iOS 6 obtains FIPS 140-2 certification, opening door to more government use

Close on the heels of last week's announcement that US Department of Defense approval of iOS 6 devices was imminent comes word from the National Institute of Standards and Technology (NIST) that a cryptographic module in iOS 6 has achieved FIPS 140-2 certification (Level 1). This has, to quote our tipster, "huge implications for government use of iOS (and eventually Macs)."

Apple iOS CoreCrypto Kernel Module v3.0, when operated in FIPS mode, "generates cryptographic keys whose strengths are modified by available entropy." CoreCrypto is described as "a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."

The module met Level 1 of FIPS (Federal Information Processing Standard) 140-2. Level 1 provides the lowest level of security, as no physical security mechanisms are required beyond the basic requirement for production-grade components. CoreCrypto uses FIPS-approved algorithms including Triple-DES, AES, SHS and an additional alphabet soup of acronyms.

The module was tested on an iPhone 4, an iPhone 4S and an iPad (single-user mode) running iOS 6.0. It is unknown if the certification is specific to these devices or if it also extends to newer devices like the iPhone 5.

A tip of the hat to Allan for letting us know about the certification.