Samsung Electronics recently announced[1] that its proprietary cryptographic module, Samsung CryptoCore targeted for TV, has earned[2] the prestigious FIPS 140-3 certification[3]. This certification has been the latest addition to the long list of successes of the SRUKR Security Certification team, which started working on FIPS 140 series certifications back in 2016.

FIPS 140 series (which includes FIPS 140-2 and the newer FIPS 140-3) specifies the requirements for cryptographic modules and is governed by the USA's National Institute of Standards and Technology (NIST). As defined under the Federal Information Security Modernization Act, the certification against the standard is mandatory for government procurement in all federal agencies handling sensitive data[4], including the Department of Defense, National Security Agency, United States Postal Service, NASA, etc. Aside from the USA, FIPS 140-3 (known as ISO 19790) is recognized in 10 other countries, including Canada, the UK, Germany, France, South Korea, Japan, Singapore, Australia and New Zealand. Furthermore, since the FIPS 140 series is a de-facto industry standard, FIPS compliance can boost sales, as it can be used in marketing and commercialization materials as a selling point by showcasing the high level of confidence in security of the underlying cryptographic functionality.

In particular, FIPS 140-3 has stricter algorithm requirements and introduces a novel way to present the accompanying documentation. This latter change was particularly challenging for the industry. Only 38 out of 142 recently certified modules[5] have been shown to conform fully with the new FIPS 140-3 requirements, with 68 having to opt for an Interim status with a shorter certificate expiration date. The most recent Samsung CryptoCore certification completed by the SRUKR Security Certification team is among those that are fully conformant.

This achievement highlights the deep expertise accumulated in our team over the years. Since 2016 we have completed 34 certifications with the Security team of Mobile eXperience(MX) Business as a part of the KNOX brand-strengthening strategy[6]. During this work, we evaluated and certified various modules across the whole spectrum of possible operating environments in the mobile device: Android OS, Linux Kernel, TrustZone®, and even hybrid software-hardware solutions. One notable example is the underlying cryptographic library of Samsung TEEgris[7], where we collaborated closely with the clients to provide a solution that meets security and usability requirements. The latest certification was done in collaboration with the Security team of Visual Display(VD) Business, which showcases SRUKR flexibility and readiness for collaboration with all Samsung GBMs.