SSH Receives Fips 140-2 Certification

HELSINKI, FINLAND; PALO ALTO, Calif. and TOKYO – Jan. 12, 2004 – SSH Communications Security (HEX:SSH1V), a world-leading developer of managed security middleware, today announced that the encryption module (SSH Cryptographic Library Software Version 1.2.0) used in its SSH Tectia(TM) Client/Server 4.0 has been awarded Level 1 Federal Information Processing Standards (FIPS) 140-2 certification. In addition to current availability (SSH Tectia Client/Server 4.0), the FIPS 140-2 approved cryptographic module will also be available in future releases of SSH Tectia client/server software.

The Cryptographic Module Validation (CMV) Program of the National Institute of Standards and Technology (NIST) provides specifications for software and hardware products that employ cryptographic algorithms, cryptographic key generation and distribution techniques. Authentication techniques that are FIPS 140-2 approved are certified for protecting Federal Government unclassified information. Vendor products are tested for compliance to these specifications by NIST-approved testing laboratories. In accordance with the NIST certification guidelines, the SSH cryptographic module has been certified at Level 1, which defines software cryptographic functions to be performed in a general purpose PC without any additional hardware security mechanisms.

“Protecting various agencies of the U.S. Government from unauthorized access to sensitive data has become even more critical in today’s environment,” said George Adams, president and CEO of SSH Communications Security, Inc. “We are delighted not only to have this all-important validation of the robustness of our encryption methodology, but also to be doing our part to help ensure that U.S. Government communications are secure.”

Tests performed by the NIST validated several algorithms implemented in the crypto module used in SSH Tectia, including AES, Triple DES, DSA and SHA-1, giving it approval for use in Federal agencies within the context of a complete security program. Many U.S. Government organizations are already using SSH’s Secure Shell-based technology, even before the option for FIPS 140-2 crypto module use is available. These include the U.S. Army, U.S. Navy, U.S. Marine Corps, U.S. Air Force, the Department of Defense, the Department of Justice, Lawrence Livermore National Labs, NASA, the Naval Air Warfare Center, and others. For more information on the completed certification, please visit: http://csrc.nist.gov/cryptval/140-1/1401val2003.htm.

About SSH Tectia
SSH Tectia is an enterprise class suite of security solutions based on SSH’s industry leading technologies. SSH Tectia client/server solution is based on the award-winning SSH Secure Shell used by millions worldwide. SSH Tectia enables end-to-end secure communications throughout the internal and external network. SSH Tectia provides transparent strong encryption and authentication and easily integrates into heterogeneous, multi-platform environments. SSH Tectia’s management capabilities allow for easy scalability and centralized policy deployment.

About SSH Communications Security
SSH Communications Security, a world-leading supplier of managed security middleware, offers a broad range of security software solutions designed to address the most critical needs for businesses, financial institutions and governments worldwide. SSH TectiaTM, based on the award-winning SSH Secure Shell, is a modular enterprise class solution that requires no modification to existing IT infrastructures or applications. SSH Tectia Manager is a centralized, scalable management module for deploying, managing and monitoring of large scale Secure Shell and SSH Tectia environments.

SSH Tectia client/server solution provides standards-based, transparent strong encryption and authentication that easily integrates into heterogeneous, multi-platform environments for secure end-to-end network communications and remote administration. SSH Tectia Certifier provides a robust certification authority for flexible and strong authentication through digital certificates and hardware tokens. SSH is traded publicly on the Helsinki Exchanges under HEX:SSH1V. For more information, please visit www.ssh.com.