By applying Mocana's Device Security Framework, your solutions minimize memory footprint, maximize cryptographic throughout and stay extremely portable. Designed for device manufacturers and service providers, this unified, comprehensive approach to device management secures remote device access, communication between devices and user authorization requests. The DSF also defines secure firmware updates that expand device functionality and protects connected devices against malware or viruses. Applications and tools in the Device Security Framework feature:
Asynchronous Architecture:
Component software solutions of Mocana's DSF are asynchronous throughout. An asynchronous, event driven architecture makes possible the performance and scalability demanded by the latest class of IP connected devices supporting low-latency IP services, like VoIP and IP Video. Performance of Device Security Framework components is further enhanced by code which fully leverages the latest generation of multi-core processors and cryptographic hardware acceleration.
Competing device security architectures are synchronous, which severely limits the number of cryptography jobs that can be offloaded to silicon at any one time. Synchronous architectures also severely limit the way that completed cryptography jobs can be propagated back up the stack. Mocana's Device Security Framework features an asynchronous, event-driven architecture that allows cryptographic jobs to be easily offloaded to different CPU cores or silicon channels, fully enabling today's multi-core processors and distributed "cloud" computing models.
Portability:
Mocana's Device Security Framework is extremely portable. It has been designed with simplicity and ease of integration in mind. All components of Mocana's Device Security Framework leverage a common abstraction layer that has two integration axes, one for OS integration (abstraction), and the other for CPU integration.
What this means is that if chips X, Y and Z are supported, along with OS #1... then a port to OS #2 will inherit support for chips X, Y and Z automatically just only modifying the OS abstraction axis. Conversely if OS #1, 2 and 3 are supported, along with chip X, then a port to chip Y will immediately inherit support for this chip on all three OS1s by only modifying the CPU abstraction axis. This approach provides maximum coverage of OS and CPU combinations and maximum flexibility for device designers to make OS and CPU decisions independent of Mocana's Device Security Framework.
The various components of Mocana's Device Security Framework are available now on over 100 different silicon/OS combinations, and ports to new platforms can be completed in under two hours.
High Performance
The components of the Device Security Framework all feature an extremely low memory utilization per connected client, as well as a high-performance, zero-threaded architecture. Components of the DSF are designed for easy integration with hardware accelerators, and are "multi-core aware" to take full advantage of the latest generation of multicore CPUs.
Ease of Use:
Elements of the Device Security Framework are each and collectively highly portable, with no OS required. The DSF supports over 1,000 OS/CPU combinations and can be ported to new environments at will in a matter of hours. DSF components are therefore CPU- and network-independent. Your developers don't need to be crypto experts, either - Mocana's Device Security Framework shields your engineers from crypto complexity and automatically protects your designers from the most common security implementation errors that can create security "holes" later. Finally, Mocana's documentation is the best in the business. You won't find a better documented, better supported device security API anywhere else.
Mocana products included in the Device Security Framework include (among others):
NanoSSL™: Provides endpoint authentication, protecting against eavesdropping, message forgery and interference. The Client initiates connection to the Server. Both are commonly used for securing remote device management via a web browser.
NanoSSH ™: Designed for logging into and executing commands on a networked computer and provides secure encrypted communications between two untrusted hosts over an insecure network. The SSH Client is used to connect into an SSH Server.
NanoSec™: Designed from the ground up for use with IP connected devices, it also includes support for IKEv2. IPsec is a standard for securing (IP) Internet Protocol communications by encrypting and/or authenticating all packets at the network layer.
NanoRadius™: Implements a client/server mechanism that enables remote access servers to communicate with a central server to authenticate users and authorize their access to requested systems or services.
NanoEAP™: Includes 14 different authentication methods and supports stand alone and pass thru authentication modes and acts as a framework and transport mechanism for AAA (Authentication, Authorization, and Accounting) protocols.
