OpenTRUST CMS Mobile Authentication Solution
-
Upload
kuwait-computer-services -
Category
Technology
-
view
138 -
download
2
description
Transcript of OpenTRUST CMS Mobile Authentication Solution
![Page 1: OpenTRUST CMS Mobile Authentication Solution](https://reader034.fdocuments.us/reader034/viewer/2022052600/557a306ad8b42a48458b53da/html5/thumbnails/1.jpg)
OpenTrust CMS Mobile2.0
Export trust to your mobile devices
Product Overview
![Page 2: OpenTRUST CMS Mobile Authentication Solution](https://reader034.fdocuments.us/reader034/viewer/2022052600/557a306ad8b42a48458b53da/html5/thumbnails/2.jpg)
© OpenTrust - All rights reserved.
Mobile Enterprise
Mobile devices are now ubiquitous and the favored access point into corporate networks
– Always online– Access to key corporate resources from anywhere– Find key pieces of information at the point of decision-
making
2
![Page 3: OpenTRUST CMS Mobile Authentication Solution](https://reader034.fdocuments.us/reader034/viewer/2022052600/557a306ad8b42a48458b53da/html5/thumbnails/3.jpg)
© OpenTrust - All rights reserved.
Mobile Security Issues
Mobile Security focuses around:– Protecting data-at-rest– Authenticating end-points, encrypting traffic
zz
3
![Page 4: OpenTRUST CMS Mobile Authentication Solution](https://reader034.fdocuments.us/reader034/viewer/2022052600/557a306ad8b42a48458b53da/html5/thumbnails/4.jpg)
© OpenTrust - All rights reserved.
Protecting Mobile Networks
Common Use Cases:– VPN, Wi-Fi, MS Exchange authentication with X.509– SSL with client-side certificate in browser– Email protection with S/MIME– Corporate apps
zz
4
![Page 5: OpenTRUST CMS Mobile Authentication Solution](https://reader034.fdocuments.us/reader034/viewer/2022052600/557a306ad8b42a48458b53da/html5/thumbnails/5.jpg)
© OpenTrust - All rights reserved.
Mobile PKI Support
VPN Wi-Fi S/MIME SSL authentication
Hardware key store
Blackberry
iOS 6
Android 4
Mobile PKI capabilities as of Oct 2013
5
![Page 6: OpenTRUST CMS Mobile Authentication Solution](https://reader034.fdocuments.us/reader034/viewer/2022052600/557a306ad8b42a48458b53da/html5/thumbnails/6.jpg)
© OpenTrust - All rights reserved.
Distributing X.509 certificates
OpenTrust CMS Mobile manages mobile certificates– Direct-to-mobile
• iOS using native certificate provisioning capabilities• BlackBerry using OpenTrust enrollment agent• Other devices by issuing a single identity (certificate and private
key) through HTTPS
OpenTrust CMS Mobile
OpenTrust PKI
6
![Page 7: OpenTRUST CMS Mobile Authentication Solution](https://reader034.fdocuments.us/reader034/viewer/2022052600/557a306ad8b42a48458b53da/html5/thumbnails/7.jpg)
© OpenTrust - All rights reserved.
Distributing X.509 certificates
OpenTrust CMS Mobile manages mobile certificates– Direct-to-mobile
• Only for X.509 credentials, potentially with their usage• Ok for small volumes and homogeneous platforms• Distribute certificates to non-corporate devices
OpenTrust CMS Mobile
OpenTrust PKI
7
![Page 8: OpenTRUST CMS Mobile Authentication Solution](https://reader034.fdocuments.us/reader034/viewer/2022052600/557a306ad8b42a48458b53da/html5/thumbnails/8.jpg)
© OpenTrust - All rights reserved.
Defining enrollment profiles
8
![Page 9: OpenTRUST CMS Mobile Authentication Solution](https://reader034.fdocuments.us/reader034/viewer/2022052600/557a306ad8b42a48458b53da/html5/thumbnails/9.jpg)
© OpenTrust - All rights reserved.
iOS enrollment
9
![Page 10: OpenTRUST CMS Mobile Authentication Solution](https://reader034.fdocuments.us/reader034/viewer/2022052600/557a306ad8b42a48458b53da/html5/thumbnails/10.jpg)
© OpenTrust - All rights reserved.
