- I know this has been posted in Android Forums but I thought this may be relevant to the Playbook as well as it means more competition for it. This is good for all of us as RIM will have to further differentiate the Playbook by introducing more (professional?) or improving existing features in order to compete for the government sector.
http://www.engadget.com/2012/01/16/s...d-certified-f/Last edited by kennyliu; 01-16-12 at 09:48 PM.
01-16-12 09:44 PMLike 0 - Hmmm... Just a low-level basic encryption certification... Nothing to see here, move along Don't start worrying yet...
Sent from my BlackBerry 9930 using Tapatalkalnamvet68 likes this.01-16-12 11:50 PMLike 1 -
- LOL Yeah, low level security encryption. Read the IT Enterprise blogs and forums, Android is one big security nightmare. No security sensitive enterprise corp will go anywhere near it. I was told it failed miserably my company's security standards during evaluations last fall. Low level encrypt isn't going to get it in the door. The only real potential competition RIM has there is possibly the new security platforms that Windows is working up for their phones and tablets. And easily integrateable too.
Last edited by rotorwrench; 01-17-12 at 12:51 AM.
01-17-12 12:48 AMLike 3 - Tre LawrenceBetween RealitiesLOL Yeah, low level security encryption. Read the IT Enterprise blogs and forums, Android is one big security nightmare. No security sensitive enterprise corp will go anywhere near it. I was told it failed miserably my company's security standards during evaluations last fall. Low level encrypt isn't going to get it in the door. The only real potential competition RIM has there is possibly the new security platforms that Windows is working up for their phones and tablets. And easily integrateable too.
FIPS is a major deal, no matter how you cut it. RIM has it, select Android devices have it, and iOS is working hard to get the "low level" encryption the DoD requires.
Mobile post via Tapatalk01-17-12 06:38 AMLike 0 -
- LOL Yeah, low level security encryption. Read the IT Enterprise blogs and forums, Android is one big security nightmare. No security sensitive enterprise corp will go anywhere near it. I was told it failed miserably my company's security standards during evaluations last fall. Low level encrypt isn't going to get it in the door. The only real potential competition RIM has there is possibly the new security platforms that Windows is working up for their phones and tablets. And easily integrateable too.01-17-12 07:06 AMLike 0
-
- Samsungs FIPS
SAMSUNG SSD PM810 SED FIPS 140 Module
(Hardware Versions: MZ5PA128HMCD-010D9 and MZ5PA256HMDR-010D9; Firmware Version: AXM96D1Q)
Validated to FIPS 140-2
Overall Level: 2
-FIPS-approved algorithms: AES (Cert. #1637); SHS (Cert. #1442); HMAC (Cert. #963); RNG (Cert. #878)
-Other algorithms: N/A
Multi-chip standalone
"SAMSUNG SSD PM810 SED FIPS 140 Module provides high-performance AES-256 cryptographic encryption and decryption of the data stored in NAND Flash via SATA interface. The PM810 encryption/decryption creates no degradation in performance compared to non-encrypted SSD. The PM810 supports both the ATA Security Feature Set and TCG Opal SSC. Security Functionalities include user authentication for access control via ISV TCG Opal support, user data encryption for data protection, and instantaneous sanitization of user drive data via cryptographic erase for repurposing or disposal."
BlackBerry Tablet Cryptographic Kernel
(Software Version: 5.6)
Validated to FIPS 140-2
Overall Level: 1
-Operational Environment: Tested as meeting Level 1 with BlackBerry� Tablet OS Version 6.6 (single-user mode)
-FIPS-approved algorithms: Triple-DES (Cert. #1053); AES (Cert. #1608); SHS (Cert. #1421); HMAC (Cert. #944); RNG (Cert. #862); DRBG (Cert. #81); DSA (Cert. #499); ECDSA (Cert. #199); RSA (Cert. #790); KAS (Cert. #13; key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength)
-Other algorithms: DES; DESX; AES CCM* (non-compliant); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; ECNR; ECQV; ECIES; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength)
Multi-chip standalone
"The BlackBerry Tablet Cryptographic Kernel is a software module that provides the cryptographic functionality required, for basic operation of the BlackBerry� PlayBook�"
You call the the same certification that RIM has "low level"? Please share how a FIPS-certified device failed your company's evaluations... oh... my bad: you said last fall.
FIPS is a major deal, no matter how you cut it. RIM has it, select Android devices have it, and iOS is working hard to get the "low level" encryption the DoD requires.
It is Great samsung got their foot in the door, but there is a long hallway they still have to walk down.01-17-12 07:22 AMLike 7 - Tre LawrenceBetween RealitiesMy understanding is that RIM and these specific Samsung devices can be used in Federal agencies. Is that incorrect?
Where could the PB be used that the Galaxy Tab can't be due to the different levels?