Contact Us for further data on this product
back to top>>
Mocana NanoBoot™
Mocana NanoBoot provides all the tools and firmware source code needed to perform pre-boot verification. NanoBoot uses strong cryptography to validate the BIOS, firmware, and boot loader images. NanoBoot can run in memory-constrained environments (depending on cryptographic configuration), requiring less than 8 KB uncompressed firmware space and less than 2 KB of RAM.
Mocana NanoBoot comprises two components: a command line tool, which digitally signs the authorized firmware image, and a small signature verification application that executes during initialization from within a processor's protected flash memory. The NanoBoot application may be a little as 8 KB, and require less than 2 KB of RAM, enabling SoC design. When the device is powered up, NanoBoot verifies the device's signature, thereby ensuring that the device's firmware has not been altered.
Benefits
Protects intellectual Property
- Prevent subversion (tampering) of firmware images.
- Assign unique IDs, such as SKUs, to firmware images using cryptographic private keys.
Platform independence
All Mocana products are CPU architecture and platform independent.
- Endian neutral.
- RTOS not required.
- Platforms supported include Linux, Monta Vista Linux, VxWorks, OSE, Nucleus, Solaris, ThreadX, Windows, MacOS X, (ARC) MQX, pSOS, and Cygwin. Additional RTOS ports take approximately two job hours to complete.
- ROM-able - Code can run in ROM, not just RAM.
- Ultra small footprint enables SoC (system on chip) design.
Easy to use
- One simple API function to call at startup or periodically.
- Ongoing Development, Maintenance and Support
- Full documentation, support, and training.
- Upgrades, ongoing maintenance, and customized development and porting.
Performance
- Ultra small code and runtime footprints
- Preboot verification for firmware
Contact Us for further data on this product.
back to top>>
Mocana NanoCert
Certificate-based authentication is a prerequisite for securely administering networked devices and services. Certificates need to be updated frequently to ensure the device is operated by the assigned user, that the device has the most updated user privileges, and that the device has the most recent upgrades in its service. But manually updating certificates is error-prone, inefficient, does not scale, and at times is simply impossible.
The security industry has created a standard protocol to address device-specific needs for certificate management: Simple Certificate Enrollment Protocol (SCEP). SCEP is the evolution of the certificate enrollment protocol developed by Verisign and Cisco Systems. But SCEP alone still leaves you with a lot of manual work to do.
Mocana has taken SCEP one step further. NanoCert extends the SCEP protocol by automating the formerly manual certificate management administrative tasks of registering end entities, revoking certificates, and publishing CRLs. NanoCert makes embedding certificate management on devices easy, fast, and reliable.
NanoCert Features
NanoCert leverages mature technologies such as the Public Key Cryptography Standards (PKCS), specifically PKCS #10 and PKCS #7. Mocana internal HTTP implementation code provides the client-server transport protocol. Certificate management utility functions in the Mocana crypto library provide extremely efficient key generation and management, certificate parsing, encoding and decoding, and certificate store functions.
Very High Performance
NanoCert, like all of Mocana's device security solutions, is designed with an asynchronous core to fully leverage hardware acceleration.
Ultra-Small Size
Optimized for size and memory usage, NanoCert has been specifically designed and coded to operate on resource-constrained devices, requiring as little as N KB code in ROM.
Full (not partial) IETF Compliance
- IETF Draft: draft-nourse-scep-14.txt
- X.509 v3 certificate
- X.509 v2 CRL format
- RFC-3280's X.509 certificate and CRL profiles
- RFC-2616, Hypertext Transfer Protocol - HTTP/1.1
- RFC-2617, HTTP Authentication: Basic and Digest Access
Advanced Cryptography Support
- PKCS #10PKCS #10
- PKCS #7
- Configurable encryption and message digest algorithms:
- 3DES
- RC4
- RC2
- AES
- MD2, MD4, MD5
- SHA-1, SHA-256, SHA-384, SHA-512, SHA-224
- Digest algorithms with RSA encryption:
- SHA-1, SHA-256, SHA-384, SHA-512, SHA-224
NanoCert Benefits
Platform Independent
NanoCert, like all the toolkits in Mocana's Device Security Framework, is CPU architecture and platform independent. NanoCert is immediately available for more than 100 processor/OS combinations, and ports to new platforms typically take only a few hours. Out-of-the-box support is provided for Linux, Monta Vista, VxWorks, OSE, Nucleus, Solaris, ThreadX, Windows, MacOS X, (ARC) MQX, pSOS, and Cygwin. NanoCert is endian-neutral, and can be used without any RTOS.
