Mocana
Overview
Mocana secures the "Internet of Things" the 20 billion non-PC devices that are increasingly connecting to networks across every sector of our economy, including smartphones, datacom, smartgrid, federal, consumer and medical. These devices already outnumber workstations on the Internet by about five to one, representing a $900 billion market that's growing twice as fast as the PC market.
Today, sophisticated attacks that evolved on PCs and became more virulent on the Internet are being re-targeted toward the comparatively defenseless Internet of Things. Unfortunately, PC security approaches cannot solve this rapidly evolving "device integrity problem." A new approach is needed.
Mocana is developing the industry's only device-independent Smart Device Security platform that secures all aspects of IP addressable devices as well as the information, applications and services that run on them. Mocana's solutions and services dramatically increase confidence, trust and compliance among OEMs, service providers and their customers. Every day, millions of people use products sold by over 150 companies that leverage Mocana's Device Security solutions, including Cisco, Honeywell, Dell, General Electric, General Dynamics, Avaya and Harris, among others. Mocana won Frost & Sullivan's Technology Innovation of the Year award for 2008 for Device Security, and was named to the Red Herring Global 100 as one of the "top 100 privately-held technology companies in the world" in January 2009.
Products and Services

Mocana's Mobile App Protection™ (MAP) is a security solution that complements your mobile device management (MDM) solution, but goes beyond app sandboxes and coarse-grained containers to bring security to a whole new level—down to the individual app and user.
Mocana's Mobile App Protection (MAP) uses a unique and patent-pending technology that enables wrapping fine-grained security and usage policies into individual mobile apps. Apps can even be wrapped post development, so there is no need to have access to the original source code, an SDK, or a separate agent on the device.
MAP enables the separation of enterprise and personal data on both managed and non-managed devices. Enterprises can now deploy secure employee-facing, customer-facing, and partner-facing apps without needing a footprint on the device itself.
The result is a self-defending app that protects corporate data without compromising user experience.
Device Security Framework
Mocana's Device Security Framework™ is an extensible software framework that secures all aspects of device data and enterprise communications, for any connected device. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. Device Security Framework also applies to Government regulations and many of Mocana's products, such as Mocana DSF for Android, NanoSSH, NanoSSL and NanoSec, feature FIPS validated cryptography.
The Device Security Framework includes device-resident security software as well as security capabilities delivered across the network. The device-resident software is embedded into devices at the time of manufacture and (optionally) interfaces with the operating system, the CPU, any available cryptographic accelerator and provides modular support for different open-standards-based device security protocols.
The Device Security Framework provides a common architecture for all of Mocana's solutions to carry out the following functions:
- Secure remote access to/for devices
- Secure data communications between devices
- Device identity management
- Leveraging multi-core processors and crypto accelerators
- Authentication of devices/applications to the network
- Secure support for wired and wireless networks
- Simplified key management
- Advanced connection handling
- Use of 3rd-party validated crypto libraries
NanoCert
NanoCert™ is specially designed for embedded device and consumer electronics manufacturers and their ISVs. It automates certificate management in devices and applications, and is available in carrier-grade editions that can scale to handle millions upon millions of wireless subscribers. NanoCert's client software requests certificates, renews them or pulls down revocation lists from most any certification authority (CA). NanoCert's certificate server software can act as CA's that issue and revoke certificates at scale and publish Certificate Revocation Lists (CRLs); or as Registration Authorities that register users and devices.
NanoCert uses the Simple Certificate Enrollment Protocol(SCEP), an evolution of the certificate enrollment protocol developed by Verisign and Cisco Systems, and extends the SCEP protocol by automating the formerly manual certificate management administrative tasks of registering end entities, revoking certificates, and publishing CRLs. NanoCert makes embedding certificate management on devices easy, fast, and reliable. Mocana NanoCert also supports OCSP, which enables applications to determine the revocation state and overall status of any certificate. It may be used to provide more timely revocation information than is possible with certificate revocation lists (CRLs) and may also be used to obtain additional status information.
A highly scalable edition of the product called NanoCert XL is also available. It is specifically designed for Enterprise and Carrier grade infrastructure devices such as VPN appliances, LTE equipment and WiMax access gateways. NanoCert XL enables developers to choose either SCEP or CMPv2 for device-to-device and subscriber authentication, for better compatibility across enterprise and 3GPP networks. NanoCert XL's LDAPv3 client implementation checks and retrieves certificates and CRLs from LDAP servers, and also determines revocation status in real-time via OCSP.
NanoCert uses a FIPS-compliant cryptographic library for key generation and all cryptographic operations. The product is available either in source code or as a FIPS 140-2 Level 1 certified binary.
