Identity and Access

IDGo Secure Email (ISE) for Android

Didier BonnetNovember 2014

Emails are a Priority for Enterprises

2

Forrester, December 2011

Main Requirements Addressed

3

Mobile OS Market Share Evolution in Q2 2014

4

Operating System

2Q14 Shipment Volume

(Mu)

2Q14 Market Share

2Q13 Shipment Volume

(Mu)

2Q13 Market Share

2Q14/2Q13 Growth

Android 255.3 84.7% 191.5 79.6% 33.3%

iOS 35.2 11.7% 31.2 13.0% 12.7%

Windows Phone

7.4 2.5% 8.2 3.4% -9.4%

BlackBerry 1.5 0.5% 6.7 2.8% -78.0%

Others 1.9 0.6% 2.9 1.2% -32.2%

Total 301.3 100% 240.5 100% 25.3%

Source IDC Worldwide Quaterly Mobile Phone Tracker (August 2014)

5

Secure Elements Now and Future

MicroSD

UICC TEE

eSE

Badge via contact reader

As of today: 10 Million Gemalto smartcard active

users20 Million 3rd party smartcard active users

Next 2 years:Prototypes in progress

Badge via NFC

Semi-detached

credentials

Semi-detached

credentials

Embedded credentialsEmbedded credentials

Smart card on a stick

Badge via Bluetooth reader

Detached credentialsDetached

credentials

In 2 - 5 years:Next generation of handsets BYOD/ mobile desktop will increase needs for Secure Elements

Secure Element adoption

IDGo 800 Middleware and SDK

6

Other reader drivers

Other reader driversNFC driver NFC driver

PKI Crypto Layer API PKI Crypto Layer API

Test toolsTest tools

OTP APIOTP API

33rdrd party client applications party client applications33rdrd party client applications party client applicationsM

iddl

ewar

e

SD

K

IDPrime cards

TEE (*)

PC-SC like APIPC-SC like API

(*) OTG: On-The-Go = USB Master TEE: Trusted Execution Environment

USB OTG (*) driver

USB OTG (*) driver

Other Secure Elements

Other Secure Elements

Supported Readers and Tokens on Android

7

USB On-The-Go port (= USB Master )

orBlueTooth

USB Female – Micro USB adaptor or cable

BHXT and Feitian readers

USB tokens & IDBridge K3000

PC-Link readers

Micro USB cable

ISE Security Features

S/MIME email signature and encryption

Encryption algorithms: 3DES, AES256, RSA

Signature algorithms: MD5, SHA1, SHA256, SHA512, RSA

8 8

Gemalto middleware and Secure ElementsIDGo 800 for Android and associated readers: USB, NFC, BLE, µSDIDPrime MD, .NET and PIV PKI applets

SSL / TLS communication with the server

Other Features and Benefits

Microsoft Exchange ActiveSync (EAS) protocol

Synchronization with the native Android Contacts and Calendar

Email reception by push or periodical synchronization

Support of Global Address List (GAL)

Various PKI certificate managementsLocal validation with the Certification Authority (CA)

Validation with the EAS server or OCSP protocol

Certificates retrieved from validated emails, (multi) LDAP and EAS server

Revocation by Certificate Revocation List (CRL)

POP3, IMAP4 and SMTP email protocols for BYOD usage

Multi accounts, mailboxes and folders, combined mailbox

HTML or plain text email format

Group and Search email functions9 9

What is Exchange ActiveSync?

EAS is a communication protocol that synchronizes emails, calendars, contacts and tasks between email servers and mobile client applications

It also provides some Mobile Device Management (MDM) features and security policy controls

It is based on XML and HTTP(S) protocols

More details…

EAS is licensed by

Microsoft is the main provider of EAS compliant email servers

EAS is supported by Windows Phone, Android, iOS, BB, Gmail, Google Apps, Office 365, Lotus Notes

10

What is S/MIME?

Secure / Multipurpose Internet Mail Extensions Standard protocol based on X509 PKI certificatesDescribed by several specifications: RFC 3851, 5751, 5652Present version is S/MIME v3.2

Insures compatibility between the various email applications and servers

Main applications Outlook, Mozilla Thunderbird, MacOS Mail, Gmail, OWA

Main email server: Microsoft Exchange Active Sync (EAS)

11

S/MIME specifies the email Digital Signature and encryption / decryption

S/MIME Operations

12

The email is encrypted with the Recipient Public Key and signed with the Sender Private Key

The email is decrypted with the Recipient Private Key and the signature is verified with the Sender Public Key

Basic Operations

13

Email edition

Input mailbox

Wide Settings Capabilities

14

ISE Roadmap

ISE for Android

V1.0

November 2014

V1.0

Version 1.0+ Initial version

Version 2.0 (to be confirmed) + Database encryption+ User authentication+ Android version L

Q1 2015

V2.0

September 2014

Thank you!