Hardware Acceleration Support
NanoCert is ready-made to take advantage of hardware offload by leveraging the Mocana Acceleration Harness, a software layer that virtualizes and manages crypto offload from software to hardware, speeding up crypto operations, and enabling the main CPU(s) to do your application's work in parallel.
No Crypto Expertise Needed
Because we built NanoCert from the ground up, it's easy to install and use. You don't need to be a crypto expert because the NanoCert API hides the complexity of cryptography. You can focus on your application development, and let NanoCert take care of the security. Plus, Mocana's developer support team is always available to answer all your questions, be they about crypto, our toolkits, or embedded development in general.
Dramatically Shortens Your Development Cycle
NanoCert is a ready-made, optimized, exhaustively tested certificate management framework that frees your in-house development resources to focus on what's really important: the functionality of your device and its application. The NanoCert API is well documented and provides all the initialization, setup, crypto, and communication functions you need, enabling you to speed through your development and integration efforts and simplify customization.
Contact Us for further data on this product.
back to top>>
Mocana NanoDefender™
Mocana's patent-pending new anti-malware product, NanoDefender, is a device-based intrusion detection system that is designed to instantly detect and shut down malware or viruses before they have a chance to spread throughout the network or hijack data -- and it does so while eliminating “false positives.” NanoDefender is the latest addition to the Device Security Framework, Mocana's top-to-bottom architecture for planning, implementing and managing comprehensive device security across the enterprise.
Mocana NanoDefender approaches intrusion detection in a completely different way. Unlike anti-malware products currently on the market that rely on attack databases for defense, NanoDefender tracks the function flow within the application.
Designed to prevent malicious code execution in the context of an existing application or process, NanoDefender is focused on recognizing previously unknown attacks, especially on handheld and wireless devices. It isn't an add-on. It's designed to be integrated into the device or application during the manufacturing process to prevent damage from attacks, known or unknown. Contact Us for further data on this product.
back to top>>
Mocana NanoDTLS™
Mocana delivers an open, standards-based, full featured, RFC compliant Embedded DTLS Client & Embedded DTLS Server that is easy to use. Mocana NanoDTLS is uniquely architected with an asynchronous core to fully leverage hardware acceleration, is portable and small footprint. It is ideally suited to securing voice and video.
DTLS provides endpoint authentication, protecting against eavesdropping, message forgery and interference over an unreliable transport (typically UDP). DTLS operates at a higher level in the OSI stack than does IPsec. DTLS involves peer negotiation for cipher algorithm support, public key encryption-based key exchange, and certificate-based authentication. Contact Us for further data on this product.
back to top>>
Mocana NanoEAP™
Mocana delivers and open standards based, full featured, RFC compliant embedded EAP solution. The Mocana NanoEAP solution offers a complete peer (supplicant) as well as an authenticator that can support pass-through mode and stand-alone mode. Both the supplicant and the authenticator(s) are available individually or as a bundle. The Mocana NanoEAP solution can prevent unauthorized access to your network devices, easily update your security handling, and independently manage multiple users who require unique security configurations. Separate VLANs can be served by separate EAP instances. Upper-layer APIs enable session creation, initialization, and statistics collection. Lower-layer APIs enable EAP communication over PPP, UDP, or any other protocol.
