Presentation is loading. Please wait.

Presentation is loading. Please wait.

TDL Sprint Trustworthy Mobile Devices: Token based MDM for Native Application Policy Enforcement 2014 – 03 CRYPTAS, NEC Laboratories Europe Stefan Bumerl.

Published byMyron Tate Modified over 9 years ago

Similar presentations

Presentation on theme: "TDL Sprint Trustworthy Mobile Devices: Token based MDM for Native Application Policy Enforcement 2014 – 03 CRYPTAS, NEC Laboratories Europe Stefan Bumerl."— Presentation transcript:

1 TDL Sprint Trustworthy Mobile Devices: Token based MDM for Native Application Policy Enforcement 2014 – 03 CRYPTAS, NEC Laboratories Europe Stefan Bumerl

2 Description of Sprint: Why at all? (high-level) CRYPTAS it-Security GmbH / cryptas.com / cohors.net / cryons.com / cryptoshop.com/ 2 © 2014 CRYPTAS it-Security GmbH / Franzosengraben 8 / 1030 Wien / Austria / T +43 (1) 35553-0 / F +43 (1) 35553-990 / E info@cryptas.com ⁄ Sprint cooperation of NEC and CRYPTAS ⁄ Increasing demand of secured applications in BYOD scenarios _ Many different applications -> since a trusted mobile-device-independent anchor is required: encapsulated container solutions not always feasible _ Different policies for applications, potentially depending on different criteria ⁄ Need for certificate based security _ Existing solutions often PW based _ Continuous integration of tokens _ Secure element personalization often not possible _ Use of NFC and microSD ⁄ Combining technology _ Device application modification and MDM with policy management _ CAVE clientless solution with TicTok tokens via NFC ⁄ Collecting and implementing user requirements ⁄ Demo for interaction of trusted stack mechanisms and eID federation

3 Technology description: What is inside? (low-level) CRYPTAS it-Security GmbH / cryptas.com / cohors.net / cryons.com / cryptoshop.com/ 3 © 2014 CRYPTAS it-Security GmbH / Franzosengraben 8 / 1030 Wien / Austria / T +43 (1) 35553-0 / F +43 (1) 35553-990 / E info@cryptas.com In-Device Modification of Application- Code Mobile Device Management: Enterprise SaaS Privately managed MDM Trusted Hardware Anchor: Unique ID Trusted Comm. Channels Trusted Signatures Trustworthy Mobile Devices: Token based MDM for Native Application Policy Enforcement Sprint 2 2 1 1 3 3

4 NEC Application Container – 1 „Enforcing Policies“ CRYPTAS it-Security GmbH / cryptas.com / cohors.net / cryons.com / cryptoshop.com/ 4 © 2014 CRYPTAS it-Security GmbH / Franzosengraben 8 / 1030 Wien / Austria / T +43 (1) 35553-0 / F +43 (1) 35553-990 / E info@cryptas.com /NLE provides a Secure Application Container that is capable of enforcing enterprise-defined policies to every installed non-system-App on the end-users mobile device. / It runs together with the “BYOD Management & User Notification“ component and adds Policy Enforcement Points (PEPs) to each target application during the rewriting process. / All user-interaction is done through the “BYOD Management & User Notification“ App. App APP- REWRITING Secure App Container App PEP

5 NEC Application Container – 2 „Manipulating Mobile Devices“ & MDM CRYPTAS it-Security GmbH / cryptas.com / cohors.net / cryons.com / cryptoshop.com/ 5 © 2014 CRYPTAS it-Security GmbH / Franzosengraben 8 / 1030 Wien / Austria / T +43 (1) 35553-0 / F +43 (1) 35553-990 / E info@cryptas.com Policy Decision Point (PDP) Policy Decision Point (PDP) App PEP BYOD Management App App PEP App PEP Check Policy Provide Policies Modify and Enforce Modify and Enforce Mobile Device Secure Hardware Anchor MDM Backend VPN MDM Web-Interface Add/ Delete/ Modify Policies External Partner VPN Add/ Delete/ Modify PEPs Trusted Environment (e.g., Enterprise) VPN Internet API

6 © 2014 CRYPTAS it-Security GmbH / Franzosengraben 8 / 1030 Wien / Austria / T +43 (1) 35553-0 / F +43 (1) 35553-990 / E info@cryptas.com Secure eID – „clientless“ CAVE. CRYPTAS it-Security GmbH / cryptas.com / cohors.net / cryons.com / cryptoshop.com/ 6

