The Federal Information Processing Standard 140-2 is a U.S. Government standard that specifies requirements for cryptographic modules. Initially developed for use by US Government departments and agencies, FIPS 140-2 is growing in importance both nationally and internationally and is the model for the International Security Standard ISO 19790 currently being developed.

The growing importance of FIPS 140-2 and ISO 19790 is the result of the increasing damages to individuals and business resulting from disclosure of sensitive and confidential information and the proliferation of new laws that require enhanced security and privacy while raising the legal and financial stakes for enterprises that fail to meet the standards.

“This groundbreaking certification defines the start of a new era that raises HDD data security to the state where rigorous testing by independent government-approved laboratories delivers validation, based upon conformance to a national or international security standard,” said Vittorio Peduto, ST’s General Manager of Data Storage. “ST has a long history of providing best-in-class security solutions to our customers, illustrated by our strong positions in the supply of Trusted Platform Modules, Smart Cards and secure features in Set Top Box systems. We are now able to bring this depth of expertise to the secure HDD market.”

This latest step in HDD security is made possible by the embedding of ST’s HardCache-SL3 Crypto-Module technology within a state-of-the-art HDD System-on-Chip. A key feature of the HardCache-SL3 Crypto-Module is the separation of secure functions from standard drive operations. A secure boundary is well defined around the HardCache-SL3 IP which has at its core an efficient proprietary RISC processor optimized for security. The RISC processor provides the programmability required to rapidly adapt to evolving security protocols.

Coupled closely to the processor core are a suite of hardwired crypto-functions that ensure high performance, reduced power consumption and hidden execution. These functions include FIPS defined algorithms such as AES 256 for encryption and decryption, HMAC-SHA-1 and SHA-256 for hashing and numerous others.

The core architecture of HardCache-SL3 is targeted for application across all major HDD market segments, including Mobile, Desktop and Enterprise. By using the same pre-validated crypto-module for all secure HDD SoCs, ST enables its customers to achieve faster time to market, faster and lower cost FIPS 140-2 certification, the flexibility to carry the same technology across numerous market segments and the ability to keep pace with the increasing requirements of the secure market, as well as the cost benefits of SoC integration.

Notes for Editors
(1) FIPS 140-2 certification is only achievable via the Cryptographic Module Validation Program (CMVP) which is jointly supported by NIST and the Canadian government’s Communications Security Establishment (CSE). Within FIPS 140-2, there are four defined security levels. ST’s HardCache-SL3 is targeted for Security Level 3.

(2) Level 3 includes requirements for physical tamper-resistance (making it difficult for attackers to gain access to sensitive information contained in the module) and identity-based authentication, and for a physical or logical separation between the interfaces by which "critical security parameters" enter and leave the module, and its other interfaces.

(3) The ST HDD Crypto-Module is a block of Intellectual Property and is not meant to be delivered to customers as a standalone integrated circuit. As a result, pricing for the Crypto-Module is highly dependent on the other IP blocks surrounding it and the size and function of the entire integrated SoC.

(4) In addition to all US federal agencies, the established market for FIPS F140-2 products includes postal authorities, financial institutions, healthcare providers and the governments of Canada, the UK and Israel, with a growing interest from private enterprises.

(5) Privacy Rights Clearing House has reported the total number of records containing sensitive personal information involved in “reported” security breaches has grown to greater than 215 million since Jan 2005.