NanoCrypto
Mocana NanoCrypto™ is a sophisticated, government-certified cryptographic engine built for difficult and resource-constrained embedded systems environments. Mocana's core cryptographic engine secures millions of devices from hundreds of technology manufactures worldwide. It is, quite simply, one of the smallest, fastest and most comprehensive cryptographic cores on the market.
With out-of-box support for over 35 operating systems, NanoCrypto enables device OEMs and ISVs to add sophisticated cryptographic security features to almost any type of device or application.
On platforms that support hardware offload of crypto jobs, NanoCrypto's low host CPU utilization extends battery life on handheld devices and remote sensors, while enabling even the most humble processors to use robust cryptographic techniques to protect sensitive information from disclosure and authenticate legitimate users, systems and data. NanoCrypto is written entirely in C, and assembly optimizations are available for several popular hardware platforms, including PowerQUICC, ARM, PowerPC, MIPS, Coldfire, H8S and x86. Best of all, it is highly portable and supports over 30 operating systems and RTOS's out of the box. You can even use it in environments without any OS at all. NanoCrypto enables sophisticated developers to work directly with cryptographic primitives to build confidentiality, integrity and authentication features directly into their devices.
NanoCrypto offers developers a rich selection of cryptographic technologies, methods including RSA and elliptic curve, symmetric algorithms such as 3DES and AES, message authentication, hashing and pseudorandom number generation. Best of all, FIPS 140-2 level 1 government certified NanoCrypto binaries are available for many popular platforms.
NanoDefender
Mocana's patent-pending new anti-malware product, NanoDefender ®, is a device-based application and firmware defense system that is designed to instantly detect and shut down malware or viruses before they have a chance to spread—and it does so while eliminating "false positives." NanoDefender is the latest addition to the Device Security Framework, Mocana's top-to-bottom architecture for planning, implementing and managing comprehensive device security across the enterprise.
In Mocana NanoDefender, every action an application takes is checked against a known "good behavior" model. Mocana NanoDefender maintains a database of behaviors and functions that are deemed "acceptable" for a given application, and if the function or behavior does not match the known "good behavior," the application is terminated and the security breach is logged.
Mocana NanoDefender provides protection to function flow and especially system calls. For example, if an attacker takes advantage of a buffer overflow in glob() in glibc and subsequently attempts to overwrite system configuration files with fwrite(), the attack would be stopped immediately by NanoDefender because glob() does not call fwrite() in normal operation.
NanoDefender is basically a set of tools and code designed to "harden" executable images against arbitrary code execution. When a new application is compiled, NanoDefender performs a static analysis of the code to determine the call flow of the executable. In other words, NanoDefender determines which functions call which functions, and which functions make which system calls. Later, at link time, the executable is instrumented to track function calls. Finally, at runtime, NanoDefender runtime code and the (now specially modified) OS together enforce the proper call flow.
NanoDTLS
DTLS provides endpoint authentication, protecting against eavesdropping, message forgery and interference over an unreliable transport (typically UDP). DTLS involves peer negotiation for cipher algorithm support, public key encryption-based key exchange, and certificate-based authentication.
Mocana's NanoDTLS is an open, standards-based, full featured, RFC compliant Embedded DTLS Client and Embedded DTLS Server that is easy to use. NanoDTLS is uniquely architected with an asynchronous core to fully leverage hardware acceleration, is portable and small footprint. It is ideally suited to securing voice and video.
NanoSec
NanoSec™ is Mocana's ultra-optimized, micro-footprint IPsec/IKE solution specifically designed to speed product development while providing best-in-class device security services for resource-constrained environments. And it is surprisingly affordable: your NanoSec total cost of ownership will usually be substantially less expensive than open source.
Mocana's NanoSec is an standards-based full featured and RFC-compliant IPsec toolkit. NanoSec is easy to use, uniquely architected with an asynchronous core to fully leverage hardware acceleration, is extremely portable and has an incredibly small memory footprint. It is ideally suited to securing voice, video and data communications. With NanoSec's integrated support for MOBIKE, the same security services can be extended to virtually any mobile device requiring VPN functionality.
NanoSSH
NanoSSH™ is Mocana's super-fast, super- small SSH client/server solution with support for X509.v3 Certificate based authentication and comes with RADIUS client, specifically designed to speed product development while providing best-in-class device security services for resource-constrained environments. NanoSSH is royalty-free and surprisingly affordable: the total cost of ownership is almost always less than that of open source. NanoSSH provides a holistic approach for securing networked devices and services, and is ideally suited for resource-constrained devices as well as high-traffic enterprise and federal environments where performance is critical. NanoSSH is open-standards-based, extensible, extremely small footprint, platform-agnostic and features an optional government-certified FIPS 140-2 level-1-validated crypto core. It even supports NSA Suite B crypto algorithms so your product can securely link civilian and classified government networks with a common cryptographic scheme.
