SECUREPIM S RANGE OF FUNCTIONS 1. SecurePIM features and architecture

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "SECUREPIM S RANGE OF FUNCTIONS 1. SecurePIM features and architecture"

Transcription

1 SECUREPIM S RANGE OF FUNCTIONS SecurePIM features and architecture

2 SECUREPIM S RANGE OF FUNCTIONS Contents VERSION 2.2 I VERSION: 2/2/3. SecurePIM s range of functions 3. Dashboard 4.2 Secure Mailer 6.3 Secure Contacts 8.4 Secure Calendar 9.5 Secure Browser.6 Secure Docs 2. Overview of the system architecture 2 3. Protection of enterprise data 3 3. Encryption with a private key Separation of business and personal data User authentication Cryptographic methods Interfaces and secure communications 5 4. Microsoft Exchange integration 6 4. Exchange Server integration via ActiveSync S/MIME implementation encryption decryption 7 5. Support for smart-card readers 8 5. Maximum smart-card security the card is always inserted Smart-card security the card is inserted to run the app High security encryption via a personal certificate in the container Setting the security level 2 6. Integration of public key infrastructure Certifi cate management Certifi cate checks Public key management Public keys of recipients 24. SecurePIM s range of functions SecurePIM is an app suite for Apple s ipad, ipad mini, iphone (3GS and later) and ipod touch. It requires ios version 6 or higher. The suite includes four applications: Mail, Calendar, Contacts and Secure Browser. We shall be adding the Documents module from the 3rd quarter of 23. SecurePIM creates a so-called secure container on the device. All data inside this container is strongly encrypted. The user s private key, which has a key length of at least 248 bits, is used for the encryption, and the connection to the Microsoft Exchange Server is also encrypted. SecurePIM is currently available in German and English. SecurePIM meets the requirements of the German Federal Data Protection Act by ensuring that personal and business data are stored and managed separately from one another. SecurePIM s key features: Strict separation of personal and business data through the use of a secure container The app provides all personal information manager modules including Secure Mail (S/MIME), Calendar, Contacts and Secure Browser Support for Microsoft Exchange Server 27 to 2 via the ActiveSync protocol versions 2., 4., 4. and 4.2 Complete control over enterprise data in the secure container through the supplied Mobile Application Management Portal Genuine solution for a bring-your-own-device scenario Companies that already use smart cards complying with the well-established ISO 786 standard can also use these cards for performing authentication and decryption on ipads and iphones Can be integrated seamlessly in an existing public key infrastructure Outstanding usability compliant with the Apple standards 7. Requirements of the IT infrastructure Supported mobile devices Supported operating systems IT infrastructure Roll-out and confi guration of the application Mobile Application Management Portal Device registration Certifi cate import (optional) Data update 3 2 3

3 SECUREPIM S RANGE OF FUNCTIONS. Dashboard The Dashboard provides users with an overview of their s, calendar events and contacts. Dashboard functionality: Displays the latest s and calendar events on a single page Shows frequently used contacts Currently pending calendar events are displayed People can be phoned with the tap of a fi nger (only on the iphone), or an can be written directly without leaving the Dashboard 4 5

4 SECUREPIM S RANGE OF FUNCTIONS.2 Secure Mailer File attachments fi le attachments are opened within the app and are therefore never held on the device in an unencrypted state Contacts integration Integration with the contacts module for effi cient addressee selection Further features: Fully featured application including all the functions for browsing, receiving, sending and organizing s on the iphone and ipad s are downloaded in the background and stored in encrypted form for offl ine access SecurePIM provides a secure app approved and certifi ed by corporate security for use on the iphone and ipad in the enterprise. Alongside all the functionality provided by a powerful application, it offers outstanding usability, a very high level of security and is perfectly tailored to custom security requirements. Search for s by subject, sender and recipient Search for s on the server Integration with the contacts module for effi cient addressee selection Encrypted storage of all s even s that were received in unencrypted form to protect them in the event of loss and theft Integration in Exchange 27 and 2 using Microsoft s standard ActiveSync protocol Mapping of the entire Exchange folder structure as well as management, including actions such as moving and deletion Secure communications through S/MIME encryption, a standard supported by all commonly used applications Supported fi le formats for attachments: doc(x), xls(x), ppt(x), all popular image formats, PDF, txt, and many more You can write s offl ine; they are then sent as soon as you go online again Public certifi cates you have received by can easily be imported into the application 6 7

5 SECUREPIM S RANGE OF FUNCTIONS.3 Secure Contact.4 Secure Calendar Your business contacts are protected against unauthorized access. SecurePIM accesses contacts on the internal enterprise Exchange Server and stores them in encrypted form on the device. You can therefore access contacts at all times even when there is no connection to the Internet. Simple and secure contact management Create and edit contacts online and offl ine Online access to business contacts on the Exchange Server Support for multiple groups of contacts Effi ciently browse and search contacts Integration with and telephone Option to export phone numbers and names of contacts to the device s standard contacts directory (if approved by corporate IT in the Mobile Application Management Portal) Secure Calendar lets you manage your appointments and other events easily and effi ciently with the highest level of security. It uses built-in interfaces to communicate with the other modules. Simple and secure management of appointments and other calendar events Effi ciently create, edit and delete calendar events Support for repeat events and serial events Clear overview thanks to week view and month view on the ipad and list view and month view on the iphone Simply reschedule calendar events by drag-and-drop Comprehensive range of options for browsing and searching calendar events Synchronization with Exchange Server Send calendar event invitations Calendar event reminders appear even if you have SecurePIM closed 8 9

6 SECUREPIM S RANGE OF FUNCTIONS.5 Secure Browser.6 Secure Docs Secure Browser provides a secure way of accessing sensitive Web-based applications, Web pages and portals. It lets companies determine which pages their employees can use from within the secure environment of SecurePIM and which ones they cannot. This means, for instance, they can be given access from within the secure container to an internal CRM solution containing strictly confi dential information. Such information is therefore kept completely isolated from the rest of the device. Independently of this, users can continue to surf the Internet as usual using the standard browser. Controlled access to internal Web pages, portals and Web-based applications Management of permitted and prohibited Web pages Secure authentication for Web-based applications optionally by way of certifi cates Bookmark management No restrictions imposed on the device s standard browser With Secure Docs you can access and use confi dential documents conveniently and securely even outside your internal network. SecurePIM accesses the company s internal document management system via a secure channel and stores the fi les in encrypted form on the iphone or ipad. Only the user can then decrypt and open the stored documents using their private key. Online access to document management systems from anywhere; download documents and directory structures Securely view numerous document types from within the app (e.g. PDF, Word, Excel, PowerPoint, images, s, and many more) Effi ciently browse, manage and view local documents stored in encrypted form Insert bookmarks, remarks, highlights and sketches when reviewing PDF documents Optimized for large PDF documents: document navigation via the table of contents, creation of personal bookmarks, full-text search, and much more Upload documents and directories to the document management system