Contact Us for further data on this product.
back to top>>
Mocana NanoRADIUS
NanoRADIUS is Mocana's easy-to-use, feature-rich RADIUS
(Remote Authentication Dial In User Server)
client specifically designed to speed product development while providing best-in-class device security services for resource-constrained environments. NanoRADIUS is an open, standards-based, full-featured, RFC-compliant and portable solution that enables you to securely authenticate users against any RADIUS server.
NanoRADIUS fits into the memory nooks and crannies where other RADIUS implementations cannot, it enables voluminous transactions/second and
is immediately available for more than 100 processor/OS combinations, and ports to new platforms typically take only a few hours. Out-of-the-box support is provided for Linux, Monta Vista, VxWorks, OSE, Nucleus, Solaris, ThreadX, Windows, MacOS X, (ARC) MQX, pSOS, and Cygwin. NanoRADIUS is endian-neutral, and can be used without any RTOS.
Contact Us for further data on this product.
back to top>>
Mocana NanoSEC™
Mocana's NanoSec is an standards-based full featured and RFC-compliant IPsec toolkit. NanoSec is easy to use, uniquely architected with an asynchronous core to fully leverage hardware acceleration, is extremely portable and has an incredibly small memory footprint. It is ideally suited to securing voice, video and data communications.
Mocana NanoSec supports IKEv2, Mobile IKE (MOBIKE), Dual-Mode Operation (IKE + IKEv2) and integrates tightly with Mocana's NanoEAP package (Extensible Authentication Protocol). All are integral parts of Mocana's Device Security Framework.
Very High Performance
NanoSec, like all of Mocana's device security solutions, is designed with an asynchronous core to fully leverage hardware acceleration. NanoSec throughput typically outperforms open source IPsec packages by a factor of 4x or better, depending on the platform.
Ultra-Small Size
Optimized for size and memory usage, the NanoSec client has been specifically designed and written to operate on resource-constrained devices, requiring as little as 65KB ROM. This is less than one-fifth the size of the typical IPsec client.
Contact Us for further data on this product.
back to top>>
Mocana NanoSSH™
Mocana's NanoSSH™ embedded SSH client/server secures Telnet communications between devices or between a devices and a back-end SSH management console or SFTP Server. NanoSSH is a very small, very fast open standards-based solution that enables secure communications to any other device or CLI management console over any network.
NanoSSH is a super-fast, super-small SSH client/server toolkit specifically designed to speed product development while providing best-in-class device security services for resource-constrained environments. NanoSSH is accelerated and optimized for embedded device security. And it's surprisingly affordable: the NanoSSH total cost of ownership is usually less than open source SSH packages.
Very High Performance
NanoSSH, like all of Mocana's device security solutions, is designed with an asynchronous core to fully leverage hardware acceleration. NanoSSH throughput typically outperforms open source SSH packages by a factor of 4x or better, depending on the platform.
Ultra-Small Size
Optimized for size and memory usage, the NanoSSH client has been specifically designed and written to operate on resource-constrained devices, requiring as little as 70KB code in ROM. This is less than one-fifth the size of the typical open source SSH client.
Contact Us for further data on this product.
back to top>>
Mocana NanoSSL™
Mocana's NanoSSL™ is a standards-based full featured and RFC-compliant SSL/TLS client/server toolkit. NanoSSL is easy to use, uniquely architected with an asynchronous core to fully leverage hardware acceleration, is extremely portable and has an incredibly small memory footprint. It is ideally suited to securing voice, video and data communications.
Very High Performance
NanoSSL, like all of Mocana's device security solutions, is designed with an asynchronous core to fully leverage hardware acceleration. NanoSSL throughput typically outperforms open source SSL packages by a factor of 4x or better, depending on the platform.
Ultra-Small Size
Optimized for size and memory usage, the NanoSSL client and server has been specifically designed and written to operate on resource-constrained devices, requiring as little as 50KB ROM each. This is less than one-fifth the size of the typical SSL client.
