographic module submitted to the National Institute of Standards and
Technology provides public-key services based on the Digital Encryption Standard, Secure
Hash Algorithm 1 (FIPS 180-1) and Digital Signature Standard.

Microsoft also is seeking FIPS 140-1 validation of its native Secure Sockets Layer
communications support for Fortezza encryption, which uses PC Cards and the Skipjack
algorithm. “Part of the FIPS 140-1 validation includes specific tests to see
that the algorithms are working correctly,” said Jim Foti, a technical staff member
at NIST’s Computer Security Division.

If an agency needs to protect sensitive information in computer and telecommunications
systems, its cryptography method must incorporate a validated FIPS 140-1 module, Foti

Microsoft is seeking FIPS 140-1 certification at Level 2 of NIST’s validation
program, which certifies cryptographic products up to Level 4.

So far, no product has been certified higher than Level 3, Foti said.

The Microsoft cryptographic services and Fortezza modules both plug into the Microsoft
Crypto Application Programming Interface, which provides encryption services to any
application written to that API.

After certification, the modules will be free to all NT users, “either in the next
service pack or as a download, we’re not sure yet,” Khanna said. They also will
become part of Windows NT 5.0, expected sometime next year.

Microsoft engineers in Redmond are doing the software design for the federal security

CygnaCom Solutions Inc., a NIST-accredited lab in McLean, Va., has been evaluating the

Microsoft has two cryptographic APIs in the current versions of NT 4.0, Windows 95 and
Windows 98.

Its Crypto API supports various public-key encryption standards including RC2, RC4 and
X.509 digital certificates.

A second Microsoft API, the Security Support Provider Interface, authenticates users
based on the NT LANManager challenge-response protocol, Khanna said.

In NT 5.0, the interface will support the Kerberos authentication protocol in addition
to NT LANManager. 


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.