Validation continuity that began with AES Certificate #1 in 2002 now spans every generation of the FIPS standard — at a moment when the endpoint, not the cloud, is becoming the foundation of online identity
TORONTO, May 5, 2026 /PRNewswire/ -- WinMagic Corp. today announced FIPS 140-3 validation for its SecureDoc and MagicEndpoint cryptographic modules (CMVP Certificates #5204 and #5214). The validation extends an unbroken 24-year record across all three generations of the FIPS standard — an engineering continuity that is, on its own, the longest in the full-disk encryption industry. It also arrives at a moment when that record matters in a new way: as passkeys, hardware-bound keys, and Zero Trust extend identity verification to the endpoint itself, the cryptographic integrity of the endpoint is becoming the foundation of online access, not just a requirement for data at rest.
Twenty-Four Years of Continuous Cryptographic Validation
WinMagic's FIPS 140-3 certification extends an unbroken record that began in 2000:
Why This Validation Matters Differently in 2026
For most of the FIPS standard's history, the question it answered was narrow: is the cryptography that protects data at rest mathematically sound and correctly implemented? That is still the question. But passkeys, hardware-bound credentials, and continuous endpoint attestation have widened what depends on the answer.
When the endpoint generates identity-bearing keys in a TPM, asserts user presence on behalf of a remote service, and continuously attests to its own posture, the cryptographic integrity of the endpoint is no longer adjacent to identity — it is identity. An endpoint that cannot prove boot integrity, cannot protect its key material, or cannot maintain verified state is not qualified to authenticate anything. FIPS 140-3, with TPM 2.0 and continuous attestation, is what "endpoint as trust anchor" looks like under the hood.
We've held FIPS validation continuously since 2002 because cryptographic rigor is an engineering discipline, not a marketing claim. The discipline mattered for data at rest. It matters more now. Passkeys, Live Key, and every hardware-bound identity scheme rest on the same assumption: that the device generating the key, protecting the key, and asserting identity is cryptographically sound. As identity moves to the endpoint, that assumption stops being adjacent to compliance and starts being the whole game.
— Thi Nguyen-Huu, Founder & CEO, WinMagic Corp.
Where the Validation Applies
Beyond Certification: Active Standards Work
WinMagic's engineering posture extends beyond product certification. The company is currently engaged with the standards bodies whose work will shape the next decade of identity architecture:
What mTLS, TPM, and passkeys started, the standards work completes — embedding identity in the secure channel itself, so there is no token to steal and no session to hijack.
— Thi Nguyen-Huu
About WinMagic
Founded in 1997 in Mississauga, Ontario, WinMagic Corp. has spent twenty-nine years advancing endpoint security and cryptographic identity. The SecureDoc platform protects endpoints in critical environments worldwide, including DOE national laboratories, defense contractors, Fortune 500 enterprises, and government agencies. MagicEndpoint extends the same hardware-anchored trust model into online authentication. WinMagic holds the industry's longest continuous record of cryptographic validation — AES Certificate #1 (2002), Common Criteria (2000, first FDE solution), FIPS 140-1 (2002), FIPS 140-2 Levels 1 and 2 (2006, first FDE solution), through FIPS 140-3 (2026).
Media Contact
WinMagic Corp.
Email: press@winmagic.com
Web: www.winmagic.com