|HP Atalla Offerings Receive FIPS Certification as Trusted Financial Security Products|
Today at the world's leading e-security conference and expo, HP (NYSE:HPQ) announced two new security products designed to bring the level of strong hardware-based security, common to financial networks, to back office operations.
Joining the complete range of HP Atalla hardware security processors for banking, the Internet and enterprise security applications are:
-- The HP Atalla Trusted PrintMail Center, an integrated, easy-to-use and secure solution for in-house generation and distribution of sensitive data such as customer personal identification numbers (PINs) or cryptographic key components; and
-- The HP Atalla Secure Configuration Assistant, an easy-to-use set of tools to configure, manage and inject keys into the latest HP Atalla Ax100 Network Security Processor products.
HP also announced that its Atalla Cryptographic Engine (ACE) has received from the U.S. National Institute of Standards and Technology the Federal Information Processing Standard (FIPS) 140-2 Level 3 certification, which the financial community increasingly specifies as a procurement requirement. The Atalla ACE is found in the latest generation of HP Atalla products for secure financial transactions.
Secure and Comprehensive Printing Solution
Countless dollars and endless time is spent securing sensitive data in banking networks, but the same information is vulnerable to unauthorized access whenever it is sent to a printer or otherwise handled manually. A complete solution for in-house generation and distribution of sensitive data such as PINs or passwords, the HP Atalla Trusted PrintMail Center (ATPC) helps to eliminate these weak links in a financial institution's security infrastructure.
"Now banks, brokerage houses, benefit providers or any organization that assigns PINs or passwords to users for secure account access will save time and money using the ATPC when compared to costly third-party options," said Chris Whitener, general manager, HP Atalla Security Products. "The ATPC may also be used to securely distribute cryptographic key components to ATM or point-of-sale devices -- a process which today is fraught with security vulnerabilities."
The ATPC includes an HP Atalla Network Security Processor (NSP) certified to the FIPS 140-2 Level 3 standard, a Windows(R) 2000 application server and one or more secure HP LaserJet 4100, 4200 or 4300 series printers with the HP Print-to-Mail feature and custom ATPC forms.
Handheld Device Manages Hardware Security Modules
A set of tools to configure, manage and inject keys into HP Atalla Ax100 NSP products, the HP Atalla Secure Configuration Assistant (SCA) is built on a security-enhanced HP iPAQ Pocket PC platform, which provides a familiar, easy-to-use graphical user interface to reduce human error.
Security administrators use a custom smartcard provided by HP to perform all of the Atalla SCA's cryptographic functions and store security-relevant data such as cryptographic key components. The Atalla SCA and the Atalla Ax100 NSP form a truly secure, end-to-end key initialization solution for financial applications such as ATM, POS and electronic funds transfer.
Optional share smartcards, distributed to local or remote operations staff, can initialize an NSP to a pre-defined configuration pre-set by security administrators.
"The innovation of share cards will be of great benefit for HP Atalla NSP installations that are managing our products in remote locations or in lights-out facilities," said Gary Lefkowitz, director of marketing, HP Atalla Security Products.
Atalla Security Products Receive FIPS 140-2 Level 3 Certification
FIPS 140-2 Level 3 certification applies to the Atalla ACE found in the latest generation of HP Atalla Ax100 NSP products that secure financial transactions for ATM, POS and EFT applications.
The certification of the HP Atalla hardware cryptographic module was produced at InfoGard Laboratories, Inc., an independent testing laboratory that provides FIPS validation services.
"As a FIPS 140-2 validated module, the HP Atalla Cryptographic Engine provides a benchmark for trusted financial security products," said Tom Caddy, laboratory director, InfoGard Laboratories, Inc. "The standard specifies U.S. Government minimum requirements and industry best practices for deploying cryptographic algorithms, handling key material and many other critical aspects of design and implementation."
More information about the ACE certification no. 296 is available at http://www.csrc.nist.gov/cryptval/140-1/1401val2003.htm. More information on the U.S. National Institute of Standards and Technology's Cryptographic Module Validation program is available at http://www.csrc.nist.gov/cryptval/.
More information about HP Atalla security products is available at http://www.atalla.com.
HP is a leading global provider of products, technologies, solutions and services to consumers and businesses. The company's offerings span IT infrastructure, personal computing and access devices, global services and imaging and printing. HP completed its acquisition of Compaq Computer Corporation on May 3, 2002. More information about HP is available at http://www.hp.com.
Windows is a U.S. registered trademark of Microsoft Corp.
This news release contains forward-looking statements that involve risks, uncertainties and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Risks, uncertainties and assumptions include the possibility that the market for the sale of certain products and services may not develop as expected; that development and performance of these products and services may not proceed as planned; and other risks that are described from time to time in HP's Securities and Exchange Commission reports, including but not limited to HP's quarterly report on Form 10-Q for the quarter ended January 31, 2003, and subsequently filed reports. If any of these risks or uncertainties materializes or any of these assumptions proves incorrect, HP's results could differ materially from HP's expectations in these statements. HP assumes no obligation to update these forward-looking statements.