NanoCert

Device Security
Framework

NanoBoot

NanoCert

Home > Products > NanoCert

Features
Benefits
Architecture

Certificate-based authentication is a prerequisite for securely administering networked devices and services. Certificates need to be updated frequently to ensure the device is operated by the assigned user, that the device has the most updated user privileges, and that the device has the most recent upgrades in its service. But manually updating certificates is error-prone, inefficient, does not scale, and at times is simply impossible.

The security industry has created a standard protocol to address device-specific needs for certificate management: Simple Certificate Enrollment Protocol (SCEP). SCEP is the evolution of the certificate enrollment protocol developed by Verisign and Cisco Systems. But SCEP alone still leaves you with a lot of manual work to do.

Mocana has taken SCEP one step further. NanoCert extends the SCEP protocol by automating the formerly manual certificate management administrative tasks of registering end entities, revoking certificates, and publishing CRLs. NanoCert makes embedding certificate management on devices easy, fast, and reliable.

NanoCert Features
NanoCert leverages mature technologies such as the Public Key Cryptography Standards (PKCS), specifically PKCS #10 and PKCS #7. Mocana internal HTTP implementation code provides the client-server transport protocol. Certificate management utility functions in the Mocana crypto library provide extremely efficient key generation and management, certificate parsing, encoding and decoding, and certificate store functions.

Mocana NanoCert™ (Server and Client)

Very High Performance
NanoCert, like all of Mocana's device security solutions, is designed with an asynchronous core to fully leverage hardware acceleration.

Ultra-Small Size
Optimized for size and memory usage, NanoCert has been specifically designed and coded to operate on resource-constrained devices, requiring as little as N KB code in ROM.

Full (not partial) IETF Compliance

IETF Draft: draft-nourse-scep-14.txt
X.509 v3 certificate
X.509 v2 CRL format
RFC-3280's X.509 certificate and CRL profiles
RFC-2616, Hypertext Transfer Protocol - HTTP/1.1
RFC-2617, HTTP Authentication: Basic and Digest Access

Advanced Cryptography Support

PKCS #10PKCS #10
PKCS #7
Configurable encryption and message digest algorithms:
- 3DES
- RC4
- RC2
- AES
- MD2, MD4, MD5
- SHA-1, SHA-256, SHA-384, SHA-512, SHA-224
Digest algorithms with RSA encryption:
- SHA-1, SHA-256, SHA-384, SHA-512, SHA-224

NanoCert Benefits

Platform Independent
NanoCert, like all the toolkits in Mocana's Device Security Framework, is CPU architecture and platform independent. NanoCert is immediately available for more than 100 processor/OS combinations, and ports to new platforms typically take only a few hours. Out-of-the-box support is provided for Linux, Monta Vista, VxWorks, OSE, Nucleus, Solaris, ThreadX, Windows, MacOS X, (ARC) MQX, pSOS, and Cygwin. NanoCert is endian-neutral, and can be used without any RTOS.

Hardware Acceleration Support
NanoCert is ready-made to take advantage of hardware offload by leveraging the Mocana Acceleration Harness, a software layer that virtualizes and manages crypto offload from software to hardware, speeding up crypto operations, and enabling the main CPU(s) to do your application's work in parallel.

No Crypto Expertise Needed
Because we built NanoCert from the ground up, it's easy to install and use. You don't need to be a crypto expert because the NanoCert API hides the complexity of cryptography. You can focus on your application development, and let NanoCert take care of the security. Plus, Mocana's developer support team is always available to answer all your questions, be they about crypto, our toolkits, or embedded development in general.

Dramatically Shortens Your Development Cycle
NanoCert is a ready-made, optimized, exhaustively tested certificate management framework that frees your in-house development resources to focus on what's really important: the functionality of your device and its application. The NanoCert API is well documented and provides all the initialization, setup, crypto, and communication functions you need, enabling you to speed through your development and integration efforts and simplify customization. And as always, Mocana's developer support team is available 24/7 to answer your questions.

Architecture

Other Mocana Solutions

In addition to our NanoCert network application, Mocana also provides the following: an intrusion detection and prevention solution (NanoDefender™); NanoEAP™—an EAP wireless solution that includes wireless supplicants; NanoSec™—an embeddable IPsec, IKE v1 and v2, and MOBIKE solution; NanoRADIUS™ RADIUS client; NanoUpdate™ network application enabling secure firmware updates; NanoSSH™—comprising embeddable SSH client and server; and NanoSSH:™—embeddable SSL/TLS client and server. Mocana solutions have an asynchronous core to fully leverage hardware acceleration, provide high performance, and are designed with ease of use in mind. All come with Mocana's comprehensive support and maintenance, and are available individually or as a bundle which composes the Mocana Device Security Framework.

Download Data Sheet PDF

Contact Mocana


NanoCert Features & Benefits
	ETF compliant implementations, full featured

	Easy to install and use

	High Performance

	Speeds development cycle

	Source Code

	Advanced well documented APIs

	Advanced cryptography support

	Ongoing development, maintenance and support

	Includes HTTP client and server

	RTOS neutral and transport agnostic

Please fill out the form below. All fields are required.
First Name
Last Name
Company
Job Title
Phone
Address
City
State
Zip Code
Email	Your Privacy
Country
Embedded security source code packages can only be delivered to valid business email addresses.
When is your project starting?

	I'd like to receive email updates and news from Mocana*

	I have read the Mocana Terms and Conditions
Form Source: Lead Source: