Bittium Secure Suite™

Full set of services for secure communications with Bittium Tough Mobile smartphones.

Comprehensive End-to-End Mobile Security

Bittium Secure Suite is a device management and encryption software that complements secure Bittium Tough Mobile smartphones with a full and scalable set of software and services. Software and services are for both the device and server side and enable high level of security for communication, data transfer and device management.

This combined solution is available for both private and public organizations and scales up from 10 to thousands of users. It requires installation of a server software, which is provided either as a dedicated IT service or hosted by the customer.

Together with different variants of Bittium Tough Mobile, the combination has been certified up to CONFIDENTIAL security levels (NCSA-FI).

Unique and reliable solution for processing and transferring encrypted and classified material.

Bittium Secure Suite includes

Bittium SafeMobile Mobile VPN

Secure your network traffic with the always on VPN

Device Management

Efficient management and control of your device fleet

Mobile Application Management

Make available only the applications you approve for your users

Remote attestation

Prevent data leaks by granting access to critical information only for those devices whose integrity is remotely attested

Secure push service

Allow your apps to reach your devices without the risks of public clouds

OTA firmware update

Avoid data breaches with latest updates for Bittium Tough Mobiles

Log server

Collect an undeniable audit trail from your devices and server components, visualize log data

Full control over remote device fleet.

Security Built in Layers

Data at rest protected with the world's most secure mobile platform, Bittium Tough Mobile. Security is integrated deep within the hardware and source code to prevent extraction of data.

Data in transit protected with Bittium Secure Suite; encrypted network traffic, mobile device management and mobile application management.

Bittium Secure Suite optional add-ons:

  • Secure VoIP calls and messaging
  • Analytics for monitoring field performance
  • Zone for geo-fencing services
  • Licenses for COTS devices


Built to earn your trust

Designed to not require trust in third parties or cloud services


Source code audits of security sensitive components

Extensive quality assurance and security testing

Technical Specifications

Open/close section Mobile VPN Features
  • IPsec, IKEv2 MOBIKE
  • Integrated firewall and IPsec policy
  • Always-on, cannot be bypassed by apps or user
  • Require successful remote attestation for VPN access
  • Extensively tested and externally audited code base
Open/close section Mobile VPN Crypto
  • CNSA/NSA suite B compatible
  • SHA2-512
  • AES-256, SERPENT
  • Elliptic curve cryptography:
    • ECDH groups 19, 20, 21 (NIST) and 27, 28, 29 and 30 for IKEv2 (Brainpool)
    • ECDSA certificates
  • RSA keys up to 16k
Open/close section Mobile Device Management

Centralized, remote management of the Tough Mobile and Android security features from the server.

  • Remote policy update (push)
  • SafeMove VPN policy management
  • Remote wipe
  • Remote lock
  • Retrieve device audit log
  • Manage trusted CA certificates
  • Wi-Fi management:
    • SSID configuration
    • Security Policy
    • Credentials
Open/close section Device Policy
  • Device lock password policy:
    • Numerical, alphanumeric, complex
    • Password length
    • Altogether, it is possible to control
      a total of 100 parameters
  • Device wipe after failed password entry
  • Device lock timeout
  • Password expiration time
  • Enable/disable:
    • Software from untrusted sources
    • Android Debugging Bridge (ADB)
    • Developer settings
    • Bluetooth
    • Camera
    • MMS send and receive
    • Location services
    • iZat (Qualcomm AGPS)
    • Android connectivity check
    • Volume adjustment
    • Application settings control
    • Cell broadcasts
    • Configuration of device credentials
    • Configuration of mobile networks
    • Tethering
    • Configuration of VPN
    • Configuration of Wi-Fi
    • User-initiated factory reset
    • Apps installation and uninstallation
    • Modify accounts
    • Mount external physical media (USB, SD card)
    • User-initiated network settings reset
    • Outgoing NFC beam
    • Outgoing calls
    • SMS
    • Microphone volume adjustment
    • USB file transfer
Open/close section Mobile Application Management
  • Managed private application library for
    providing applications to the device
  • Application install base kept up-to-date
    with new versions and security fixes
Open/close section Remote Attestation

Tough Mobile’s cryptographic hardware secure element provides proof that the remote device is exactly as it left the factory and carries unmodified, official firmware. The remote attestation service allows the integrity check to be
used by the MDM, VPN gateway and third
party services.

  • Key hardware and software
    components integrity checked
    remotely via Secure Element
  • Integration to VPN
    access control
  • API for integrating to
    third party services
Open/close section OTA Firmware Update

Full control of which devices are updated, when, and with which firmware

  • Automatic fetching of updates
  • Possible to assign updates per device or group
  • Optionally protected by VPN
Open/close section Log Server and Analytics
  • Visual log analytics for efficient incident response and even proactive incident avoidance
  • Collecting and analyzing log data for keeping administrators up-to-date on what happens on device and infrastructure side
Open/close section Secure Push Messaging

Secure and scalable push system that can be easily implemented in apps. Familiar API, similar to common cloud messaging systems.

  • Low power requirements
  • Low latency
  • Low bandwidth
  • Can be hosted on customer premises
  • TLS security and optionally VPN
Open/close section Supported Server Platforms
  • SMR340 SafeMove Appliance
  • Vmware™ virtual appliance