identity and access idgo secure email (ise) for android didier bonnet april 2015
TRANSCRIPT
Identity and Access
IDGo Secure Email (ISE) for Android
Didier BonnetApril 2015
Emails are a Priority for Enterprises
2
Forrester, December 2011
Mobile Enterprise, December 2014
Main Requirements Addressed
3
Mobile OS Market Share Evolution in Q3 2014
4
Adoption of the OS by the Enterprises
Footer, 20xx-xx-xx5
Mobile Enterprise, December 2014
6
Secure Elements Now and Future
MicroSD
UICC TEE
eSE
Badge via contact reader
As of today: 10 Million Gemalto smartcard active
users20 Million 3rd party smartcard active users
Next 2 years:Prototypes in progress
Badge via NFC
Semi-detached
credentials
Semi-detached
credentials
Embedded credentialsEmbedded credentials
Smart card on a stick
Badge via Bluetooth reader
Detached credentialsDetached
credentials
In 2 - 5 years:Next generation of handsets BYOD/ mobile desktop will increase needs for Secure Elements
Secure Element adoption over the time
IDGo 800 Middleware and SDK
7
NFC driver NFC driver USB OTG (*) driver
USB OTG (*) driver
PKI Crypto Layer API PKI Crypto Layer API
Test toolsTest tools
OTP APIOTP API
33rdrd party client applications party client applications33rdrd party client applications party client applicationsM
iddl
ewar
e
SD
K
IDPrime Secure Elements
TEE (*)
PC-SC like APIPC-SC like API
(*) OTG: On-The-Go = USB Master TEE: Trusted Execution Environment
BlueTooth driver
BlueTooth driver
Other Secure Elements
Other Secure Elements
Other APIsOther APIs
Supported Readers and Tokens on Android
8
USB On-The-Go port (= USB Master )
orBlueTooth
USB Female – Micro USB adaptor or cable
BHXT and Feitian readers
USB tokens & IDBridge K3000
PC-Link readers
Micro USB cable
IDGo Secure Email
Native Email applications:Native Email clients are not designed with security in mind:
Emails and attached documents are in clear text
Encrypted or signed emails cannot be read User credentials can be easily discovered
IDGo Secure Email features: Encryption of emails and User credentials Digital signature Strong authentication of the user
12
Value Proposition
For enterprises and governments who want to secure their emails, IDGo Secure Email is a state-of-the-art application for Android that signs, encrypts and decrypts the professional emails based on Extended ActiveSync (EAS) and S/MIME protocols. Thanks to the IDGo 800 middleware, it addresses all the Gemalto hardware Secure Elements and benefits from their unequaled security level.
1010
For BYOD environments, IDGo Secure Email also manages the private emails following the standard public POP3, SMTP and IMAP4 protocols.
ISE Security Features
S/MIME email signature and encryption
Encryption algorithms: 3DES, AES256, RSA
Signature algorithms: MD5, SHA1, SHA256, SHA512, RSA
11 11
Gemalto middleware and Secure ElementsIDGo 800 for Android and associated readers: USB, NFC, BLE, µSDIDPrime MD, .NET and PIV PKI applets
SSL / TLS communication with the server
More Features and Benefits
Microsoft Exchange ActiveSync (EAS) protocol
Synchronization of Contacts and Calendar
Push or periodical email synchronization, SSL / TLS communication
Compliant with Outlook, Thunderbird and other standard email apps
S/MIME email signature and encryption
Crypto algorithms: 3DES, AES256, RSA, MD5, SHA1, SHA256, SHA512
PKI certificates managementLocal validation with the CA, revocation by CRL
Certificates retrieved from validated emails, (multi) LDAP and EAS server
POP3, IMAP4 and SMTP email protocols for BYOD usage
Multi accounts, mailboxes and folders, combined mailbox
HTML or plain text email format, Group and Search emails, Remote Wipe, Root detection
12 12
What is Exchange ActiveSync?
EAS is a communication protocol that synchronizes emails, calendars, contacts and tasks between email servers and mobile client applications
It also provides some Mobile Device Management (MDM) features and security policy controls
It is based on XML and HTTP(S) protocols
More details…
EAS is licensed by
Microsoft is the main provider of EAS compliant email servers
EAS is supported by Windows Phone, Android, iOS, BB, Gmail, Google Apps, Office 365, Lotus Notes
13
What is S/MIME?
Secure / Multipurpose Internet Mail Extensions Standard protocol based on X509 PKI certificatesDescribed by several specifications: RFC 3851, 5751, 5652Present version is S/MIME v3.2
Insures compatibility between the various email applications and servers
Main applications Outlook, Mozilla Thunderbird, MacOS Mail, Gmail, OWA
Main email server: Microsoft Exchange Active Sync (EAS)
14
S/MIME specifies the email Digital Signature and encryption / decryption
S/MIME Signature more details
15
Note: The signed emails can be sent in clear or opaque (base64 encoded) format. Opaque format prevents the risk of wrong signature verification due to some automatic conversion of the text, but requires a S/MIME compliant email app.
S/MIME Encryption and Decryption more details
16
Basic Operations
17
Email edition
Input mailbox
Wide Settings Capabilities
18
More details on our webpage
19
Thank you!