Mobile post via Tapatalk01-17-12 07:28 AMLike 0 -
- 01-17-12 07:36 AMLike 1
-
BUT Samsungs devices have a lower level clearance than the RIM devices
Samsung devices have 4 FIPS Approved Algorithms, BlackBerry Devices have 10 FIPS Approved Algorithms01-17-12 07:43 AMLike 0 - Uh huh....tell that to the folks at Rolls Royce, who are sitting real comfortably and financially secure selling less then 2000 cars per year.01-17-12 07:48 AMLike 0
-
-
-
Example - Smithsonian Museum vs. CIA.
You could absolutely introduce a level 2 tablet into the Smithsonian since the sensitivity level is moderate. At the CIA, you would need a much higher security level.
I am by no means making light of Samsung's achievement, but this certification should not give anyone the impression that the higher level security agencies will embrace Android *until* its well known security woes are addressed. The much maligned Playbook can enter highly secure environments by virtue of its higher level and the fact that it does not store email natively. That which the industry has maligned has made it usable in certain closed environments.
Frankly I am very surprised that an Android device has received this certification. I was fully expecting Apple to get it first.
This is a good thing for Android fans. But it is not the nail in the coffin that BB haters would have it be.
***One last thought....don't forget that Good or AES do not do near the necessary job with security that BES does. It's not about syncing, it's about control. I do not foresee the federal government secure agencies migrating away from BES and to Good or AES. Not unless some major changes happen in them. BES has a foothold in the federal government that, contrary to what anti-RIM haters would like, is hard to break. Spending the cash to migrate away from BES would mean some tough selling on the Hill, and with the economy the way it is, it will not be an easy sell.Last edited by Qbnkelt; 01-17-12 at 08:16 AM.
01-17-12 08:10 AMLike 0 - Therein lies the problem, arrogance. You would think they learned from their mistake of thinking the consumer would buy the PB and a phone to go with it for this "bridge" nonsense and what do they do, they announce some Remote BS. The powers that be just don't have a clue.01-17-12 08:13 AMLike 0
- Tre LawrenceBetween RealitiesThere are different levels of FIPS certification just as there are different levels of federal government security.
Example - Smithsonian Museum vs. CIA.
You could absolutely introduce a level 2 tablet into the Smithsonian since the sensitivity level is moderate. At the CIA, you would need a much higher security level.
I am by no means making light of Samsung's achievement, but this certification should not give anyone the impression that the higher level security agencies will embrace Android *until* its well known security woes are addressed. The much maligned Playbook can enter highly secure environments by virtue of its higher level and the fact that it does not store email natively. That which the industry has maligned has made it usable in certain closed environments.
Frankly I am very surprised that an Android device has received this certification. I was fully expecting Apple to get it first.
This is a good thing for Android fans. But it is not the nail in the coffin that BB haters would have it be.
***One last thought....don't forget that Good or AES do not do near the necessary job with security that BES does. It's not about syncing, it's about control. I do not foresee the federal government secure agencies migrating away from BES and to Good or AES. Not unless some major changes happen in them. BES has a foothold in the federal government that, contrary to what anti-RIM haters would like, is hard to break. Spending the cash to migrate away from BES would mean some tough selling on the Hill, and with the economy the way it is, it will not be an easy sell.
Frankly, I was also shocked Samsung beat Apple to it as well.
Mobile post via Tapatalk01-17-12 08:22 AMLike 0 -
I'm not really shocked Samsung beat Apple, just like Dell beat Apple
I highly suspect if one did some digging they'd see a very heavily locked out Android, again NO android Market places, like the Dell Streak, I can't see Apple Bastardizing their experience to get FIPS, The RIM experience was never App focused, so RIM doesn't bastardize it by locking out App world and 3rd Party Apps, with BES full control is given to the admin of the devices, not so with GOOD and AES which are used for managing the other devices.yoonique likes this.01-17-12 08:28 AMLike 1 - 01-17-12 08:32 AMLike 1
-
-
-
Next level would be sensitive but unclassified type of organisations that would still require the controls of BES but where users could still carry, for example, phones with cameras. I'm thinking of DHS organisations such as FEMA, USCIS, ICE, CBP, Agriculture, etc. These would remain level 1.
The places where you might see level 2 certification would be Smithsonian, Interior, Dept of Education, etc. Particularly in the case of the Interior and Education, I can see level 2 Samgung Android devices coming in. It is conceivable that apps could be created, for example, for customers who want to view exhibits in museums. Or where students may be handed tablets as study aids. These organisations would not carry any sensitive data at all, except for the location of important pieces of art, for example. But then there are other levels of protection for those items.
An interesting location would be the National Archives. One set would be behind firewalls and strictly controlled, whereas visitors could in fact be rented tablets to assist in navigating the archives.
That said, I still see BES or at least Fusion in these scenarios. BES is hard to remove.01-17-12 08:38 AMLike 0
- Forum
- BlackBerry PlayBook Forums
- BlackBerry PlayBook
Galaxy Tab Gets FIPS Certification
LINK TO POST COPIED TO CLIPBOARD