7 © 2014 CRYPTAS it-Security GmbH / Franzosengraben 8 / 1030 Wien / Austria / T +43 (1) 35553-0 / F +43 (1) 35553-990 / E info@cryptas.com CAVE - Features CRYPTAS it-Security GmbH / cryptas.com / cohors.net / cryons.com / cryptoshop.com/ 7 ⁄ Card access without the need of any middleware on the client ⁄ Increasing security as direct secure channel between secure environment and the card is established ⁄ Reducing the TCO _ No extra support for different client platforms _ No influence of different middlewares in multi card environments _ No dependency of client configurations (applications, firewalls, antivirus..) _ No client side updates, enhancements are immediately for all available ⁄ Enabling server side virtual cards _ Can be uses for replacement actions (e.g. forgotten cards) _ Especially in combination with other supported strong authentication mechanisms (SMS – OTP,..) ⁄ CAVE – API _ For non browser based applications _ For deeper application integration requirements (mobile Apps) ⁄ Integration in federated environment ⁄ Multiple simultaneous card support

8 © 2014 CRYPTAS it-Security GmbH / Franzosengraben 8 / 1030 Wien / Austria / T +43 (1) 35553-0 / F +43 (1) 35553-990 / E info@cryptas.com TicTok - „One Card fits it all…“. CRYPTAS it-Security GmbH / cryptas.com / cohors.net / cryons.com / cryptoshop.com/ 8 Private PKI e.g. domain logon, VPN, OWA,.... Federated PKI Identity Provider / Digital Signature Alternative Authentication One-Time-Password Generator Add-On-Applications e.g. EmergencyApp, Ticket-Store, … RFID-Emulation e.g. Mifare, NFC, Legic “Card-In-Card”… Contact Interface ISO 7816 based for standard readers Contactless Interface ISO 14443 based for NFC, PACS,… Cost efficient Existing environment Reliability Mobile Environments Fast Transactions NFC Compatibility

9 © 2014 CRYPTAS it-Security GmbH / Franzosengraben 8 / 1030 Wien / Austria / T +43 (1) 35553-0 / F +43 (1) 35553-990 / E info@cryptas.com TicTok - Specifiaction CRYPTAS it-Security GmbH / cryptas.com / cohors.net / cryons.com / cryptoshop.com/ 9 ⁄ Java Card / GlobalPlatform powered secure microcontroller ⁄ CommonCriteria and FIPS certified configurations ⁄ ISO 7816 contact interface ⁄ ISO 14443 Type B contactless interface _ Enabling NFC applications ⁄ Cryptographic functions: _ DES, 3DES, AES, _ RSA, ECC _ SHA-1, SHA-224, -256, -384 und -512 ⁄ Biometric Match-On-Card Application (optional) ⁄ Windows 7 Plug-n-play ⁄ Support for card and credential management systems

10 User Experience: What does the user expect from us? CRYPTAS it-Security GmbH / cryptas.com / cohors.net / cryons.com / cryptoshop.com/ 10 © 2014 CRYPTAS it-Security GmbH / Franzosengraben 8 / 1030 Wien / Austria / T +43 (1) 35553-0 / F +43 (1) 35553-990 / E info@cryptas.com Easy to manage Mobile Device Management (MDM) interface, offering easy integration of devices associated to users. Easy to use user- application, managing all modified applicaitons. Running on Android-OS. Every User has his own and unique Smardcard, providing policies and secure channels.

11 © 2014 CRYPTAS it-Security GmbH / Franzosengraben 8 / 1030 Wien / Austria / T +43 (1) 35553-0 / F +43 (1) 35553-990 / E info@cryptas.com Benefits / Impact: Identities + Mobile Devices everywhere! CRYPTAS it-Security GmbH / cryptas.com / cohors.net / cryons.com / cryptoshop.com/ 11 /Enterprise customers > 250Emp. *Statistik Austria 2007 _Total ~1.000 companies in total 890.000 employees _Banks and Insurances: 61 with in total 70.000 employees _Energy and utility: 27 with in total 22.000 employees _Manufacturers: 459 with in total 292.000 employees · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · /Health sector *Gesundheitsministerium 2010 _Hospitals: in total 102.400 health professionals excluding management (21.000 doctors, 53.000 nurses, 13.800 ambulance, 13.300 MTA, 1.300 midwives) _Social insurances: in total 26.700 employees _GDA (support organizations, rescue services, geriatric centers..)  100.000 est. · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · ·· /Academia *Statistik Austria 2010 _273.000 students at public universities _37.000 students at colleges _6.000 students at private universities (+ 16.000 rest) · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · /Loyalty programs _Regional customer retention (NÖ-Card, Kärnten-Card…) _Discount cards (Retailer, clubs…) _Member cards (ÖAMTC, AK, WKO,…) · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · Class 4 “Secure”  Qualified Digital Signature legally binding secure personal registration assurance according signature law Class 3 “Standard”  Trusted eID e.g. WPV, enterprise, health formal registration, federated trust, limited liabiltity Class 2 “Entry”  Multi app. systems e.g. eTicket, universities… deployment on base of existing and accepted data bases Class 1 “Loyalty”  Marketing e.g. Customer retention simple registration, post delivery, plausibility, existing customer

