Bittium Secure Suite™ - End-to-End Mobile Security with Android Devices

Full Set of Services for Device Management and Encryption

Bittium Secure Suite™ is a device management and encryption software that complements secure Bittium Tough Mobile 2 smartphones and other Android devices, with a full and scalable set of software and services. The software and services are both for the smartphone and server side and enable high level of security for communication, data transfer, and device management. Secure Suite requires installation of a server software, which is provided either as a dedicated IT service or hosted by the customer. The combination of Bittium Tough Mobile 2 C smartphone and Bittium Secure Suite has been certified to CONFIDENTIAL security level (NCSA-FI, TL III).

Secured Network Traffic

Efficient Control over Device Fleet

Approved Applications Only

Works in Private and Closed Networks

Highlights of Features Included

Security Built In Layers Together with Tough Mobile 2

Data at rest protected with the world's most secure mobile platform, Bittium Tough Mobile. Security is integrated deep within the hardware and source code to prevent extraction of data.

Data in transit protected with Bittium Secure Suite; encrypted network traffic, mobile device management and mobile application management.

Bittium Secure Suite optional add-ons:

  • Secure VoIP calls and messaging with Bittium Secure Call™
  • Analytics for monitoring field performance
  • Zone for geo-fencing services
  • Licenses for COTS devices
Unique and reliable solution for processing and transferring encrypted and classified material.

Built to Earn Your Trust

Designed to not require trust in third parties or cloud services

Source code audits of security sensitive components

Extensive quality assurance and security testing

Technical Specifications

Mobile VPN Features
  • IPsec, IKEv2 MOBIKE
  • Integrated firewall and IPsec policy
  • Always-on, cannot be bypassed by apps or user
  • Require successful remote attestation for VPN access
  • Per-app and per-container VPN
  • Extensively tested and externally audited code base
  • VPN tunnel for USB tethered traffic

Mobile VPN Crypto
  • CNSA/NSA suite B compatible
  • SHA2-512
  • AES-256, SERPENT
  • Elliptic curve cryptography:
    • ECDH groups 19, 20, 21 (NIST) and 27, 28, 29 and 30 for IKEv2 (Brainpool)
    • ECDSA certificates
  • Hardware accelerated crypto
Mobile Device Management

Centralized, remote management of the Tough Mobile and Android security features from the server.

  • Remote policy update (push)*
  • Remote wipe, lock, and password change*
  • Manage trusted CA certificates*
  • Factory reset protection*
  • Android Enterprise support*
  • SafeMove VPN policy management
  • Device history and audit logs
  • Wi-Fi management: SSID configuration, security policy, credentials
  • Mass provisioning by operators, or self-provisioning by end users

*only for Android devices

Device Policy (Android)
  • Device lock password policy:
    • Numerical, alphanumeric, complex
    • Password length
  • Altogether, it is possible to control
    more than 100 parameters
  • Device wipe after failed password entry
  • Device lock timeout
  • Password expiration time
  • Wallpaper and owner info management
  • Enable/disable:
    • Software from untrusted sources
    • Android Debugging Bridge (ADB)
    • Developer settings
    • Bluetooth
    • Camera
    • MMS send and receive
    • Location services
    • iZat (Qualcomm AGPS)
    • Android connectivity check
    • Volume adjustment
    • Application settings control
    • Cell broadcasts
    • Configuration of device credentials
    • Configuration of mobile networks
    • Tethering
    • Configuration of VPN
    • Configuration of Wi-Fi
    • User-initiated factory reset
    • Apps installation and uninstallation
    • Modify accounts
    • Mount external physical media (USB, SD card)
    • User-initiated network settings reset
    • Outgoing NFC beam
    • Outgoing calls
    • SMS
    • Microphone volume adjustment
    • USB file transfer
    • USB whitelist
Mobile Application Management (Android)
  • Managed private application library from Bittium
  • Managed public application library from Google Play
  • Configuration of 3rd party apps (Android managed configurations)
  • Application install base kept up-to-date
    with new versions and security fixes
Certificate Authority
  • Includes production grade CA system
  • EST and SCEP protocols for certificate enrollment to devices
  • Automatic over-the-air renewal of certificates
  • Integration with external CA systems
Log Server and Visualization
  • Visual log analytics for efficient incident response and even proactive incident avoidance
  • Collecting and analyzing log data for keeping administrators up-to-date on what happens on device and infrastructure side
  • Integrates with Bittium SafeMove® Analytics (optional)
Secure Push Messaging

Secure and scalable push system that can be easily implemented in apps. Familiar API, similar to common cloud messaging systems.

  • Low power requirements
  • Low latency
  • Low bandwidth
  • Can be hosted on customer premises
  • TLS security and optionally VPN
Bittium Secure Call™ (optional)
  • End-to-end encrypted voice calls
  • End-to-end encrypted video calls
  • End-to-end encrypted messages
  • Centralized contact directory
Supported Server Platforms
  • SafeMove Server Appliance
  • Vmware™ virtual appliance
  • Common cloud and virtualization platforms
Supported Client Platforms
  • Android 9 onwards
  • Windows 10 onwards