Type 4 Encryption
   HOME

TheInfoList



Click Here for Items Related To - Type 4 Encryption
OR:
Type 4 Encryption on:   [Wikipedia]   [Google]   [Amazon]

The U.S. National Security Agency (NSA) used to rank
cryptographic Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adve ...
products or algorithms by a certification called product types. Product types were defined in the National Information Assurance Glossary (CNSSI No. 4009, 2010) which used to define Type 1, 2, 3, and 4 products. The definitions of numeric type products have been removed from the government lexicon and are no longer used in government procurement efforts.


Type 1 product

A Type 1 product was a device or system certified by NSA for use in cryptographically securing
classified Classified may refer to: General *Classified information, material that a government body deems to be sensitive *Classified advertising or "classifieds" Music *Classified (rapper) (born 1977), Canadian rapper *The Classified, a 1980s American roc ...
U.S. Government information. A Type 1 product was defined as:
Cryptographic equipment, assembly or component classified or certified by NSA for encrypting and decrypting classified and sensitive national security information when appropriately keyed. Developed using established NSA business processes and containing NSA approved algorithms. Used to protect systems requiring the most stringent protection mechanisms.
They were available to
U.S. Government The federal government of the United States (U.S. federal government or U.S. government) is the national government of the United States, a federal republic located primarily in North America, composed of 50 states, a city within a fede ...
users, their contractors, and federally sponsored non-U.S. Government activities subject to export restrictions in accordance with
International Traffic in Arms Regulations International Traffic in Arms Regulations (ITAR) is a United States regulatory regime to restrict and control the export of defense and military related Military technology, technologies to safeguard National security of the United States, U.S. ...
. Type 1 certification was a rigorous process that included testing and formal analysis of (among other things) cryptographic security, functional security, tamper resistance, emissions security (
EMSEC TEMPEST is a U.S. National Security Agency specification and a NATO certification referring to spying on information systems through leaking emanations, including unintentional radio or electrical signals, sounds, and vibrations. TEMPEST covers bot ...
/ TEMPEST), and security of the product manufacturing and distribution process.


Type 2 product

A Type 2 product was unclassified cryptographic equipment, assemblies, or components, endorsed by the NSA, for use in telecommunications and automated information systems for the protection of
national security National security, or national defence, is the security and defence of a sovereign state, including its citizens, economy, and institutions, which is regarded as a duty of government. Originally conceived as protection against military atta ...
information, as defined as:
Cryptographic equipment, assembly, or component certified by NSA for encrypting or decrypting sensitive national security information when appropriately keyed. Developed using established NSA business processes and containing NSA approved algorithms. Used to protect systems requiring protection mechanisms exceeding best commercial practices including systems used for the protection of unclassified national security information.


Type 3 product

A Type 3 product was a device for use with Sensitive, But Unclassified (SBU) information on non-national security systems, defined as:
Unclassified cryptographic equipment, assembly, or component used, when appropriately keyed, for encrypting or decrypting unclassified sensitive U.S. Government or commercial information, and to protect systems requiring protection mechanisms consistent with standard commercial practices. Developed using established commercial standards and containing NIST approved cryptographic algorithms/modules or successfully evaluated by the National Information Assurance Partnership (NIAP).
Approved encryption algorithms included three-key Triple DES, and
AES AES may refer to: Businesses and organizations Companies * AES Corporation, an American electricity company * AES Data, former owner of Daisy Systems Holland * AES Eletropaulo, a former Brazilian electricity company * AES Andes, formerly AES Gener ...
(although AES can also be used in NSA-certified Type 1 products). Approvals for
DES Des is a masculine given name, mostly a short form (hypocorism) of Desmond. People named Des include: People * Des Buckingham, English football manager * Des Corcoran, (1928–2004), Australian politician * Des Dillon (disambiguation), sever ...
, two-key Triple DES and Skipjack have been withdrawn as of 2015. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, NIST.SP.800-131A Rev1, November 6, 2015, Elaine Barker, Allen Roginsky


Type 4 product

A Type 4 product was an encryption algorithm that was registered with
NIST The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical sci ...
but is not a Federal Information Processing Standard (FIPS), defined as:
Unevaluated commercial cryptographic equipment, assemblies, or components that neither NSA nor NIST certify for any Government usage. These products are typically delivered as part of commercial offerings and are commensurate with the vendor’s commercial practices. These products may contain either vendor proprietary algorithms, algorithms registered by NIST, or algorithms registered by NIST and published in a FIPS.


See also

* NSA encryption systems, for a historically oriented list of NSA encryption products (most of them Type 1). *
NSA cryptography The vast majority of the National Security Agency's work on cryptography, encryption is classified information, classified, but from time to time NSA participates in standardization, standards processes or otherwise publishes information about it ...
for algorithms that NSA has participated in the development of. *
NSA Suite B Cryptography NSA Suite B Cryptography was a set of cryptographic algorithms promulgated by the National Security Agency as part of its Cryptographic Modernization Program. It was to serve as an interoperable cryptographic base for both unclassified informati ...
*
NSA Suite A Cryptography NSA Suite A Cryptography is NSA cryptography which "contains classified algorithms that will not be released." "Suite A will be used for the protection of some categories of especially sensitive information (a small percentage of the overall natio ...


References

''Parts of this article have been derived from Federal Standard 1037C, the
National Information Systems Security Glossary Committee on National Security Systems Instruction No. 4009, National Information Assurance Glossary, published by the United States federal government, is an unclassified glossary of Information security terms intended to provide a common vocabula ...
, and 40 USC 1452.'' Cryptographic algorithms National Security Agency encryption devices {{crypto-stub