12 Scheduling of the Sprint CRYPTAS it-Security GmbH / cryptas.com / cohors.net / cryons.com / cryptoshop.com/ 12 © 2014 CRYPTAS it-Security GmbH / Franzosengraben 8 / 1030 Wien / Austria / T +43 (1) 35553-0 / F +43 (1) 35553-990 / E info@cryptas.com First Demo: At TDL Event – beginning of April 2014 Second Demo: At trial users – end of April 2014 Solution adaptation: Together with users, implementing user wishes, solution customization – until end of July 2014 Quality control and user survey – until end of August 2014 NOW End Apr.End Aug. End Jul.

13 Sprint requirements: CRYPTAS it-Security GmbH / cryptas.com / cohors.net / cryons.com / cryptoshop.com/ 13 © 2014 CRYPTAS it-Security GmbH / Franzosengraben 8 / 1030 Wien / Austria / T +43 (1) 35553-0 / F +43 (1) 35553-990 / E info@cryptas.com For a successful TDL Sprint, the following requirements have to be fulfilled: ⁄ Initial Version of „CAVE API“ present (CRYPTAS) ⁄ Initial Version of „Application Container“ present (NEC) ⁄ Fully functional microSD / NFC Smardcards (CRYPTAS) ⁄ Provision of MDM Server-Backend ⁄ Interested End-Users need to be contacted ⁄ Adaptation of Smartcard OS / Software (CRYPTAS) ⁄ Adaptation of Application Container (NEC)

Download ppt "TDL Sprint Trustworthy Mobile Devices: Token based MDM for Native Application Policy Enforcement 2014 – 03 CRYPTAS, NEC Laboratories Europe Stefan Bumerl."

Similar presentations

HiPath SIcurity Card Manager Smartcard Management and Personalization System Sales Presentation.

HiPath SIcurity Card Manager Smartcard Management and Personalization System Sales Presentation.
Mobile Devices in the DoD

Mobile Devices in the DoD
McAfee One Time Password

McAfee One Time Password
3SKey 3SKey.

3SKey 3SKey.
Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
Thanks to Microsoft Azure’s Scalability, BA Minds Delivers a Cost-Effective CRM Solution to Small and Medium-Sized Enterprises in Latin America MICROSOFT.

Thanks to Microsoft Azure’s Scalability, BA Minds Delivers a Cost-Effective CRM Solution to Small and Medium-Sized Enterprises in Latin America MICROSOFT.
OTP – SMS Two-Factor Authentication. TABLE OF CONTENTS Introduction3 OTP – SMS Two-Factor Authentication5 Technical Overview9 Features10 Benefits11 About.

OTP – SMS Two-Factor Authentication. TABLE OF CONTENTS Introduction3 OTP – SMS Two-Factor Authentication5 Technical Overview9 Features10 Benefits11 About.
Oracle IDM at First National Bank

Oracle IDM at First National Bank
Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards

Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards
A l a d d i n. c o m eToken NG-OTP Combined PKI - OTP Authentication Solution November, 2008.

A l a d d i n. c o m eToken NG-OTP Combined PKI - OTP Authentication Solution November, 2008.
Public Key Infrastructure (PKI) Hosting Services.

Public Key Infrastructure (PKI) Hosting Services.
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
EToken PRO Anywhere. Agenda  eToken PRO Anywhere Overview  Market background and target markets  Identifying the opportunity  Implementation and Pricing.

EToken PRO Anywhere. Agenda  eToken PRO Anywhere Overview  Market background and target markets  Identifying the opportunity  Implementation and Pricing.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.

Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.
Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
Gemplus and OSGI Benjamin Maury 10.23.03. Gemplus Introduction  World Leader for Smart Card Solutions  Smart Solutions in Telecommunications  Beyond.

Gemplus and OSGI Benjamin Maury Gemplus Introduction  World Leader for Smart Card Solutions  Smart Solutions in Telecommunications  Beyond.
15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.

15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.
Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.
Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI

Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI

Similar presentations

Ads by Google