Solution

 

 

 

 

 

 

 

Patrick Townsend & Associates Achieves NIST Certification of its Alliance AES Data Encryption Products That Help Customers Guard Against Compliance Breaches on Multiple Enterprise Platforms

Press release

OLYMPIA, WA - 18 Jun 2007:  Patrick Townsend & Associates today announced that it has successfully completed the NIST AES Validation certification of its Alliance AES Encryption products that run on a variety of Enterprise server platforms. The certification covered every NIST-approved encryption key size, and every NIST-approved mode of encryption, on nine Enterprise server platforms including Windows, Linux, UNIX, IBM iSeries, and IBM zSeries mainframe. The result is an unprecedented suite of certified AES encryption solutions that work on heterogeneous operating systems, help insure confidence in Enterprise data protection efforts, and inter-operate with customer and vendor data encryption solutions.

As Enterprise customers struggle to meet data security regulations, they encounter numerous problems of compatibility between different encryption solutions. Aggravating these concerns is the need to evaluate different vendor claims about their encryption solutions. Customers ask: Are solutions really secure? Will they work with other vendor solutions? Will the vendor be able to stand behind us in the event of a loss? The NIST AES certification process helps answer these questions, and the Alliance AES encryption solutions have met the rigorous testing requirements of the NIST AES Validation process.

Patrick Townsend, President of Patrick Townsend & Associates, says “In the rush to meet PCI and Privacy Notification regulations Enterprise customers are finding it difficult to evaluate vendor solutions. The NIST AES Validation program is one way customers can build confidence in a vendor’s encryption solution. The testing and validation process is carried out by an independent testing lab, and approved by NIST. By certifying Alliance AES encryption on all key sizes and modes of encryption, and on all of the major Enterprise server platforms, we provide the confidence that our customers need in an encryption solution.”

Companies are often cast into a chaotic state when a data loss occurs. IT staff need to be able to work with law enforcement, customers, and stakeholders quickly and efficiently to convey confidence in their data security solutions. In one study, the NIST CMVP testing program found that 50% of the modules were found to have security flaws and 25% of algorithms used were found to be incorrectly implemented. Law enforcement professionals know that not everything called “encryption” really meets minimal standards. An Enterprise that uses NIST certified solutions will help minimize questions about the quality of their encryption solution.

Paul Ohmart, the project manager for certification, said “Data encryption is always about cross-platform compatibility. Enterprise customers don’t want to send sensitive information in the clear between internal servers, or between their internal systems and external customer and supplier systems. This exposes the data to loss. By supplying certified encryption solutions on Windows, Linux, UNIX, iSeries, and zSeries platforms with the same encryption API set, we provide customers with cross-platform support using exactly the same APIs. This reduces cost, shortens data security project times, and mitigates against data loss.”

Standard AES encryption supports multiple key sizes and five modes of encryption. Many data security vendors support only one key size, and one or two modes of encryption. This leaves gaps in the security implementation. A solution that only supports Cipher Block Chaining (CBC) mode, for example, will not be able to handle Electronic Code Book (ECB) or Output Feed Back (OFB) modes of AES encryption. The Alliance AES encryption solution protects against these incompatibilities by supporting all standard encryption key sizes and all modes of encryption. The Alliance solution will inter-operate with any other vendor’s encryption products based on the AES standard.

The Company
Patrick Townsend & Associates is a privately held Washington State corporation providing encryption and data security products to the Enterprise customer. The company has over 700 customers world-wide who are achieving regulatory compliance. The company can be reached at (360) 357-8971 or on the web at www.patownsend.com.

Press contact:   Nat Latos
                       Patrick Townsend & Associates
                        406 Legion Way SE, Suite 300
                        Olypmia, WA 98501
                        Email: nat.latos@patownsend.com
                        Voice: (360) 357-8971

Home l Products l Industries l Partners l Support l Search l Technology l Customers l Contact l Legal/Privacy