7 OVERVIEW OF THE SYSTEM ARCHITECTURE 2 PROTECTION OF ENTERPRISE DATA 3 2. Overview of the system architecture 3. Protection of enterprise data The concept behind the secure container approach involves keeping business and personal data completely separate from one another. All business data is stored in encrypted form. A directory structure exists on the device in which all fi les are stored and encrypted using the PKCS#7 or PKCS#2 standard. In addition to this, the system includes a database whose contents are encrypted. Documents and attachments are only decrypted as needed within the main memory. They are only opened inside the app and are not passed on to other apps. Furthermore, no temporary fi les are generated. No other apps can access the contents of the secure container; the keychain in ios is only used for publicly accessible content (public keys). In addition to S/MIME encryption, all fi les are also encrypted using a device-specifi c symmetric AES key (NSFileProtection). Excluded from the encryption are freely accessible public keys and CA certifi cates as well as cached certifi cate revocation lists (CRLs). The app can be confi gured and adapted only from a central point using the Mobile Application Management Portal (MAM Portal). The user is unable to make any unauthorized changes to the relevant settings. This means the enterprise has full control over the secure container and can manage it centrally. It is impossible, however, for the enterprise s internal IT to access the user s personal data through the Mobile Application Management facility. 3. Encryption with a private key A core property of encryption is the user s private key, which forms the basis for the encryption of all data. All data, documents and keys that are of relevance to security are only stored in the mobile device s fi le system in encrypted form. Encryption is performed using the PKCS#7 and PKCS#2 standards, and keys with a minimum length of 248 bits are always used. Unencrypted data only exists in the main memory and is deleted when switching tasks, when switching to sleep mode and when the system wakes up again. Any PINs or passwords stored in the main memory are overwritten. All fi les are additionally encrypted using a device-specifi c symmetric AES key (NSFileProtection). The internal database is encrypted with a session key that is stored in encrypted form, which in turn can only be decrypted with the user s private key. Excluded from the encryption are only freely accessible public keys and CA certifi cates as well as cached certifi cate revocation lists (CRLs). 3.2 Separation of business and personal data User S/MIME Mailer Document access Web browser SecurePIM strictly separates business use and personal use. No changes need to be made to the device for this, which means that the solution can also be used without a mobile device management solution though, in our view, an MDM solution is important and sensible depending on the deployment scenario. All enterprise-related information and settings are held within the secure container and are therefore completely isolated from the rest of the device. Certificate on smart card Login using employee smart card Calendar Contacts s, documents and attachments are only decrypted within the main memory as needed. They are only opened inside the app and are not passed on to other apps. The container is managed by corporate IT, and the user is unable to make any unauthorized changes to the relevant settings. Certain contact information can optionally be exported to the ios device s contacts directory in order, for instance, to enable caller identifi cation (but only if authorized by the enterprise s internal IT in the Mobile Application Management Portal). IT admin 2 3

8 PROTECTION OF ENTERPRISE DATA User authentication Authentication can be performed using a password or smart card, though in both cases it is the user s private RSA key that forms the basis for accessing information held in the secure container. The entered password is never cached. The enterprise s internal IT can specify a password policy for the password. If the user wishes to return to the app after having switched to another app, they will be required to enter the password again. Alternatively, the IT department can set a timeout after which time the user is required to log in again in order to open the app. In addition to this, customer-specific authentication techniques such as mobile PIN or online authentication via a central single sign-on service can also be integrated. 3.4 Cryptographic methods SecurePIM works with all algorithms defined in the S/MIME standard. The algorithms are defined by the transmitting system. All other cryptographic methods are implemented by way of hybrid encryption. The data itself is encrypted with a randomly generated file-specific key using AES-256. This key is then encrypted with the respective user s public key. Restoration of the file-specific key and decryption of the content (which is dependent on the key having been restored) is therefore only possible using the user-specific secret key component of the user certificate. 3.5 Interfaces and secure communications Generally all data links are encrypted end-to-end using Transport Layer Security. Transport Layer Security (TLS) more commonly known by its former name Secure Sockets Layer (SSL) is a hybrid cryptographic protocol for secure data communications over the Internet. As of version 3., the SSL protocol has been further developed and standardized under the new name TLS. TLS version. corresponds to SSL version 3.. SecurePIM uses this protocol to communicate over a maximum of four channels:. With the Exchange Server via the ActiveSync protocol (encryption using Transport Layer Security of the ActiveSync protocol, TLS SSLv3) 2. With the Mobile Application Management Portal via a Web service interface (encryption using Transport Layer Security, TLS SSLv3) 3. Optionally: VPN access for accessing the document management system and Intranet applications (encryption using Transport Layer Security, TLS SSLv3, secured by a machine certificate) 4. Optionally: Access to public key infrastructure for public keys and certificate revocation lists (depending on the configuration of the PKI) One of the following methods is used to secure the secret key component: Or A PKCS#2 container file. In this case, the application checks and changes (as necessary) the algorithms and password in accordance with the defined security policies (password policy; minimum algorithm quality is 3DES ). A smart card. In this case, no secret key components exist on the ipad/iphone. The key is transferred to the smart card for decryption. The user must enter a password in order to gain access. For further information, please also refer to Chapter

9 MICROSOFT EXCHANGE INTEGRATION 4 4. Microsoft Exchange integration s, contacts and calendar events are synchronized with the Exchange Server using ActiveSync. 4. Exchange Server integration via ActiveSync Integration with the Exchange Server is achieved using protocol version 2. or 4 of the Microsoft ActiveSync standard. This means that Exchange Server 27 and Exchange Server 2 can be implemented. The Transport Layer Security of the ActiveSync protocol is used, that is to say, all communications are encrypted subject to the policies of corporate IT. We advise using the minimum standard TLS SSLv3. Exchange ActiveSync (EAS) communicates using the WBXML standard. This is used to synchronize s, contacts, calendar events, tasks and notes from a messaging server with a mobile device. We do not use third-party libraries since they may contain potential security vulnerabilities. It is also possible to optionally integrate the Secure ActiveSync Gateway from our partner PointSharp. This additionally provides back-end protection of the Exchange Server with added authentication methods. Furthermore, it can also be used to permit access to the Exchange Server only via SecurePIM; access through other apps is then no longer possible. A range of other products for the back-end protection of the Exchange Server can also be integrated alongside this. 4.2 S/MIME implementation s can optionally be sent in encrypted form. The Secure/Multipurpose Internet Mail Extensions standard (S/MIME) is used to accomplish this. It enables a MIME-encapsulated to be encrypted using a hybrid cryptographic system. The implementation is based on the S/MIME standard 3. that is defined in RFC385. With regard to the implemented sub-sections of the standard, Version 3. is backwards compatible with version 3.. The S/MIME standard is not fully implemented in this product. The following sections of the RFCs are necessary and were implemented: RFC EnvelopedData Content Type RFC SMIMECapabilities Attribute RFC Encryption Key Preference Attribute RFC ContentEncryptionAlgorithmIdentifier RFC Transfer Encoding base64 is used for transfer encoding RFC The application/pkcs#7-mime Type Only the.p7m format was implemented RFC Key Pair Generation RFC Security Considerations see Page 6, RFC ContentEncryptionAlgorithmIdentifier RFC Enveloped-data Content Type Supported key management algorithm is key transport Supported key encryption algorithm is rsaencryption RFC EnvelopedData Type AES or DES-EDE3-CBC is used as the symmetric encryption algorithm 4.3 encryption The parameters required for the encryption algorithms (DES-EDE3-CBC) are each generated with a high-entropy random number generator. The content is expanded up to 64 bits using DES and is then encrypted with DES-EDE3-CBC. A recipient info structure is created for each recipient, and the values from the respective public keys of the recipients are entered into it. The DES encryption keys and initialization vectors are expanded, then encrypted with the respective public keys and added to RecipientInfo decryption The application receives a p7m container file (see above, RFC385, Chapter 3.2). The file is extracted using base64. If another MIME type or another content transfer encoding was used, this will result in an error. A file name that may be available will not be used or shown. The extracted binary data consists of a PKCS#7 container. The content is defined in RFC5652 (see above, Chapter 6.). The application looks in RecipientInfo to find out if one of the recipients corresponds to the stored certificates and the respective private key. The match criteria are defined under RFC Issuer (signing CA, see above) and the serial number for the specific certificate. If no match is found, an error is displayed. The encrypted key value is decrypted with the respective private key. The weak RC2/4 encryption is not used for sending; AES-256 or DES-EDE3-CBC (for reasons of compatibility) is used as the symmetric encryption algorithm 6 7