Mocana's NanoSSH™ secures communications between devices, or between a devices and a back-end SSH management console (or SFTP server). The suite is a very small, very fast open standards-based solution that enables secure communications to any device on a network. The suite also includes a built-in client for RADIUS, aka Remote Authentication Dial In User Service. (RADIUS is often used in embedded devices in conjunction with SSH, because it eliminates the need to store sensitive user information (such as passwords) locally on the device itself.) RADIUS is a "triple-A" protocol used for network access and mobility applications. The RADIUS client inside NanoSSH enables SSH to authenticate users with a central server, and log their access to systems or services.
NanoSSL
NanoSSL can help defeat eavesdropping on wired or wireless connections and can be used to deliver secured software packages from and to authenticated endpoints. Traffic protected with NanoSSL is unreadable if intercepted, and difficult to redirect with consequence, since packet payloads cannot be deciphered. NanoSSL's cryptography is fully FIPS 140-2 validated and fully validated binaries are available for many popular platforms. Finally, NanoSSL can be usefully applied to secure many remote access use cases.
NanoSSL provides easy to use APIs for integration with applications like web servers and browsers. Its certificate management module allows it to fetch or renew SSL certificates, check the status of SSL certificates using CRLs or to query a Certificate Authority (CA) or certificate chain.
NanoSSL is Mocana's super fast, super small SSL/TLS solution specifically designed to speed product development while providing best-in-class device security services for resource-constrained environments. NanoSSL is open-standards based, extensible, extremely small footprint, platform-agnostic and includes an optional government-certified FIPS 140-2 level-1-validated crypto core. NanoSSL includes a full-featured key generator and certificate management client, and even supports Government Suite B crypto algorithms and the new RFC standard for TLS 1.2. Best of all it is surprisingly affordable: your NanoSSL total cost of ownership will be substantially less than that of open source.
NanoVoIP
Mocana's NanoVOIP Developers' Suite is a comprehensive security solution for application developers and device designers trying to build secure VOIP products. NanoVOIP contains all of the protocols, algorithms, standards specifications and tools you need to turn an average VOIP implementation into a fully secure, enterprise-class encrypted voice, video and data solution. Better yet, you don't need to be a security expert to build secure products with NanoVOIP: our simplified API and common cryptographic code base, along with tens of thousands of lines of sample code and professional development support hide the complexity of crypto, making it easy for your team to roll out a secure VOIP implementation, fast.
The NanoVOIP Developer's Suite consists of a specially selected set of Mocana's best-selling security components. The Suite comes with live-person engineering support that you can call on not just for product problems, but for development and implementation advice. The whole point of NanoVOIP is to help you finish your project faster, cheaper, and with better code quality than you ever thought possible.
NanoWireless
In NanoWireless™, Mocana delivers a standards-based, full featured security solution that device manufacturers and ISVs can use to build wireless connectivity agents (Wi-Fi supplicants) for different endpoints such as netbooks and laptops as well as embedded devices used in medical, industrial and smartgrid environments.
Networking device OEMs can use NanoWireless to build highly scalable security into endpoint termination devices such as enterprise wireline switches, wireless access points and Wi-MAX access service network(ASN) gateways. Our integrated RADIUS client allows thousands of endpoints to be authenticated simultaneously by communicating with RADIUS servers deployed throughout the network.
Device manufacturers and OEMs now have an off-the-shelf solution for integrating security into their designs. The cryptographic libraries included with NanoWireless carry a FIPS 140-2 level 1 government certification and offer full support for NSA's Suite B algorithms, letting you sell your devices into government and contractor accounts that were previously unavailable to commercial vendors.
Like all Mocana products, NanoWireless is easy to integrate and written in ANSI C, with out-of-the-box support for more than 1000 CPU/OS combinations. Its super- small footprint and unique asynchronous architecture allows you to leverage integrated crypto acceleration hardware available on many of today's popular CPU platforms.
DSF for Android
Mocana's Device Security Framework for Android is the latest release of our comprehensive developers security solution for Google's revolutionary open mobile platform.
