Identity and Access IDGo Secure Email (ISE) for Android Didier Bonnet November 2014
Mobile OS Market Share Evolution in Q2 2014
4
Operating System
2Q14 Shipment Volume
(Mu)
2Q14 Market Share
2Q13 Shipment Volume
(Mu)
2Q13 Market Share
2Q14/2Q13 Growth
Android 255.3 84.7% 191.5 79.6% 33.3%
iOS 35.2 11.7% 31.2 13.0% 12.7%
Windows Phone
7.4 2.5% 8.2 3.4% -9.4%
BlackBerry 1.5 0.5% 6.7 2.8% -78.0%
Others 1.9 0.6% 2.9 1.2% -32.2%
Total 301.3 100% 240.5 100% 25.3%
Source IDC Worldwide Quaterly Mobile Phone Tracker (August 2014)
5
Secure Elements Now and Future
MicroSD
UICC TEE
eSE
Badge via contact reader
As of today: 10 Million Gemalto smartcard active
users20 Million 3rd party smartcard active users
Next 2 years:Prototypes in progress
Badge via NFC
Semi-detached
credentials
Semi-detached
credentials
Embedded credentialsEmbedded credentials
Smart card on a stick
Badge via Bluetooth reader
Detached credentialsDetached
credentials
In 2 - 5 years:Next generation of handsets BYOD/ mobile desktop will increase needs for Secure Elements
Secure Element adoption
IDGo 800 Middleware and SDK
6
Other reader drivers
Other reader driversNFC driver NFC driver
PKI Crypto Layer API PKI Crypto Layer API
Test toolsTest tools
OTP APIOTP API
33rdrd party client applications party client applications33rdrd party client applications party client applicationsM
iddl
ewar
e
SD
K
IDPrime cards
TEE (*)
PC-SC like APIPC-SC like API
(*) OTG: On-The-Go = USB Master TEE: Trusted Execution Environment
USB OTG (*) driver
USB OTG (*) driver
Other Secure Elements
Other Secure Elements
Supported Readers and Tokens on Android
7
USB On-The-Go port (= USB Master )
orBlueTooth
USB Female – Micro USB adaptor or cable
BHXT and Feitian readers
USB tokens & IDBridge K3000
PC-Link readers
Micro USB cable
ISE Security Features
S/MIME email signature and encryption
Encryption algorithms: 3DES, AES256, RSA
Signature algorithms: MD5, SHA1, SHA256, SHA512, RSA
8 8
Gemalto middleware and Secure ElementsIDGo 800 for Android and associated readers: USB, NFC, BLE, µSDIDPrime MD, .NET and PIV PKI applets
SSL / TLS communication with the server
Other Features and Benefits
Microsoft Exchange ActiveSync (EAS) protocol
Synchronization with the native Android Contacts and Calendar
Email reception by push or periodical synchronization
Support of Global Address List (GAL)
Various PKI certificate managementsLocal validation with the Certification Authority (CA)
Validation with the EAS server or OCSP protocol
Certificates retrieved from validated emails, (multi) LDAP and EAS server
Revocation by Certificate Revocation List (CRL)
POP3, IMAP4 and SMTP email protocols for BYOD usage
Multi accounts, mailboxes and folders, combined mailbox
HTML or plain text email format
Group and Search email functions9 9
What is Exchange ActiveSync?
EAS is a communication protocol that synchronizes emails, calendars, contacts and tasks between email servers and mobile client applications
It also provides some Mobile Device Management (MDM) features and security policy controls
It is based on XML and HTTP(S) protocols
More details…
EAS is licensed by
Microsoft is the main provider of EAS compliant email servers
EAS is supported by Windows Phone, Android, iOS, BB, Gmail, Google Apps, Office 365, Lotus Notes
10
What is S/MIME?
Secure / Multipurpose Internet Mail Extensions Standard protocol based on X509 PKI certificatesDescribed by several specifications: RFC 3851, 5751, 5652Present version is S/MIME v3.2
Insures compatibility between the various email applications and servers
Main applications Outlook, Mozilla Thunderbird, MacOS Mail, Gmail, OWA
Main email server: Microsoft Exchange Active Sync (EAS)
11
S/MIME specifies the email Digital Signature and encryption / decryption
S/MIME Operations
12
The email is encrypted with the Recipient Public Key and signed with the Sender Private Key
The email is decrypted with the Recipient Private Key and the signature is verified with the Sender Public Key
ISE Roadmap
ISE for Android
V1.0
November 2014
V1.0
Version 1.0+ Initial version
Version 2.0 (to be confirmed) + Database encryption+ User authentication+ Android version L
Q1 2015
V2.0
September 2014