10 9 8 SUPPORT FOR SMART-CARD READERS 5 Support for smart-card readers 5. To meet the most stringent security requirements, all asymmetric cryptographic operations are performed on the enterprise s smart card or on a smart card supplied by us. In each case, the private key never leaves the card. We support ISO 786 cards; we have tested ATOS CardOS 4.2 and higher as well as GlobalPlatform (JCOP) cards. Further card types can be implemented on request. Three smart-card readers are currently supported. An enterprise s own middleware can be integrated on request. With this variant, access to sensitive data without the smart card and associated PIN is not possible according to the current state of the art. In enterprises, the security requirements for different user groups typically vary. For this reason we have implemented three levels of security for authentication and decryption. 5. Maximum smart-card security the card is always inserted The user must insert the smart card into the smart-card reader when the application starts. Only after the user has entered the associated PIN to authorize the smart card for cryptographic operations will it be possible to use the app. Depending on the smart card s confi guration, the card will be blocked after the PIN is entered incorrectly a predefi ned number of times. If the card is removed, it is no longer possible to use the app. Decryption of each individual takes place on the card, which means the card must remain inserted. If the user closes the SecurePIM app or switches to another app, they will have to re-enter the PIN if they want to return to the SecurePIM app.

11 SUPPORT FOR SMART-CARD READERS Smart-card security the card is inserted to run the app In this case, the user must insert the smart card into the smart-card reader only when the application starts. After the user has authenticated the smart card for cryptographic operations by entering the associated PIN, the user s private key that is stored in the container will be opened. This takes place in the main memory of the device via asymmetric decryption on the smart card. In this case too, depending on the card s configuration, the card will be blocked if the PIN is repeatedly entered incorrectly. Now all asymmetric cryptographic operations will be performed using the user s private key that is located in the main memory. This means that the card can be removed and the user can continue working without it. If the user closes the app or switches to another app, the key will be removed from the main memory. The next time the user opens the app, they will be required to insert the card again and re-enter the PIN. 5.4 Setting the security level The methods described in the preceding sections can be assigned to different user groups. In addition to these, it is also possible to implement other customer-specific methods. For instance, a corporate single sign-on service could thus be used for authentication performed online. In the default configuration, switching from the High security variant to the Smart-card security level and back is possible. This means that, for instance, smart-card integration can be activated temporarily for travel abroad. The private key (if one is present) is deleted from the main memory in the following situations: A timeout has occurred The application is quit A task is switched The device is put in standby 5.3 High security encryption via a personal certificate in the container No smart card is necessary for users with low level security clearance. The user s configured private key is used for all asymmetric cryptographic operations. The key is stored on the device in encrypted form using the PKCS#2 format and is unlocked after the PIN has been entered (see 3.4 Cryptographic methods). To encrypt the PKCS#2 container, a strong algorithm is used that, in combination with the defined password policy, assures a high level of security. Now all asymmetric cryptographic operations will be performed using the user s private key that is located in the main memory. If the user closes the app or switches to another app, the key will be removed from the main memory. The next time the user opens the app, they will be required to re-enter the PIN. The enterprise can specify the password policy for the password. It is likewise possible for the enterprise to specify that the key be deleted automatically after the password has been entered incorrectly a predefined number of times key deletion is then performed regardless of whether a network connection is available or not. 2 2

12 INTEGRATION OF PUBLIC KEY INFRASTRUCTURE 6 6. Integration of public key infrastructure Companies can employ their existing public key infrastructure (PKI). This lets them use the following functionalities of the existing infrastructure: Provision of the user s personal certifi cate, which is the basic requirement for all security-related operations Access to certifi cate revocation lists for checking the validity of certifi cates and for disabling access to enterprise-related data by way of the central control element: revoke certifi cate Provision of the public keys of recipients and for user-specifi c encryption of documents before they are transferred to SecurePIM Optionally, the Mobile Application Management Portal makes the core functionalities of a PKI (e.g. provision of public keys) available to companies that do not have their own PKI 6. Certificate management An enterprise s internal root certifi cates can also be classifi ed as trustworthy using fi ngerprint checks. For the High security and Smart-card security variants, the user certifi cates can be integrated in the app using the following two methods:. The encrypted user certifi cate is copied into the app as a PKCS#2 container (.p2 fi le) via itunes. 6.2 Certifi cate checks Certifi cates are checked each time they are used. This is the case when a new certifi cate is imported as well as when you use your own certifi cate and when encryption is performed for recipients. The following checks are performed on the certifi cates in accordance with RFC 528 (Internet X.59 public key infrastructure and certifi cate revocation list profi les): The current system time must lie within the certifi cate s period of validity A valid certifi cate chain must exist, that is to say, at a minimum the root certifi cate must be classifi ed as trustworthy by way of a fi ngerprint or by an offi cial certifi cate authority (CA) All signing CA certifi cates must be retrievable and valid (the certifi cates are cached subject to their validity) The certifi cate revocation lists (CRLs) are checked and automatically updated depending on their confi guration If no CRLs is available although the policy requires that an update be performed, the system displays a corresponding message; in this case it will not be possible to log on If there is a problem checking a recipient certifi cate, an appropriate warning will be displayed; in this situation, the user is presented with a dialog that allows them to decide whether to accept the certifi cate or not The CRLs are reloaded after a defi ned period of time according to their own requirements. 2. The user sends the encrypted user certifi cate from their already set up account to the central Mobile Application Management Portal. The portal then makes the certifi cate available when the app is installed after a check has been performed to see whether the certifi cate corresponds to the sender s address. The application recognizes a newly set user certifi cate and then performs the following actions: Any pre-existing certifi cate is deleted The user must enter the transport PIN for the PKCS#2 container that was assigned by the PKI The PKCS#2 container is decrypted in the main memory The user is prompted to enter a new application password twice, which is checked against the requirements of the corporate password policy A new PKCS#2 fi le is generated using the information cached in the main memory and is secured with the new application password The generated container fi le is stored in an area of the application s documents directory that is not visible to itunes The imported PKCS#2 fi le is deleted 22 23

