Transcript PowerPoint-presentation

Identity and Access
IDGo Secure Email (ISE) for Android
Didier Bonnet
April 2015
Emails are a Priority for Enterprises
Forrester, December 2011
Mobile Enterprise, December 2014
2
Main Requirements Addressed
BYOD
Mobility
Security
Standard
3
•Same mobile device for professional and private usages
•Access to emails anywhere, anytime
•Mobile devices are more exposed than PCs
•Compatibility with existing email servers and Outlook
Mobile OS Market Share Evolution in Q3 2014
4
Adoption of the OS by the Enterprises
Mobile Enterprise, December 2014
5
Footer, 20xx-xx-xx
Secure Elements Now and Future
Semidetached
credentials
Detached
credentials
Smart card
on a stick
Embedded
credentials
MicroSD
eSE
Badge via
NFC
UICC
TEE
Badge via
contact reader
Badge via
Bluetooth reader
As of today:
10 Million Gemalto smartcard active users
20 Million 3rd party smartcard active users
6
Next 2 years:
Prototypes in
progress
In 2 - 5 years:
Next generation of
handsets BYOD/
mobile desktop will
increase needs for
Secure Elements
IDGo 800 Middleware and SDK
3rd party client applications
Test tools
Middleware
Other APIs
SDK
PKI Crypto Layer API
OTP API
PC-SC like API
BlueTooth
driver
USB OTG (*)
driver
NFC driver
Other Secure
Elements
TEE (*)
IDPrime Secure Elements
7
(*) OTG: On-The-Go = USB Master
TEE: Trusted Execution Environment
Supported Readers and Tokens on Android
PC-Link readers
USB Female – Micro USB
adaptor or cable
USB tokens & IDBridge K3000
Micro USB cable
8
BHXT and Feitian readers
USB On-The-Go port
(= USB Master )
or
BlueTooth
IDGo Secure Email
Native Email applications:
Native Email clients are not designed with security
in mind:
 Emails and attached documents are in
clear text
 Encrypted or signed emails cannot be read
 User credentials can be easily discovered
IDGo Secure Email features:
 Encryption of emails and User credentials
 Digital signature
 Strong authentication of the user
12
Value Proposition
For enterprises and governments who
want to secure their emails, IDGo
Secure Email is a state-of-the-art
application for Android that signs,
encrypts and decrypts the professional
emails based on Extended ActiveSync
(EAS) and S/MIME protocols. Thanks to
the IDGo 800 middleware, it addresses
all the Gemalto hardware Secure
Elements and benefits from their
unequaled security level.
For BYOD environments, IDGo Secure Email also
manages the private emails following the standard public
POP3, SMTP and IMAP4 protocols.
10
10
ISE Security Features
S/MIME email signature and encryption
Encryption algorithms: 3DES, AES256, RSA
Signature algorithms: MD5, SHA1, SHA256,
SHA512, RSA
Gemalto middleware and Secure Elements
IDGo 800 for Android and associated readers: USB, NFC, BLE, µSD
IDPrime MD, .NET and PIV PKI applets
SSL / TLS communication with the server
11
11
More Features and Benefits
Microsoft Exchange ActiveSync (EAS) protocol
Synchronization of Contacts and Calendar
Push or periodical email synchronization, SSL / TLS communication
Compliant with Outlook, Thunderbird and other standard email apps
S/MIME email signature and encryption
Crypto algorithms: 3DES, AES256, RSA, MD5, SHA1, SHA256, SHA512
PKI certificates management
Local validation with the CA, revocation by CRL
Certificates retrieved from validated emails, (multi) LDAP and EAS server
POP3, IMAP4 and SMTP email protocols for BYOD usage
Multi accounts, mailboxes and folders, combined mailbox
HTML or plain text email format, Group and Search emails, Remote Wipe,
Root detection
12
12
What is Exchange ActiveSync?
EAS is a communication protocol that synchronizes emails,
calendars, contacts and tasks between email servers and
mobile client applications
It also provides some Mobile Device Management (MDM) features and
security policy controls
It is based on XML and HTTP(S) protocols
More details…
EAS is licensed by
Microsoft is the main provider of EAS compliant email servers
EAS is supported by Windows Phone, Android, iOS, BB, Gmail, Google
Apps, Office 365, Lotus Notes
13
What is S/MIME?
S/MIME specifies the email Digital
Signature and encryption / decryption
Secure / Multipurpose Internet Mail Extensions
Standard protocol based on X509 PKI certificates
Described by several specifications: RFC 3851, 5751, 5652
Present version is S/MIME v3.2
Insures compatibility between the various email applications
and servers
Main applications Outlook, Mozilla Thunderbird, MacOS Mail, Gmail,
OWA
Main email server: Microsoft Exchange Active Sync (EAS)
14
S/MIME Signature
more details
Note: The signed emails can be sent in clear or opaque (base64 encoded) format.
Opaque format prevents the risk of wrong signature verification due to some
15
automatic conversion of the text, but requires a S/MIME compliant email app.
S/MIME Encryption and Decryption
16
more details
Basic Operations
Input
mailbox
Email
edition
17
Wide Settings Capabilities
18
More details on our webpage
19
Thank you!