Identity and Access IDGo Secure (ISE) for Android Didier Bonnet November 2014
s are a Priority for Enterprises 2 Forrester, December 2011
Main Requirements Addressed 3 BYOD Same mobile device for professional and private usages Mobility Access to s anywhere, anytime Security Mobile devices are more exposed than PCs
Mobile OS Market Share Evolution in Q Operating System 2Q14 Shipment Volume (Mu) 2Q14 Market Share 2Q13 Shipment Volume (Mu) 2Q13 Market Share 2Q14/2Q13 Growth Android % %33.3% iOS % %12.7% Windows Phone %8.23.4%-9.4% BlackBerry1.50.5%6.72.8%-78.0% Others1.90.6%2.91.2%-32.2% Total % %25.3% Source IDC Worldwide Quaterly Mobile Phone Tracker (August 2014)IDC Worldwide Quaterly Mobile Phone Tracker
5 Secure Elements Now and Future MicroSD UICC TEE eSE Badge via contact reader As of today: 10 Million Gemalto smartcard active users 20 Million 3 rd party smartcard active users Next 2 years: Prototypes in progress Badge via NFC Semi- detached credentials Embedded credentials Smart card on a stick Badge via Bluetooth reader Detached credentials In years: Next generation of handsets BYOD/ mobile desktop will increase needs for Secure Elements Secure Element adoption
IDGo 800 Middleware and SDK 6 Other reader drivers NFC driver PKI Crypto Layer API Test tools OTP API 3 rd party client applications Middleware SDK IDPrime cards TEE (*) PC-SC like API (*) OTG: On-The-Go = USB Master TEE: Trusted Execution Environment USB OTG (*) driver Other Secure Elements
Supported Readers and Tokens on Android 7 USB On-The-Go port (= USB Master ) or BlueTooth USB Female – Micro USB adaptor or cable BHXT and Feitian readers USB tokens & IDBridge K3000 PC-Link readers Micro USB cable
ISE Security Features S/MIME signature and encryption Encryption algorithms: 3DES, AES256, RSA Signature algorithms: MD5, SHA1, SHA256, SHA512, RSA 8 8 Gemalto middleware and Secure Elements IDGo 800 for Android and associated readers: USB, NFC, BLE, µSD IDPrime MD,.NET and PIV PKI applets SSL / TLS communication with the server
Other Features and Benefits Microsoft Exchange ActiveSync (EAS) protocol Synchronization with the native Android Contacts and Calendar reception by push or periodical synchronization Support of Global Address List (GAL) Various PKI certificate managements Local validation with the Certification Authority (CA) Validation with the EAS server or OCSP protocol Certificates retrieved from validated s, (multi) LDAP and EAS server Revocation by Certificate Revocation List (CRL) POP3, IMAP4 and SMTP protocols for BYOD usage Multi accounts, mailboxes and folders, combined mailbox HTML or plain text format Group and Search functions 9 9
What is Exchange ActiveSync? EASEAS is a communication protocol that synchronizes s, calendars, contacts and tasks between servers and mobile client applications It also provides some Mobile Device Management (MDM) features and security policy controls It is based on XML and HTTP(S) protocols More details… EAS is licensed by Microsoft is the main provider of EAS compliant servers EAS is supported by Windows Phone, Android, iOS, BB, Gmail, Google Apps, Office 365, Lotus Notes 10
What is S/MIME? Secure / Multipurpose Internet Mail Extensions Standard protocol based on X509 PKI certificates Described by several specifications: RFC 3851, 5751, 5652 Present version is S/MIME v3.2 Insures compatibility between the various applications and servers Main applications Outlook, Mozilla Thunderbird, MacOS Mail, Gmail, OWA Main server: Microsoft Exchange Active Sync (EAS) 11 S/MIME specifies the Digital Signature and encryption / decryption
S/MIMES/MIME Operations 12 The is encrypted with the Recipient Public Key and signed with the Sender Private Key The is decrypted with the Recipient Private Key and the signature is verified with the Sender Public Key
Basic Operations 13 edition Input mailbox
Wide Settings Capabilities 14
ISE Roadmap ISE for Android V1.0 November 2014 V1.0 Version Initial version Version 2.0 (to be confirmed) + Database encryption + User authentication + Android version L Q V2.0 September 2014
Thank you!