1. lnichols's Avatar
    Didn't see this till this morning, and did a quick search. Certificate 1579. Must have been updated on the NIST site later in the day. Here is what security policy says:

    This is a non-proprietary Federal Information Processing Standard (FIPS) 140-2 Se- curity Policy for Certicom’s Security Builder R FIPS Module Version 5.6 (SB FIPS Module). SB FIPS Module is a cryptographic toolkit for C language users, provid- ing services of various cryptographic algorithms such as hash algorithms, encryption schemes, message authentication, and public key cryptography. This Security Policy specifies the rules under which SB FIPS Module must operate. These security rules are derived from the requirements of FIPS 140-2 [1], and related documents [6, 7, 8].
    So this appears to be a toolkit to allow people to write FIPS apps for Playbook in the upcoming native SDK. Looks like RIM plans to push their tablet hard into the US Government/Military.

    OK so what is the possibility of lets say RIM has the Native PIM and e-mail written with this toolkit already, and were waiting for it to be FIPS approved before releasing them?

    Anyway this is another good thing for Playbook and future QNX handsets and their adoption into a relatively untapped US gov't market for newer smartphones and tablets.
    07-23-11 09:27 AM
  2. ekafara's Avatar
    Sweet! That's good news. It would be awesome if this is what they were waiting on. I was thinking it was FIPS certification, but so for it doesn't seem so. But we'll see if they push out another update soon.

    Posted from my CrackBerry at wapforums.crackberry.com
    07-23-11 09:37 AM
  3. lnichols's Avatar
    Sweet! That's good news. It would be awesome if this is what they were waiting on. I was thinking it was FIPS certification, but so for it doesn't seem so. But we'll see if they push out another update soon.

    Posted from my CrackBerry at wapforums.crackberry.com
    Well I'll wait till Tuesday or really the following Tuesday to see for sure if that was the holdup. I think the only non-Tuesday update was the Friday of the first week when the Playbook needed an update for stability.
    07-23-11 09:54 AM
  4. lnichols's Avatar
    Also looks like Certicom has a "Security Builder FIPS Java Module" in process, but it is still in the IUT phase. I wonder if this will be needed before the Navtive BBOS Java Apps to be used on the Playbook?
    07-23-11 10:14 AM
  5. _StephenBB81's Avatar
    RIM has had a Plan in place it seems, and they are moving forward, I hope this is what has been holding up quality SDK's for native app development.

    could be pretty exciting for some small app developers to be able to build FIPS approved Apps and get into selling into governments.
    07-23-11 10:24 AM
  6. lnichols's Avatar
    I looked at Certicom's website. Looks like they have a lot of various security solutions. I bet RIM has the Playbook in for NSA's Suite B testing too as it looks like these Certicom modules are built to be Suite B compliant too. Maybe RIM will buy Certicom also since they seem to be acquisition happy lately.
    07-23-11 10:33 AM
  7. rjshahan's Avatar
    I looked at Certicom's website. Looks like they have a lot of various security solutions. I bet RIM has the Playbook in for NSA's Suite B testing too as it looks like these Certicom modules are built to be Suite B compliant too. Maybe RIM will buy Certicom also since they seem to be acquisition happy lately.
    Research In Motion - Wikipedia, the free encyclopedia

    RIM bought Certicom in 2009.
    lnichols likes this.
    07-23-11 10:41 AM
  8. lnichols's Avatar
    Ah well that would explain them using them. Thanks for posting this!
    07-23-11 10:55 AM
  9. Dapper37's Avatar
    Its all one big happy secure family. Go RIM
    07-23-11 11:51 AM
  10. samab's Avatar
    The important thing about RIM/Certicom getting the FIPS certification done for the Playbook is that Certicom can now free up their employees to work on the DRM --- which is basically 99% of the work for getting things like netflix and hulu.

    Certicom did the DRM for XM Satellite Radio.

    Certicom Digital Rights Management (DRM)
    07-23-11 01:29 PM
  11. Foreverup's Avatar
    Quick question for you guys does this mean the future qnx phones will be built off this kernal version. I hope so that is pretty much a year of upfront development plus I can buy a secure phone from the release date.
    07-23-11 06:40 PM
  12. _StephenBB81's Avatar
    Quick question for you guys does this mean the future qnx phones will be built off this kernal version. I hope so that is pretty much a year of upfront development plus I can buy a secure phone from the release date.
    each device will Still need to go through FIPS Approval since they approve both OS AND hardware when doing an approval,
    though this should help the devices go through faster.
    07-23-11 06:50 PM
  13. samab's Avatar
    If you look at the FIPS listings, the crypto kernel in classic Blackberries is listed as firmware, but the crypto kernel in the Playbook is listed as software.

    Don't know if there is a difference in the FIPS testing between firmware vs. software.
    07-23-11 09:39 PM
  14. qbnkelt's Avatar
    I've wondered over the last few days....some of the products we use have a beginning in the military environment and are then morphed into consumer applications. I wonder.....it is possible that the PB was built all along based on the secure community's specifications.
    I don't think that it's too far off the mark to speculate that there were requirement gathering efforts early on.
    Pure speculation on my part, but I find it intriguing.
    07-24-11 06:15 AM
LINK TO POST COPIED TO CLIPBOARD