13 IT INFRASTRUCTURE 7 7. Requirements of the IT infrastructure 6.3 Public key management The public key infrastructure (PKI) provides the means to establish trust by linking public keys and identities. This ensures that the application only communicates with safe recipients. Using public key cryptography ensures that only the encrypted data can be decrypted with the respective private key. As far as the encrypted message is concerned, the message content is encrypted using a symmetric number, and the key for the symmetric number is encrypted with the recipient s public key. If the message has several recipients, the same symmetric key is used, but the public key of the respective recipient is used to encrypt the key: In order to reliably generate the content of s, the application checks for the availability of recipient public keys (To:/Cc: list of addresses) in the local memory of the device After the validity of available local public keys has been checked, all missing or invalid public keys (according to the address list of the recipients) are subsequently downloaded by the application from the directory broker (LDAP) or from the Mobile Application Management Portal All newly downloaded public keys are validated and all valid public keys are stored in the local memory of the iphone or ipad For enterprises that do not have a PKI, the Mobile Application Management Portal provides the necessary core functionalities of a PKI. In this case, the Mobile Application Management facility can be used to manage the keys. 7. Supported mobile devices Apple iphone (3GS and later) ipad 2 and later ipad mini ipod touch 7.2 Supported operating systems ios 6. and higher 7.3 IT infrastructure The following infrastructure should be provided by the customer and must be accessible from the Internet: Microsoft Exchange Server 27 or 2 with ActiveSync version 2., 4., 4. or 4.2 Standard Java application server for installing the Mobile Application Management Portal Optional: Directory broker (LDAP) with the public keys of the recipients 6.4 Public keys of recipients Optional: Certifi cate revocation lists of the CAs Optional: Microsoft SharePoint server The public key of the recipient or recipients is needed for sending S/MIME s. Public keys can be obtained using the following methods: Automatic querying of the enterprise s own directory service, accessible via LDAP; in this case, the address is the criterion used to search for the recipient s key Import of the sender s public key from the S/MIME signature of an (currently being implemented) Batch import of public certifi cates by the user via itunes (currently being implemented) For customers that do not have a PKI, it is possible to make a directory service available through the Mobile Application Management Portal Internet MAM LDAP 24 25

14 ROLL-OUT & CONFIGURATION 8 8. Roll-out and configuration of the application IT has full control over SecurePIM The roll-out of the application can be adapted to the existing infrastructure and largely automated. Installation and confi guration are performed as follows: The installation can take place via Apple s App Store or through an existing mobile device management solution. For testing purposes, it is also possible to install the app simply via a QR code that contains an internal link For fi rst-time installations, the user enters a minimal set of data (which is dependent on the enterprise s compliance requirements); all further settings are adopted from the Mobile Application Management Portal Registration on the Mobile Application Management Portal takes place with a challenge response procedure by which the app and Mobile Application Management Portal positively authenticate one another The user s private key can be obtained through the Mobile Application Management Portal or imported via itunes (this step is not necessary for the smart-card-only variant) Every time the app starts, it checks via a Web service interface (if an Internet connection is available) to see whether any of the settings have been modifi ed; any changes will be adopted automatically The app can be updated via the App Store as well as through a mobile device management solution Roll-out via the ios Developer Enterprise Program with the customer s enterprise key is in principle also possible. Further information on this can be found on the Apple website under ios Developer Enterprise Program. This variant is recommended in particular for custom adaptations. virtual solution can then compile the app with the customer s key

15 ROLL-OUT & CONFIGURATION 8 8. Mobile Application Management Portal 8.2 Device registration Devices are registered when the SecurePIM app is installed for the fi rst time. The user enters their address and the data supplied by the company s IT into SecurePIM. These settings can alternatively be made available to users via a link, so that the installation process can be automated for the most part. If an MDM solution exists in the enterprise, it can be used to roll-out and install SecurePIM. The registration process begins and a connection to the MAM Portal is established, as described below: If at this point in the setup process there is no private key present yet (either by use of a smart card or through an already performed import via itunes), the system checks whether a certifi cate has been deposited for this user by If this is the case, it is loaded and the user must enter their PKCS#2 container password for their private key The Mobile Application Management Portal gives corporate IT control over enterprise data on the mobile device and enables it to securely confi gure and manage SecurePIM: The app can be confi gured and adapted only from a central point via the Mobile Application Management Portal The user is unable to make and must not make any unauthorized changes to the relevant settings; updates are applied automatically Remote wipe of the personal certifi cate in case the device is lost (in contrast to remotely wiping the entire device, this approach permits straightforward restoration of the data while at the same time maintaining maximum security) Devices can be fl exibly registered and removed again as long as the licensed number of devices is not exceeded In the next step, a check is performed in the MAM Portal to see whether the user is listed in the LDAP directory and whether a public certifi cate has been deposited If this is the case, a challenge is generated and encrypted for this user; it is therefore only possible for the user who actually possesses the private certifi cate and the correct PIN to register This takes place completely automatically in the background; after the SecurePIM user taps the button to register, they are merely informed of the result After successful registration, the settings that are deposited in the portal are transferred directly; the user merely has to enter their security-related data (dependent on the compliance requirements) At the same time, the user associated with the automatically activated device appears in the Mobile Application Management Portal and can be managed from that point on Enforcement of internal enterprise security policies, for example, to specify which user groups require smart-card authentication Core PKI functionality for managing the certifi cates of enterprises that do not possess their own PKI It is impossible for the enterprise s internal IT to use the Mobile Application Management facility to access any of the user s personal data stored outside the secure container The secure container is not updated through Apple s push mechanisms. SecurePIM automatically updates the data as a so-called secure connected container via a Web service interface every time the app is started

