Case Study

SSP SOLUTIONS RETAINS VALICORE FOR DEVELOPMENT OF HIGH ASSURANCE SMARTCARDS

Projects Call for Expertise in Cryptography, Embedded Systems and Government Standards

SSP Solutions (NASDAQ: SSPX) of Irvine, Calif., a developer of data and communications security solutions for both government and corporate applications, works in the fast-growing field of managing, authenticating and securing identity.

There is vast demand to know, for instance, that the sender of a message really is the person they claim to be, and that the receiver is none other than the person for whom the communication was intended. Yet, the technical community that services this need is still rather small.

"Computer security is a close knit business, so you know where the good people are," said Bob Gray, SSP's senior technical advisor. "There are just not that many people who know about cryptography, embedded systems - with extreme memory constraints - and government standards, both foreign and domestic. One group that does is Valicore."

In 2003, Gray retained Valicore as a consultant for two projects to develop cryptographic smartcards for separate agencies of the U.S. federal government. Due for completion in the first half of 2004, Gray brought the Santa Ana, Calif.-based security engineering services company on board at the inception of the projects.

Gray describes the deliverable smartcards as portable tokens flexible enough for use in a wide variety of applications, ranging from computer to doorway/gate access. The cards hold identity information, provide a "digital signature" verifying communications of the cardholder, and are able to authenticate the identity of receive/send sources.

"Though these cards are for government customers, the design was specified for Commercial Off The Shelf (COTS) components," said Gray. "The design, then, can have both government and commercial use. It is our intention to eventually market the resulting product commercially wherever there is a need for robust authentication and security, including such markets as banking, health care and legal services."

Leading Edge Embedded Microprocessors

Gray says the projects called for ground-up design - not customized from existing SSP products - and describes them as "leading edge" for the hardware and software work being done on the smartcards' embedded microprocessor.

The projects employ 32-bit microprocessors, as opposed to the 8-bit microprocessors embedded in most smartcards. In addition, the embedded systems are capable of encrypting much faster than what is standard for smartcards.

These key performance parameters support two key benefits for SSP's federal agency customers. First, the smartcards can handle very high volume, bulk encryption and second, they meet the very high standard for government information processing security - FIPS-140-2, Level 3.

"The software code had to be extremely tightly written, as there is extremely little room with these embedded systems," said Gray.

This led Gray to call on Valicore for software development support. The company, founded by its president and CEO, Greg Powell, specializes in FIPS 140-2 and Common Criteria (the international, commercial standard for information processing security) product development and certification. Valicore originally came to Gray's attention based on its reputation for on-schedule and on-budget work earned providing engineering services for security products from Rainbow Technologies of Irvine, Calif., and Mykotronx, Inc. of Torrance, Calif.

Valicore Also Provides Documentation and Security Certification Support

In addition to software development, Valicore has provided two additional services to SSP through the duration of the projects - documentation support and security certification support.

FIPS and Common Criteria (ISO-15408) certification for a "high assurance token" requires the management of a mountain of compliance assurance documentation. Valicore is responsible for the production of the 25 separate reports required for FIPS certification and 40 documents for Common Criteria.

Product security evaluation for the NIST high assurance security certification, is being conducted by InfoGard Laboratories of San Luis Obispo, Calif. InfoGard is an accredited evaluation and testing laboratory for the National Institute of Standards and Technology (NIST), the agency within the Department of Commerce that formulates the FIPS 140-2 security standards for federal computer systems, and administrates U.S. participation in the ISO-15408 Common Criteria high assurance security standards. Valicore has worked closely with InfoGard on behalf of its client throughout the test preparation process.

"Valicore has contributed immensely to our projects in at least two ways," said Gray. "First, they really know the business of computer security design, documentation and certification. Second, they provide on-time and high quality delivery of their assignments. If you get those to things from your outsource company, everything else is noise levels."

SSP Solutions Anticipates Future Projects With Valicore

As the two projects currently under way near their completion, Valicore has perhaps earned the highest testimony of customer satisfaction in two other respects.

"We have involved Valicore personnel in our design review meetings with our customer, so they are well aware of Valicore," said Gray. "I don't always include my consultants in a customer meeting, but I do with them."

"We hope to have a continuing relationship with Valicore on future projects."

< Return to main News & Case Studies page