Providing essential data security features will be paramount to Android's success. To move to new Android-based tablets and phones, enterprises and consumers are looking for six fundamental security features:
- Virtual Private Network clients to secure data communications between the device and corporate network
- FIPS validated crypto
- 802.11 wireless link encryption and authentication
- Secure voice-over-IP capabilities
- Encryption for data-at-rest and protection against identity theft or data loss
- Anti-jailbreaking protections
- Malware and virus protection
- Scalable and secure firmware updating and secure boot capabilities
- Robust certificate handling features to authenticate devices, network services, and individuals to each other
Android developers must balance security functionality, application performance and battery life effectively without introducing new security holes into the platform. Mocana's DSF for Android is the first and only open standards-based software package enabling developers to quickly and easily build the security features that enterprises and savvy consumers demand. It was designed in a modular framework, allowing developers to pick and use only what they need at the time, with the flexibility to add more functionality later.
Using DSF for Android, developers can quickly add much-needed firewall, VPN, and encryption features to Android handsets and tablets without compromising the performance, throughput or battery life of the platform.
VeloVPN Client
The Industry's Most Complete Mobile VPN Solution
VeloVPN™ Client is a complete, full-featured solution that allows OEMs to easily integrate VPN functionality into Android devices that need to establish encrypted tunnels of communication into critical business and enterprise resources.
Based on Mocana's award-winning NanoSec™ code base, which has been certified by the VPN, consortium (VPNC) for interoperability with all leading VPN gateway appliances and vendors, VeloVPN™ Client includes a fully configurable GUI with out-of-the-box support for the latest Android operating systems. VeloVPN™ Client employs a cross-platform implementation that allows OEMs to utilize a single cryptographic module across multiple Device Security Framework™ (DSF) products, such as NanoSec or VeloDAR, creating system-level efficiencies with size and performance.
Big VPN Functionality in a Very Small Package
VeloVPN™ Client fully supports all current IPSec/ IKE RFCs, and optional X.509 certificate provisioning via tight integration with Mocana's NanoCert™ solution. It includes an easy-to-use GUI that allows easy customization for private-label needs.
VeloVPN™ Client also integrates additional features such as automatic VPN initiation (based upon set configuration profile), handling multiple gateways, and supporting VPN and non-VPN traffic simultaneously (aka "split tunneling").
Easy to Use and Highly Configurable
- APIs: Allows for easy "private labeling"
- Modular design: Facilitates integration with headless (GUI-less) embedded devices
- Highly customizable: Connect securely to almost any commercial or open-source IPSec-based VPN server software or appliance
- Multi-purpose: Leverage single IPSec core support for both IMS 4G and VPN enterprise connectivity
- Highly efficient: Leverage a single cryptographic module for multiple security applications
Support Enterprise and Government Applications
- NSA Suite B Cryptography included
- FIPS 140-2 Level 1 certifiable cryptography module
Mobile OS Platforms Supported
- Android 2.0 - 2.3
- Android 3.x
- Android 4.0 (ICS)
VeloDAR Encryption
Mocana's VeloDAR Encryption™ is a highly optimized data-at-rest (DAR) encryption solution that leverages Mocana's government-certified (FIPS 140-2 Level 1) cryptographic module, NanoCrypto™. NanoCrypto™ is built for resource-constrained embedded systems environments, such as smartphones and tablets. VeloDAR Encryption™ is designed for Android device manufacturers, enabling encryption capabilities beyond what is natively available in the Android OS.
VeloDAR Encryption™ is the industry's most optimized DAR encryption solution for Android devices. The result is a high performing and efficient encryption solution with virtually zero performance penalties, such as reduction in battery life, speed of data accessing, and overall user experience. Furthermore, with the assurance that the encrypted data leverages a FIPS 140-2 Level 1 certifiable cryptography module, device manufacturers can be confident that their device will meet the stringent security needs of consumers, enterprises, and even government agencies.
Mocana's VeloDAR Encryption™ is a packaged solution that provides the full capabilities for data-at-rest encryption, with added benefits, such as a FIPS certifiable cryptography module, increased performance through an optional hardware offload, and the use of additional encryption algorithms.
For information about pricing and obtaining products or services, please contact Mocana directly.
Contact Information
For additional information, contact Mocana at:Mocana Corporation
350 Sansome Street, Suite 1010
San Francisco, CA 94104
USA
Phone: 866.213.1273
Toll Free: 415.617.0055
Fax: 415.617.0056
Web: http://mocana.com
Federal Sale Inquiries: fedsales@mocana.com
Sales Inquiries: sales@mocana.com
Partner Inquiries: partners@mocana.com
Analyst and Media Inquiries: pr@mocana.com
Product Support Inquiries: support@mocana.com
Career Inquiries: careers@mocana.com
For product questions or info please contact Mocana Sales at (415) 617-0055 or sales@mocana.com.