16 ROLL-OUT & CONFIGURATION Certificate import (optional) If the Maximum Security variant (where the card has to remain inserted) is not selected, it will be necessary to import the user s private key into SecurePIM s secure container. This can be done via or itunes. In both cases, the enterprise s internal IT must provide the user with their private certificate in PKCS#2 format. This container format is very secure and an import can only be performed with the corresponding transport PIN. Steps must be taken on the IT side to ensure that the transport PIN is highly complex. Import via itunes (only recommended for testing) For this, the SecurePIM user merely needs to move the P2 file that has been made available to them into SecurePIM s application folder. Once this has been done, the SecurePIM app asks for the associated transport PIN and then imports the private certificate if the PIN was entered successfully. Import via the MAM Portal A SecurePIM user has the option (if corporate IT has authorized it or requires it) to send their private certificate to the portal by . A cron job runs on the Mobile Application Management Portal server for this purpose. It imports the private certificates (secured in the PKCS#2 container) from the portal account. These container files are deleted immediately after they have been accessed by the respective user. This means that the SecurePIM user merely needs to send an with their PKCS#2 container as an attachment to the address provided by their corporate IT. When doing this, the SecurePIM user must ensure they send the via the account that is used in SecurePIM. 8.4 Data update The MAM Portal administrator can adapt the settings for the SecurePIM app via the MAM Portal and trigger an automatic roll-out to devices that are already registered. Settings that can be configured there include: LDAP configurations Exchange Server configurations Various security settings The SecurePIM app automatically triggers a status check at regular intervals. This check is also performed every time the app is started. This makes it possible to quickly determine whether a device has been blocked or whether new settings have been deposited on the MAM Portal. Blocking flag The MAM Portal administrator has the ability to block certain users. This may be necessary, for example, if a device is lost. It is also possible to block specific devices. This, for instance, would then permit a user to register themselves on a new device. Automatic transmission of new settings The status check enables new settings to be transmitted promptly to the registered devices. No action by the user is necessary for this. New settings are transmitted after a comparison is made with a date that is stored in the SecurePIM app. This date is modified with every update and is therefore used as the reference when the settings are changed again. A direct import of the private key from the PKI into the Mobile Application Management Portal for automatic distribution would be technically feasible. This approach, however, must always be checked and approved on the basis of the enterprise s internal guidelines. 3 3

17 Try it now! Enterprises can test SecurePIM and the Mobile Application Management Portal for free. Request your test version at virtual solution AG Rupprechtstr. 25, 8636 Munich, Germany Tel.: +49 () Fax: +49 ()

iphone and ipad in the enterprise. Secure? Sure.

iphone and ipad in the enterprise. Secure? Sure. iphone and ipad in the enterprise. Secure? Sure. According to the current state of the art, when smart-card mode is activated, it is impossible to gain unauthorized access to business data stored in SecurePIM.

More information

Cloud Services MDM. ios User Guide

Cloud Services MDM. ios User Guide Cloud Services MDM ios User Guide 10/24/2014 CONTENTS Overview... 3 Supported Devices... 3 System Capabilities... 3 Enrollment and Activation... 4 Download the Agent... 4 Enroll Your Device Using the Agent...

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Public FAQ Version: 25 Stand: 29.02.2016

Public FAQ Version: 25 Stand: 29.02.2016 Public FAQ Version: 25 Stand: 29.02.2016 Here you can find FAQs related to SecurePIM, SecurePIM Enterprise and SecurePIM Government. General /Allgemeines 29.02.2016 2/18 General On which devices and operating

More information

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0 Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

More information

Sophos Mobile Control Installation guide

Sophos Mobile Control Installation guide Sophos Mobile Control Installation guide Product version: 2.5 Document date: July 2012 Contents 1 Introduction... 3 2 The Sophos Mobile Control server... 4 3 Set up Sophos Mobile Control... 13 4 Running

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

More information

Security Digital Certificate Manager

Security Digital Certificate Manager IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,

More information

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series User Guide Supplement S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series SWD-292878-0324093908-001 Contents Certificates...3 Certificate basics...3 Certificate status...5 Certificate

More information

iphone in Business How-To Setup Guide for Users

iphone in Business How-To Setup Guide for Users iphone in Business How-To Setup Guide for Users iphone is ready for business. It supports Microsoft Exchange ActiveSync, as well as standards-based services, delivering email, calendars, and contacts over

More information

ClickShare Network Integration

ClickShare Network Integration ClickShare Network Integration Application note 1 Introduction ClickShare Network Integration aims at deploying ClickShare in larger organizations without interfering with the existing wireless network

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios Devices

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios Devices GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios Devices GO!Enterprise MDM for ios Devices, Version 3.x GO!Enterprise MDM for ios Devices 1 Table of Contents GO!Enterprise

More information

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios with TouchDown

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios with TouchDown GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios with TouchDown GO!Enterprise MDM for ios Devices, Version 3.x GO!Enterprise MDM for ios with TouchDown 1 Table of

More information

iphone in Business Security Overview

iphone in Business Security Overview iphone in Business Security Overview iphone can securely access corporate services and protect data on the device. It provides strong encryption for data in transmission, proven authentication methods

More information

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

Certificate Management. PAN-OS Administrator s Guide. Version 7.0 Certificate Management PAN-OS Administrator s Guide Version 7.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us

More information

Sophos Mobile Control Technical guide

Sophos Mobile Control Technical guide Sophos Mobile Control Technical guide Product version: 2 Document date: December 2011 Contents 1. About Sophos Mobile Control... 3 2. Integration... 4 3. Architecture... 6 4. Workflow... 12 5. Directory

More information

Resco Mobile CRM Security

Resco Mobile CRM Security Resco Mobile CRM Security Out-of-the-box Security 1. Overview The Resco Mobile CRM application (client) communicates directly with the Dynamics CRM server. The communication uses standard Dynamic CRM Web

More information

ipad in Business Security

ipad in Business Security ipad in Business Security Device protection Strong passcodes Passcode expiration Passcode reuse history Maximum failed attempts Over-the-air passcode enforcement Progressive passcode timeout Data security

More information

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0 Administration Guide BlackBerry Enterprise Service 12 Version 12.0 Published: 2015-01-16 SWD-20150116150104141 Contents Introduction... 9 About this guide...10 What is BES12?...11 Key features of BES12...

More information

Entrust Managed Services PKI

Entrust Managed Services PKI Entrust Managed Services PKI Entrust Managed Services PKI Windows Smart Card Logon Configuration Guide Using Web-based applications Document issue: 1.0 Date of Issue: June 2009 Copyright 2009 Entrust.

