Press Releases

Entrust Delivers First Java Toolkit to Achieve FIPS 140-2 Validation

Entrust Authority? Security Toolkit for Java becomes 10th Entrust product to successfully meet the Federal Information Processing Standard

23 Jun 2003

DALLAS - Entrust, Inc. [NASDAQ: ENTU], a leader in securing digital identities and information, today announced that the National Institute of Standards and Technology (NIST) and Canada's Communications Security Establishment (CSE) have awarded the Entrust Authority? Security Toolkit for Java, Version 6.1, with the Federal Information Processing Standard 140-2 (FIPS 140-2) validation. This makes it the first Java-based application developer toolkit in the market to achieve this critical security validation.

With this validation, government and other IT professionals can take advantage of this standards-compliant toolkit to easily design and build scalable, multi-platform security applications that strongly authenticate users, provide persistent digitally signed records of transactions, and protect sensitive data. In addition, customers and technology partners can capitalize on the toolkit's XML encryption and digital signature capabilities to deploy security for their Web services implementations.

The FIPS 140-2 validation of Entrust Authority Security Toolkit for Java is the 10th Entrust product to be certified by the NIST/CSE, and adds to Entrust's product achievements in the area of third-party software validations. Entrust was the first company ever to receive a FIPS 140-1 validation in 1995 for its Entrust Authority software. The company was also the first to have PKI products certified to ISO/EIC 15408, also known as the "Common Criteria". 

"Entrust is committed to building upon its tradition of being 'first to market' with security solutions that meet the stringent certification requirements set out in this important quality assurance process," said Kevin Simzer, vice-president of product development at Entrust. "We take great pride in our track record of success to date, and look at the validation of Entrust Authority Security Toolkit for Java as a significant stepping stone as we continue to help make the deployment of secure e-Government applications a reality."

Featuring high-level Application Protocol Interfaces (APIs), broad algorithm support, and interoperability across multiple PKI solutions, the Security Toolkit for Java can enable developers to rapidly deliver open and flexible security solutions for e-business applications at lower cost.  More information on this Toolkit can be found at http://www.entrust.com/authority/java/index.htm.

"As a long time partner, webMethods congratulates Entrust on meeting this milestone," said Jeremy Epstein, director of product security at webMethods. "Entrust's FIPS-compliant Java Toolkit provides a key security foundation for the webMethods Integration Platform, thus allowing us to deliver a strong integration solution to our government and commercial sector customers.  Using the combination of Entrust's Java Toolkit and the webMethods Integration Platform, government customers can now use the latest technology such as Web Services without compromising adherence to key security standards such as FIPS 140-2."

"TIBCO is pleased that its preferred security provider, Entrust, has achieved FIPS 140-2 certification for their Java 6.1 encryption library," said George Ahn, executive vice president and chief marketing officer at TIBCO Software Inc.  "TIBCO anticipates deploying this library uniformly across a broad family of Java-based solutions to TIBCO customers worldwide. Entrust's FIPS-140-2 certified encryption will allow us to provide an even higher assurance environment for our customers."

About FIPS 140-2

Established by NIST, the FIPS 140-2 validation is a standard that involves conformance testing by independent, third party private sector laboratories located in the U.S. and Canada.  This process is an essential element for verifying that cryptographic-based security systems meet recognized standards.  In fact, FIPS 140-2 validation is a mandatory requirement by all U.S. and Canadian Federal agencies for the purchase, design and implementation of cryptographic-based security systems for the protection of sensitive information.

Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. Entrust is a registered trademark of Entrust Limited in Canada. All other Entrust product names and service names are trademarks or registered trademarks of Entrust, Inc or Entrust Limited. All other company and product names are trademarks or registered trademarks of their respective owners.