S/MIME on iOS5
10
![Page 11: OpenTRUST CMS Mobile Authentication Solution](https://reader034.fdocuments.us/reader034/viewer/2022052600/557a306ad8b42a48458b53da/html5/thumbnails/11.jpg)
© OpenTrust - All rights reserved.
Generic Enrollment
11
![Page 12: OpenTRUST CMS Mobile Authentication Solution](https://reader034.fdocuments.us/reader034/viewer/2022052600/557a306ad8b42a48458b53da/html5/thumbnails/12.jpg)
© OpenTrust - All rights reserved.
Distributing X.509 certificates
Mobile Device ManagerOpenTrust CMS
Mobile
OpenTrust PKI
OpenTrust CMS Mobile manages mobile certificates– As an MDM companion
• OpenTrust CMS Mobile acts as a credential bureau
12
![Page 13: OpenTRUST CMS Mobile Authentication Solution](https://reader034.fdocuments.us/reader034/viewer/2022052600/557a306ad8b42a48458b53da/html5/thumbnails/13.jpg)
© OpenTrust - All rights reserved.
Distributing X.509 certificates
Why an MDM companion?
– Little or no support for X.509 certificates– Little or no support for credential revocation– Little or no support for root CA management– No decentralized enrollments– No credential batch, e.g. for S/MIME– No support for multiple encryption certificates
13
![Page 14: OpenTRUST CMS Mobile Authentication Solution](https://reader034.fdocuments.us/reader034/viewer/2022052600/557a306ad8b42a48458b53da/html5/thumbnails/14.jpg)
© OpenTrust - All rights reserved.
Distributing X.509 certificates
OpenTrust CMS Mobile manages mobile certificates– As an MDM companion
Four-point API offered to MDM vendors:• enroll()• revoke()• info()• list()
14
![Page 15: OpenTRUST CMS Mobile Authentication Solution](https://reader034.fdocuments.us/reader034/viewer/2022052600/557a306ad8b42a48458b53da/html5/thumbnails/15.jpg)
© OpenTrust - All rights reserved.
Distributing X.509 certificates
OpenTrust CMS Mobile offers:– Support for individual certificate enrollment/revocation– Root CA certificate download– Centralized/Decentralized enrollments– Credential batches– Key recovery and multiple encryption certificates
• Additionally, Mobile Device Managers enjoy:– Independence from backend PKI– Network and role separation
15
![Page 16: OpenTRUST CMS Mobile Authentication Solution](https://reader034.fdocuments.us/reader034/viewer/2022052600/557a306ad8b42a48458b53da/html5/thumbnails/16.jpg)
© OpenTrust - All rights reserved.
Device Enrollment
Mobile Device Manager
mid = enroll(userid, profile)
PKI ServerOpenTrust CMS for Mobile
Request for this user/profile:- P12- Root CAsPrepare SCEP requests
credentials
P12 + CAs + SCEP + mid
Incoming SCEP from devices
16
![Page 17: OpenTRUST CMS Mobile Authentication Solution](https://reader034.fdocuments.us/reader034/viewer/2022052600/557a306ad8b42a48458b53da/html5/thumbnails/17.jpg)
© OpenTrust - All rights reserved.
Device Revocation
revoke(mid)Revoke certificates:- Authentication- Signature- Encryption
acknowledgeacknowledge
Mobile Device Manager
PKI ServerOpenTrust CMS for Mobile
17
![Page 18: OpenTRUST CMS Mobile Authentication Solution](https://reader034.fdocuments.us/reader034/viewer/2022052600/557a306ad8b42a48458b53da/html5/thumbnails/18.jpg)
Thanks for your attention.
11-13 rue René Jacques - 92131 Issy-les-Moulineaux Cedex -France
+33 (0)1 55 64 22 00 - www.opentrust.com
Musaad Al-Saleh Bldg.Soor Street, Al-Sharq, KuwaitP.O.Box: 5113,Safat 13052,Kuwait.TEL: (+965) 2241 7966/5/7FAX: 2459019WEB: www.kcs.com.kwEMAIL: [email protected]