More information

Sophos Mobile Control Installation guide. Product version: 3

Sophos Mobile Control Installation guide. Product version: 3 Sophos Mobile Control Installation guide Product version: 3 Document date: January 2013 Contents 1 Introduction...3 2 The Sophos Mobile Control server...4 3 Set up Sophos Mobile Control...16 4 External

More information

Deploying iphone and ipad Security Overview

Deploying iphone and ipad Security Overview Deploying iphone and ipad Security Overview ios, the operating system at the core of iphone and ipad, is built upon layers of security. This enables iphone and ipad to securely access corporate services

More information

Chapter 7 Managing Users, Authentication, and Certificates

Chapter 7 Managing Users, Authentication, and Certificates Chapter 7 Managing Users, Authentication, and Certificates This chapter contains the following sections: Adding Authentication Domains, Groups, and Users Managing Certificates Adding Authentication Domains,

More information

Mobile Mobile Security COPYRIGHT 2014 INTUITION ALL RIGHTS RESERVED. Copyright 2014 Intuition

Mobile Mobile Security COPYRIGHT 2014 INTUITION ALL RIGHTS RESERVED. Copyright 2014 Intuition Mobile Mobile Security COPYRIGHT 2014 INTUITION ALL RIGHTS RESERVED 1 Background Traditionally, security has not been a high priority for e-learning; as such content was hosted and only accessible at the

More information

Sophos Mobile Control SaaS startup guide. Product version: 6

Sophos Mobile Control SaaS startup guide. Product version: 6 Sophos Mobile Control SaaS startup guide Product version: 6 Document date: January 2016 Contents 1 About this guide...4 2 About Sophos Mobile Control...5 3 What are the key steps?...7 4 Change your password...8

More information

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication Certificate Based 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 31 Disclaimer Disclaimer of

More information

ireadsmime User Guide For iphone, ipad, and ipod Touch

ireadsmime User Guide For iphone, ipad, and ipod Touch ireadsmime User Guide For iphone, ipad, and ipod Touch Page 1 CONTENTS Chapter 1: Welcome... 3 Chapter 2: Getting Started... 3 Compatability... 3 Preliminary Steps... 3 Setting up a POP3 / IMAP4 Email

More information

Sophos Mobile Control Startup guide. Product version: 3.5

Sophos Mobile Control Startup guide. Product version: 3.5 Sophos Mobile Control Startup guide Product version: 3.5 Document date: July 2013 Contents 1 About this guide...3 2 What are the key steps?...5 3 Log in as a super administrator...6 4 Activate Sophos Mobile

More information

RSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide

RSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide RSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide Contact Information See the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks

More information

CIPHERMAIL EMAIL ENCRYPTION. CipherMail white paper

CIPHERMAIL EMAIL ENCRYPTION. CipherMail white paper CIPHERMAIL EMAIL ENCRYPTION CipherMail white paper Copyright 2009-2014, ciphermail.com. Introduction Most email is sent as plain text. This means that anyone who can intercept email messages, either in

More information

Sophos Mobile Control Startup guide. Product version: 3

Sophos Mobile Control Startup guide. Product version: 3 Sophos Mobile Control Startup guide Product version: 3 Document date: January 2013 Contents 1 About this guide...3 2 What are the key steps?...5 3 Log in as a super administrator...6 4 Activate Sophos

More information

www.novell.com/documentation Server Installation ZENworks Mobile Management 2.7.x August 2013

www.novell.com/documentation Server Installation ZENworks Mobile Management 2.7.x August 2013 www.novell.com/documentation Server Installation ZENworks Mobile Management 2.7.x August 2013 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of this

More information

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android GO!Enterprise MDM for Android, Version 3.x GO!Enterprise MDM for Android 1 Table of Contents GO!Enterprise MDM

More information

Sophos Mobile Control Installation guide. Product version: 3.5

Sophos Mobile Control Installation guide. Product version: 3.5 Sophos Mobile Control Installation guide Product version: 3.5 Document date: July 2013 Contents 1 Introduction...3 2 The Sophos Mobile Control server...4 3 Set up Sophos Mobile Control...10 4 External

More information

Novell Filr. Mobile Client

Novell Filr. Mobile Client Novell Filr Mobile Client 0 Table of Contents Quick Start 3 Supported Mobile Devices 3 Supported Languages 4 File Viewing Support 4 FILES THAT CANNOT BE VIEWED IN THE FILR APP 4 FILES THAT GIVE A WARNING

More information

Sophos Mobile Control user help. Product version: 6.1

Sophos Mobile Control user help. Product version: 6.1 Sophos Mobile Control user help Product version: 6.1 Document date: May 2016 Contents 1 About this help...4 2 About Sophos Mobile Control...5 3 Login to the Self Service Portal...6 3.1 First login...6

More information

Mobile Device Management Version 8. Last updated: 17-10-14

Mobile Device Management Version 8. Last updated: 17-10-14 Mobile Device Management Version 8 Last updated: 17-10-14 Copyright 2013, 2X Ltd. http://www.2x.com E mail: info@2x.com Information in this document is subject to change without notice. Companies names

More information

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android with TouchDown

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android with TouchDown GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android with TouchDown GO!Enterprise MDM for Android, Version 3.x GO!Enterprise MDM for Android with TouchDown 1 Table

More information

GO!Enterprise MDM Device Application User Guide Installation and Configuration for BlackBerry

GO!Enterprise MDM Device Application User Guide Installation and Configuration for BlackBerry GO!Enterprise MDM Device Application User Guide Installation and Configuration for BlackBerry GO!Enterprise MDM Version 4.11.x GO!Enterprise MDM for BlackBerry 1 Table of Contents GO!Enterprise MDM for

More information

Managed Services PKI 60-day Trial Quick Start Guide

Managed Services PKI 60-day Trial Quick Start Guide Entrust Managed Services PKI Managed Services PKI 60-day Trial Quick Start Guide Document issue: 3.0 Date of issue: Nov 2011 Copyright 2011 Entrust. All rights reserved. Entrust is a trademark or a registered

More information

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15 Product Manual MDM On Premise Installation Version 8.1 Last Updated: 06/07/15 Parallels IP Holdings GmbH Vordergasse 59 8200 Schaffhausen Switzerland Tel: + 41 52 632 0411 Fax: + 41 52 672 2010 www.parallels.com

More information

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2 Feature and Technical Overview Published: 2010-06-16 SWDT305802-1108946-0615123042-001 Contents 1 Overview: BlackBerry Enterprise

More information

DJIGZO EMAIL ENCRYPTION. Djigzo white paper

DJIGZO EMAIL ENCRYPTION. Djigzo white paper DJIGZO EMAIL ENCRYPTION Djigzo white paper Copyright 2009-2011, djigzo.com. Introduction Most email is sent as plain text. This means that anyone who can intercept email messages, either in transit or

More information

Djigzo S/MIME setup guide

Djigzo S/MIME setup guide Author: Martijn Brinkers Table of Contents...1 Introduction...3 Quick setup...4 Create a CA...4 Fill in the form:...5 Add certificates for internal users...5 Add certificates for external recipients...7

More information

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise

More information

Certificate technology on Pulse Secure Access

Certificate technology on Pulse Secure Access Certificate technology on Pulse Secure Access How-to Guide Published Date July 2015 Contents Introduction: 3 Creating a Certificate signing request (CSR): 3 Import Intermediate CAs: 5 Using Trusted Client

More information

PMDP is simple to set up, start using, and maintain

PMDP is simple to set up, start using, and maintain Product Datasheet IBELEM, SA ITS Group - 5, boulevard des Bouvets 92741 Nanterre Cedex - FRANCE Tel: +33(0)1.55.17.45.75 Fax: +33(0)1.73.72.34.08 - www.ibelem.com - info@ibelem.com PMDP is simple to set

