Certicom CodeSign Enables Secure Code Distribution

Accessed through a web browser, CodeSign enables organizations like device manufacturers, wireless service providers and cables operators to remotely distribute over-the-air or wired network firmware updates and applications without fear of the introduction of any rogue code or viruses, thereby protecting content and revenue. In minutes, developers can quickly and easily install CodeSign to remotely provision devices, eliminating the need to upgrade software manually or replace devices. Downloading malicious code in the process of updating code is a serious threat to organizations if users cannot verify the source or integrity of it. CodeSign overcomes these challenges by providing a mechanism to digitally sign firmware and then wrap both the code and the digital signature in a cryptographic envelope. CodeSign provides assurance that code has not been altered, infected or corrupted, and that it comes from a trusted source. For some time, code signing has been used in the software arena, however CodeSign is a tool designed specifically for firmware. In developing CodeSign, Certicom relied on its extensive experience in embedding security on small devices and working with the industrys leading manufacturers. The result is a commercially supported application that supports a wide range of platforms and standards, such as 802.16/WiMAX, PCS/SCADA and CableLabs DOCSIS, and eliminates the need for extensive integration work. Its Java-based architecture provides the flexibility to accommodate changes, even modifications of industry standards. Although CodeSign is primarily designed for use in mobile devices and cable systems, its use extends to any application where there is a need to remotely update firmware and applications, such as in the gaming industry. For example, CodeSign could be used to enforce internal security to prevent any modifications after code has been audited and signed off. CodeSign offers security and interoperability through a standards-based design. - Standardized PKCS No. 10 requests for Code Verification Certifications submission to third party Certificate Authorities such as VeriSign, Thawte, GeoTrust or enterprise Certificate Authorities. - PKCS No. 1, 5, 7, 8, 10, 12, X.509 v3 certifications - IETF and ANSI To complete the security solution, device manufacturers and network operators need to embed PKI functionality to verify the signatures. Certicoms Security Builder PKI toolkit, in combination with Certicom CodeSign, provides that end-to-end solution. Availability Certicom CodeSign is available immediately and is priced with a license fee.