How We Secure: Encryption
AES 256
SurePassID Universal MFA uses military-grade encryption to secure all secret data, including data at rest.
Definition
Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST). AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. View the NIST specification of AES here.
AES is the only publicly-accessible cipher approved by the U.S. National Security Agency (NSA) for top secret information when used in an NSA-approved Hardware Security Module (HSM).
How SurePassID uses AES 256
All secret data in the SurePassID Universal MFA platform, including data at rest, is encrypted with AES 256 symmetric encryption keys. By default these symmetric encryption keys are protected by PKI infrastructure.
Alternatively, the SurePassID Universal MFA platform can use a FIPS 140-2 Host Security Module (HSM, identical to a Hardware Security Module).
If required for overseas deployment, an export-grade cipher (i.e. one based on 40-bit cryptography) can be substituted for AES 256.