More information

iphone in Business How-To Setup Guide for Users

iphone in Business How-To Setup Guide for Users iphone in Business How-To Setup Guide for Users iphone 3G is ready for business. It supports Microsoft Exchange ActiveSync, delivering push email, calendars, and contacts. And it gives mobile users secure

More information

NotifyMDM Device Application User Guide Installation and Configuration for Windows Mobile 6 Devices

NotifyMDM Device Application User Guide Installation and Configuration for Windows Mobile 6 Devices NotifyMDM Device Application User Guide Installation and Configuration for Windows Mobile 6 Devices End-of-Life Notice Please note that GO!Enterprise MDM server version 3.6.3 is the last to officially

More information

Sophos SafeGuard Native Device Encryption for Mac Administrator help. Product version: 7

Sophos SafeGuard Native Device Encryption for Mac Administrator help. Product version: 7 Sophos SafeGuard Native Device Encryption for Mac Administrator help Product version: 7 Document date: December 2014 Contents 1 About SafeGuard Native Device Encryption for Mac...3 1.1 About this document...3

More information

Securing your Online Data Transfer with SSL

Securing your Online Data Transfer with SSL Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does

More information

Certificate technology on Junos Pulse Secure Access

Certificate technology on Junos Pulse Secure Access Certificate technology on Junos Pulse Secure Access How-to Introduction:... 1 Creating a Certificate signing request (CSR):... 1 Import Intermediate CAs: 3 Using Trusted Client CA on Juno Pulse Secure

More information

Apple Mail... 36 Outlook Web Access (OWA)... 38 Logging In... 38 Changing Passwords... 39 Mobile Devices... 40 Blackberry...

Apple Mail... 36 Outlook Web Access (OWA)... 38 Logging In... 38 Changing Passwords... 39 Mobile Devices... 40 Blackberry... Contents Email Accounts... 3 Adding accounts... 3 Account Modifications... 6 Adding Aliases... 7 Primary E-mail Addresses... 10 Mailbox Quotas... 12 Removing accounts... 13 Mail Forwarding and Distribution

More information

Advanced Administration

Advanced Administration BlackBerry Enterprise Service 10 BlackBerry Device Service Version: 10.2 Advanced Administration Guide Published: 2014-09-10 SWD-20140909133530796 Contents 1 Introduction...11 About this guide...12 What

More information

Kaspersky Lab Mobile Device Management Deployment Guide

Kaspersky Lab Mobile Device Management Deployment Guide Kaspersky Lab Mobile Device Management Deployment Guide Introduction With the release of Kaspersky Security Center 10.0 a new functionality has been implemented which allows centralized management of mobile

More information

Feature and Technical

Feature and Technical BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 4 Feature and Technical Overview Published: 2013-11-07 SWD-20131107160132924 Contents 1 Document revision history...6 2 What's

More information

WatchDox Administrator's Guide. Application Version 3.7.5

WatchDox Administrator's Guide. Application Version 3.7.5 Application Version 3.7.5 Confidentiality This document contains confidential material that is proprietary WatchDox. The information and ideas herein may not be disclosed to any unauthorized individuals

More information

Configuring Digital Certificates

Configuring Digital Certificates CHAPTER 36 This chapter describes how to configure digital certificates and includes the following sections: Information About Digital Certificates, page 36-1 Licensing Requirements for Digital Certificates,

More information

SecureStore I.CA. User manual. Version 2.16 and higher

SecureStore I.CA. User manual. Version 2.16 and higher User manual Version 2.16 and higher Contents SecureStore I.CA 1. INTRODUCTION...3 2. ACCESS DATA FOR THE CARD...3 2.1 Card initialisation...3 3. MAIN SCREEN...4 4. DISPLAYING INFORMATION ABOUT THE PAIR

More information

Addressing Security Issues The ecopy solution for document imaging

Addressing Security Issues The ecopy solution for document imaging WHITE PAPER Addressing Security Issues The ecopy solution for document imaging Contents Product overview...1 User authentication...2 Document security...2 Activity logging...2 Device security...3 Personalization

More information

isecuremail User Guide for iphone

isecuremail User Guide for iphone isecuremail User Guide for iphone Page 1 CONTENTS Chapter 1: Welcome... 4 Chapter 2: Getting Started... 5 Compatability... 5 Preliminary Steps... 5 Setting up a POP3 / IMAP4/ Exchange Email Account...

More information

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0 Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust

More information

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway Unifying Information Security Implementing TLS on the CLEARSWIFT SECURE Email Gateway Contents 1 Introduction... 3 2 Understanding TLS... 4 3 Clearswift s Application of TLS... 5 3.1 Opportunistic TLS...

More information

Sophos Mobile Encryption Help. Product version: 1.0 Document date: April 2012

Sophos Mobile Encryption Help. Product version: 1.0 Document date: April 2012 Sophos Mobile Encryption Help Product version: 1.0 Document date: April 2012 Contents 1 About Sophos Mobile Encryption...3 2 Home view...5 3 itunes...6 4 Dropbox...7 5 Favorites...9 6 Document view...11

More information

BlackBerry Enterprise Service 10. Version: 10.2. Configuration Guide

BlackBerry Enterprise Service 10. Version: 10.2. Configuration Guide BlackBerry Enterprise Service 10 Version: 10.2 Configuration Guide Published: 2015-02-27 SWD-20150227164548686 Contents 1 Introduction...7 About this guide...8 What is BlackBerry Enterprise Service 10?...9

More information

ios Enterprise Deployment Overview

ios Enterprise Deployment Overview ios Enterprise Deployment Overview ios devices such as ipad and iphone can transform your business. They can significantly boost productivity and give your employees the freedom and flexibility to work

More information

Information Systems. Connecting Smartphones to NTU s Email System

Information Systems. Connecting Smartphones to NTU s Email System Information Systems Connecting Smartphones to NTU s Email System Connecting Smartphones to NTU s Email System Contents Things to be aware of before you start 3 Connecting a Windows Mobile 6 (6.0-6.5) Phone

More information

The All-in-One Support Solution. Easy & Secure. Secure Advisor

The All-in-One Support Solution. Easy & Secure. Secure Advisor The All-in-One Support Solution. Easy & Secure. Secure Advisor Secure Advisor - A Perfect Solution for Online Support Fast and easy remote support from anywhere Problems that often sound complicated on

More information

Guide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate (Personal eid) WISeKey 2010 / Alinghi 2010 Smartcards

Guide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate (Personal eid) WISeKey 2010 / Alinghi 2010 Smartcards The World Internet Security Company Solutions for Security Guide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate (Personal eid) WISeKey 2010 / Alinghi 2010 Smartcards Wherever Security

More information

PKI Contacts PKI for Fraunhofer Contacts

PKI Contacts PKI for Fraunhofer Contacts Fraunhofer Competence Center PKI PKI Contacts PKI for Fraunhofer Contacts User manual for communication partners of the Fraunhofer-Gesellschaft Author[s]: Uwe Bendisch, Maximilian Gottwald As at: 15.10.2013

