Identity and Access

IDGo Secure Email (ISE) for Android

Didier BonnetApril 2015

Emails are a Priority for Enterprises

2

Forrester, December 2011

Mobile Enterprise, December 2014

Main Requirements Addressed

3

Mobile OS Market Share Evolution in Q3 2014

4

Adoption of the OS by the Enterprises

Footer, 20xx-xx-xx5

Mobile Enterprise, December 2014

6

Secure Elements Now and Future

MicroSD

UICC TEE

eSE

Badge via contact reader

As of today: 10 Million Gemalto smartcard active

users20 Million 3rd party smartcard active users

Next 2 years:Prototypes in progress

Badge via NFC

Semi-detached

credentials

Semi-detached

credentials

Embedded credentialsEmbedded credentials

Smart card on a stick

Badge via Bluetooth reader

Detached credentialsDetached

credentials

In 2 - 5 years:Next generation of handsets BYOD/ mobile desktop will increase needs for Secure Elements

Secure Element adoption over the time

IDGo 800 Middleware and SDK

7

NFC driver NFC driver USB OTG (*) driver

USB OTG (*) driver

PKI Crypto Layer API PKI Crypto Layer API

Test toolsTest tools

OTP APIOTP API

33rdrd party client applications party client applications33rdrd party client applications party client applicationsM

iddl

ewar

e

SD

K

IDPrime Secure Elements

TEE (*)

PC-SC like APIPC-SC like API

(*) OTG: On-The-Go = USB Master TEE: Trusted Execution Environment

BlueTooth driver

BlueTooth driver

Other Secure Elements

Other Secure Elements

Other APIsOther APIs

Supported Readers and Tokens on Android

8

USB On-The-Go port (= USB Master )

orBlueTooth

USB Female – Micro USB adaptor or cable

BHXT and Feitian readers

USB tokens & IDBridge K3000

PC-Link readers

Micro USB cable

IDGo Secure Email

Native Email applications:Native Email clients are not designed with security in mind:

Emails and attached documents are in clear text

Encrypted or signed emails cannot be read User credentials can be easily discovered

IDGo Secure Email features: Encryption of emails and User credentials Digital signature Strong authentication of the user

12

Value Proposition

For enterprises and governments who want to secure their emails, IDGo Secure Email is a state-of-the-art application for Android that signs, encrypts and decrypts the professional emails based on Extended ActiveSync (EAS) and S/MIME protocols. Thanks to the IDGo 800 middleware, it addresses all the Gemalto hardware Secure Elements and benefits from their unequaled security level.

1010

For BYOD environments, IDGo Secure Email also manages the private emails following the standard public POP3, SMTP and IMAP4 protocols.

ISE Security Features

S/MIME email signature and encryption

Encryption algorithms: 3DES, AES256, RSA

Signature algorithms: MD5, SHA1, SHA256, SHA512, RSA

11 11

Gemalto middleware and Secure ElementsIDGo 800 for Android and associated readers: USB, NFC, BLE, µSDIDPrime MD, .NET and PIV PKI applets

SSL / TLS communication with the server

More Features and Benefits

Microsoft Exchange ActiveSync (EAS) protocol

Synchronization of Contacts and Calendar

Push or periodical email synchronization, SSL / TLS communication

Compliant with Outlook, Thunderbird and other standard email apps

S/MIME email signature and encryption

Crypto algorithms: 3DES, AES256, RSA, MD5, SHA1, SHA256, SHA512

PKI certificates managementLocal validation with the CA, revocation by CRL

Certificates retrieved from validated emails, (multi) LDAP and EAS server

POP3, IMAP4 and SMTP email protocols for BYOD usage

Multi accounts, mailboxes and folders, combined mailbox

HTML or plain text email format, Group and Search emails, Remote Wipe, Root detection

12 12

What is Exchange ActiveSync?

EAS is a communication protocol that synchronizes emails, calendars, contacts and tasks between email servers and mobile client applications

It also provides some Mobile Device Management (MDM) features and security policy controls

It is based on XML and HTTP(S) protocols

More details…

EAS is licensed by

Microsoft is the main provider of EAS compliant email servers

EAS is supported by Windows Phone, Android, iOS, BB, Gmail, Google Apps, Office 365, Lotus Notes

13

What is S/MIME?

Secure / Multipurpose Internet Mail Extensions Standard protocol based on X509 PKI certificatesDescribed by several specifications: RFC 3851, 5751, 5652Present version is S/MIME v3.2

Insures compatibility between the various email applications and servers

Main applications Outlook, Mozilla Thunderbird, MacOS Mail, Gmail, OWA

Main email server: Microsoft Exchange Active Sync (EAS)

14

S/MIME specifies the email Digital Signature and encryption / decryption

S/MIME Signature more details

15

Note: The signed emails can be sent in clear or opaque (base64 encoded) format. Opaque format prevents the risk of wrong signature verification due to some automatic conversion of the text, but requires a S/MIME compliant email app.

S/MIME Encryption and Decryption more details

16

Basic Operations

17

Email edition

Input mailbox

Wide Settings Capabilities

18

More details on our webpage

19

Thank you!