Contact Us for further data on this product.
back to top>>
Mocana NanoWireless™
Mocana delivers a standards-based, full featured, IEEE-compliant WPA2 client software solution that is easy to use. The Mocana NanoWPA2 solution is uniquely architected with an asynchronous core to fully leverage hardware acceleration, is available now on over 1,000 CPU/OS combinations, and features the smallest memory footprint on the market.
“Wi-Fi Protected Access 2” (WPA2™) is a security protocol created by the Wi-Fi Alliance to secure wireless computer networks. The protocol was created in response to several serious weaknesses researchers have discovered in the previous system, Wired Equivalent Privacy (WEP), which has since been banned by payment card industry groups. The WPA2 protocol implements most of the IEEE 802.11i standard and is specifically designed to be backwards-compatible with older wireless network interface cards that pre-date the protocol (through firmware upgrades), but not necessarily with first generation of wireless access points. Until recently, embedded developers were forced to "roll their own" WPA2 implementations, or to laboriously port implementations originally designed for PCs or server platforms. This meant weeks of additional development and testing time, on top of an already-compressed embedded development schedule. But now there's NanoWireless, from Mocana.
WPA2 provides all the functions necessary to create fully 802.11i-compliant station management entity (SME). The SME can establish a secure association with a defined access point (AP) in infrastructure mode (ESS), and be part of a wireless robust secure network (RSN). Additionally, Mocana WPA2 enables you to perform preauthentication to support speedy handover from AP to AP. And it's all available in full source code, or as binaries for virtually any CPU/OS combination you can possibly imagine.
Contact Us for further data on this product.
back to top>>
Mocana NanoUpdate™
NanoUpdate enables firmware images and other messages to be securely delivered to devices in the field automatically, therefore eliminating the need for insecure, user-intensive methods, like email, TFTP, FTP, HTTP, and CD/DVD.
For example, a command line tool (included with Mocana NanoUpdate) creates a PKCS #7 - digitally signed message. The signed message is placed at a well known URI, which is programmed to check for updates. The signed message is then downloaded, authenticated, verified, de-capsulated, saved and/or acted upon.
Mocana NanoUpdate can be used even with disruptions. In this example, the signed message download that is disrupted during retrieval, will cleanly resume without consequence.
Contact Us for further data on this product.
back to top>>
Mocana's NanoPhone™ Suite for Android
Android developers must balance security functionality, application performance and battery life effectively without introducing new security holes into the platform. Mocana's NanoPhone™ Suite for Android is the first and only open-standards-based software package enabling developers to build the security features that enterprises and savvy consumers demand. It was designed in a modular framework allowing developers to pick and use only what they need at the time, while allowing them the flexibility to add more functionality later. Using NanoPhone, developers can quickly add much-needed firewall, VPN, and encryption features to Android handsets without compromising the performance, throughput or battery life of the platform.
Mocana's NanoPhone for Android helps developers manage their memory footprint, maximize secure application throughout and still stay extremely portable. That means you'll be ready for the next CPU that comes down the road, without having to redo all your code. Product managers will love it because NanoPhone will help their teams get their code to market much, much faster with a standards-based security software suite. Now your development teams can focus on the compelling feature advantages that will help them differentiate from the competition. Contact Us for further data on this product.
If you have a specific requirement that may require an internet security solution and would like to have an informal chat with one of our engineers, please do not hesitate to get in touch.
e-mail: sales@sdcsystems.com or tel: +44 (0)845 6588554
We'll be pleased to hear from you. |
The Mocana Device Security Framework provides a holistic approach for securing networked devices and services and is ideally suited to the Networking market . The Framework is open standards-based, extensible, OS and CPU independent and contains FIPS validated crypto algorithms. It includes modular software the gets embedded into devices at the time of manufacture as well as optional capabilities delivered across the network. The Mocana Device Security Framework has an asynchronous architecture, leverages a common abstraction layer and features Mocana's Acceleration Harness, a layer that manages crypto offload from software to hardware to extract maximum performance and scaling benefit from hardware acceleration technologies.