More information

Frequently Asked Questions. Frequently Asked Questions. 2013 SSLPost Page 1 of 31 support@sslpost.com

Frequently Asked Questions. Frequently Asked Questions. 2013 SSLPost Page 1 of 31 support@sslpost.com Frequently Asked Questions 2013 SSLPost Page 1 of 31 support@sslpost.com Table of Contents 1 What is SSLPost Cloud? 3 2 Why do I need SSLPost Cloud? 4 3 What do I need to use SSLPost Cloud? 5 4 Which Internet

More information

Quick Start and Trial Guide (Mail) Version 3 For ios Devices

Quick Start and Trial Guide (Mail) Version 3 For ios Devices Quick Start and Trial Guide (Mail) Version 3 For ios Devices Information in this document is subject to change without notice. Complying with all applicable copyright laws is the responsibility of the

More information

Sophos Mobile Control Administrator guide. Product version: 3

Sophos Mobile Control Administrator guide. Product version: 3 Sophos Mobile Control Administrator guide Product version: 3 Document date: January 2013 Contents 1 About Sophos Mobile Control...4 2 About the Sophos Mobile Control web console...7 3 Key steps for managing

More information

Configuring Security Features of Session Recording

Configuring Security Features of Session Recording Configuring Security Features of Session Recording Summary This article provides information about the security features of Citrix Session Recording and outlines the process of configuring Session Recording

More information

Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate thawte thawte thawte thawte thawte 10.

Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate thawte thawte thawte thawte thawte 10. Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate A STEP-BY-STEP GUIDE to test, install and use a thawte Digital Certificate on your MS IIS Web

More information

BTC STUDENT EMAIL GUIDE

BTC STUDENT EMAIL GUIDE BTC STUDENT EMAIL GUIDE All students have a BTC email account. If you are unable to access your account, please contact your instructor. Student Email Each student has an email account. Your email address

More information

Junos Pulse for Google Android

Junos Pulse for Google Android Junos Pulse for Google Android User Guide Release 4.0 October 2012 R1 Copyright 2012, Juniper Networks, Inc. Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks

More information

Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual

Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123 Instructor Manual Published: 2013-07-02 SWD-20130702091645092 Contents Advance preparation...7 Required materials...7 Topics

More information

6. Is it mandatory to have the digital certificate issued from NICCA?...3. 7. Is it mandatory for the sender and receiver to have a NIC email id?...

6. Is it mandatory to have the digital certificate issued from NICCA?...3. 7. Is it mandatory for the sender and receiver to have a NIC email id?... FAQ FOR S/MIME 1. What is S/MIME?...2 2. What is digital certificate?...2 3. What is an encrypted email?...2 4. Is it mandatory to use this service?...2 5. What I need to do to start using S/MIME service?...2

More information

Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application INDEX 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4.

More information

Djigzo email encryption. Djigzo white paper

Djigzo email encryption. Djigzo white paper Djigzo email encryption Djigzo white paper Copyright 2009-2011, djigzo.com. Introduction Most email is sent as plain text. This means that anyone who can intercept email messages, either in transit or

More information

ERserver. iseries. Securing applications with SSL

ERserver. iseries. Securing applications with SSL ERserver iseries Securing applications with SSL ERserver iseries Securing applications with SSL Copyright International Business Machines Corporation 2000, 2001. All rights reserved. US Government Users

More information

Kaspersky Security for Mobile Administrator's Guide

Kaspersky Security for Mobile Administrator's Guide Kaspersky Security for Mobile Administrator's Guide APPLICATION VERSION: 10.0 SERVICE PACK 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful and that

More information

Using Entrust certificates with Microsoft Office and Windows

Using Entrust certificates with Microsoft Office and Windows Entrust Managed Services PKI Using Entrust certificates with Microsoft Office and Windows Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark

More information

AVG Business SSO Partner Getting Started Guide

AVG Business SSO Partner Getting Started Guide AVG Business SSO Partner Getting Started Guide Table of Contents Overview... 2 Getting Started... 3 Web and OS requirements... 3 Supported web and device browsers... 3 Initial Login... 4 Navigation in

More information

Creating an Apple APNS Certificate

Creating an Apple APNS Certificate Creating an Apple APNS Certificate 4/20/2012 Creating an Apple APNS Certificate Created by Britt Womelsdorf Edited by Mark S. Ciminello, MBA, PMP The purpose of this document is to outline the steps necessary

More information

Security Architecture Whitepaper

Security Architecture Whitepaper Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer

More information

prefer to maintain their own Certification Authority (CA) system simply because they don t trust an external organization to

prefer to maintain their own Certification Authority (CA) system simply because they don t trust an external organization to If you are looking for more control of your public key infrastructure, try the powerful Dogtag certificate system. BY THORSTEN SCHERF symmetric cryptography provides a powerful and convenient means for

More information

Preparing for GO!Enterprise MDM On-Demand Service

Preparing for GO!Enterprise MDM On-Demand Service Preparing for GO!Enterprise MDM On-Demand Service This guide provides information on...... An overview of GO!Enterprise MDM... Preparing your environment for GO!Enterprise MDM On-Demand... Firewall rules

More information

The Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

The Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data The Challenge The Solution Today's employees demand mobile access to office information in order to maximize their productivity and they expect that enterprise collaboration and communication tools should

More information

Cyber Warnings E-Magazine August 2015 Edition Copyright Cyber Defense Magazine, All rights reserved worldwide

Cyber Warnings E-Magazine August 2015 Edition Copyright Cyber Defense Magazine, All rights reserved worldwide 1 Cyber Warnings E-Magazine August 2015 Edition End-to-End Encryption for Emails. An Organizational Approach by Dr Burkhard Wiegel, Founder and CEO, Zertificon Solutions The threat to electronic enterprise

More information

Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com

Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Manual Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples herein are fictitious

More information

Android App User Guide

Android App User Guide www.novell.com/documentation Android App User Guide ZENworks Mobile Management 2.7.x August 2013 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of

More information

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0 White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative

More information

Enabling SSL and Client Certificates on the SAP J2EE Engine

Enabling SSL and Client Certificates on the SAP J2EE Engine Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs SAP AG 1 Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine

More information

Sophos Mobile Control User guide for Apple ios. Product version: 4

Sophos Mobile Control User guide for Apple ios. Product version: 4 Sophos Mobile Control User guide for Apple ios Product version: 4 Document date: May 2014 Contents 1 About Sophos Mobile Control...3 2 About this guide...4 3 Login to the Self Service Portal...5 4 Set

More information

Internet E-Mail Encryption S/Mime Standard

Internet E-Mail Encryption S/Mime Standard Internet E-Mail Encryption S/Mime Standard Disclaimer: Successfully setting up encryption functions in most e-mail clients is usually not a problematic task. However, it should be noted that, when configuring

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information