Embed Size (px)
DESCRIPTION
OpenTrust CMS Mobile manages mobile certificates –As an MDM companion •OpenTrust CMS Mobile acts as a credential bureau
Citation preview
OpenTrust CMS Mobile2.0
Export trust to your mobile devices
Product Overview
© OpenTrust - All rights reserved.
Mobile Enterprise
Mobile devices are now ubiquitous and the favored access point into corporate networks
– Always online– Access to key corporate resources from anywhere– Find key pieces of information at the point of decision-
making
2
© OpenTrust - All rights reserved.
Mobile Security Issues
Mobile Security focuses around:– Protecting data-at-rest– Authenticating end-points, encrypting traffic
zz
3
© OpenTrust - All rights reserved.
Protecting Mobile Networks
Common Use Cases:– VPN, Wi-Fi, MS Exchange authentication with X.509– SSL with client-side certificate in browser– Email protection with S/MIME– Corporate apps
zz
4
© OpenTrust - All rights reserved.
Mobile PKI Support
VPN Wi-Fi S/MIME SSL authentication
Hardware key store
Blackberry
iOS 6
Android 4
Mobile PKI capabilities as of Oct 2013
5
© OpenTrust - All rights reserved.
Distributing X.509 certificates
OpenTrust CMS Mobile manages mobile certificates– Direct-to-mobile
• iOS using native certificate provisioning capabilities• BlackBerry using OpenTrust enrollment agent• Other devices by issuing a single identity (certificate and private
key) through HTTPS
OpenTrust CMS Mobile
OpenTrust PKI
6
© OpenTrust - All rights reserved.
Distributing X.509 certificates
OpenTrust CMS Mobile manages mobile certificates– Direct-to-mobile
• Only for X.509 credentials, potentially with their usage• Ok for small volumes and homogeneous platforms• Distribute certificates to non-corporate devices
OpenTrust CMS Mobile
OpenTrust PKI
7
© OpenTrust - All rights reserved.
Defining enrollment profiles
8
© OpenTrust - All rights reserved.
iOS enrollment
9
© OpenTrust - All rights reserved.
S/MIME on iOS5
10
© OpenTrust - All rights reserved.
Generic Enrollment
11
© OpenTrust - All rights reserved.
Distributing X.509 certificates
Mobile Device ManagerOpenTrust CMS
Mobile
OpenTrust PKI
OpenTrust CMS Mobile manages mobile certificates– As an MDM companion
• OpenTrust CMS Mobile acts as a credential bureau
12
© OpenTrust - All rights reserved.
Distributing X.509 certificates
Why an MDM companion?
– Little or no support for X.509 certificates– Little or no support for credential revocation– Little or no support for root CA management– No decentralized enrollments– No credential batch, e.g. for S/MIME– No support for multiple encryption certificates
13
© OpenTrust - All rights reserved.
Distributing X.509 certificates
OpenTrust CMS Mobile manages mobile certificates– As an MDM companion
Four-point API offered to MDM vendors:• enroll()• revoke()• info()• list()
14
© OpenTrust - All rights reserved.
Distributing X.509 certificates
OpenTrust CMS Mobile offers:– Support for individual certificate enrollment/revocation– Root CA certificate download– Centralized/Decentralized enrollments– Credential batches– Key recovery and multiple encryption certificates
• Additionally, Mobile Device Managers enjoy:– Independence from backend PKI– Network and role separation
15
© OpenTrust - All rights reserved.
Device Enrollment
Mobile Device Manager
mid = enroll(userid, profile)
PKI ServerOpenTrust CMS for Mobile
Request for this user/profile:- P12- Root CAsPrepare SCEP requests
credentials
P12 + CAs + SCEP + mid
Incoming SCEP from devices
16
© OpenTrust - All rights reserved.
Device Revocation
revoke(mid)Revoke certificates:- Authentication- Signature- Encryption
acknowledgeacknowledge
Mobile Device Manager
PKI ServerOpenTrust CMS for Mobile
17
Thanks for your attention.
11-13 rue René Jacques - 92131 Issy-les-Moulineaux Cedex -France
+33 (0)1 55 64 22 00 - www.opentrust.com
Musaad Al-Saleh Bldg.Soor Street, Al-Sharq, KuwaitP.O.Box: 5113,Safat 13052,Kuwait.TEL: (+965) 2241 7966/5/7FAX: 2459019WEB: www.kcs.com.kwEMAIL: [email protected]
