Bittium Secure Suite™ - End-to-End Mobile Security

Full set of services for secure communications for Android and Windows devices.

Device management and encryption software

Bittium Secure Suite is a device management and encryption software that complements secure Bittium Tough Mobile smartphones with a full and scalable set of software and services. Software and services are for both the device and server side and enable high level of security for communication, data transfer and device management.

This combined solution requires installation of a server software, which is provided either as a dedicated IT service or hosted by the customer.

Together with different variants of Bittium Tough Mobile, the combination has been certified up to CONFIDENTIAL security levels (NCSA-FI).

Unique and reliable solution for processing and transferring encrypted and classified material.

Bittium Secure Suite

Mobile Analytics

For analyzing device and connectivity performance

Mobile Device Management

Efficient management and control of your device fleet

Mobile Application Management

Make available only the applications you approve for your users

Secure Call

For encrypted end-to-end communication

SafeMove VPN

Secure your network traffic with the always on VPN

Support for isolated networks

Works in private networks with or without internet access

Full control over remote device fleet

Security Built in Layers

Data at rest protected with the world's most secure mobile platform, Bittium Tough Mobile. Security is integrated deep within the hardware and source code to prevent extraction of data.

Data in transit protected with Bittium Secure Suite; encrypted network traffic, mobile device management and mobile application management.

Bittium Secure Suite optional add-ons:

  • Secure VoIP calls and messaging
  • Analytics for monitoring field performance
  • Zone for geo-fencing services
  • Licenses for COTS devices


Built to earn your trust

Designed to not require trust in third parties or cloud services


Source code audits of security sensitive components

Extensive quality assurance and security testing

Technical Specifications

Open/close section Mobile VPN Features
  • IPsec, IKEv2 MOBIKE
  • Integrated firewall and IPsec policy
  • Always-on, cannot be bypassed by apps or user
  • Require successful remote attestation for VPN access
  • Extensively tested and externally audited code base
Open/close section Mobile VPN Crypto
  • CNSA/NSA suite B compatible
  • SHA2-512
  • AES-256, SERPENT
  • Elliptic curve cryptography:
    • ECDH groups 19, 20, 21 (NIST) and 27, 28, 29 and 30 for IKEv2 (Brainpool)
    • ECDSA certificates
  • RSA keys up to 16k
Open/close section Mobile Device Management

Centralized, remote management of the Tough Mobile and Android security features from the server.

  • Remote policy update (push)
  • SafeMove VPN policy management
  • Remote wipe
  • Remote lock
  • Retrieve device audit log
  • Manage trusted CA certificates
  • Wi-Fi management:
    • SSID configuration
    • Security Policy
    • Credentials
Open/close section Device Policy
  • Device lock password policy:
    • Numerical, alphanumeric, complex
    • Password length
    • Altogether, it is possible to control
      a total of 100 parameters
  • Device wipe after failed password entry
  • Device lock timeout
  • Password expiration time
  • Enable/disable:
    • Software from untrusted sources
    • Android Debugging Bridge (ADB)
    • Developer settings
    • Bluetooth
    • Camera
    • MMS send and receive
    • Location services
    • iZat (Qualcomm AGPS)
    • Android connectivity check
    • Volume adjustment
    • Application settings control
    • Cell broadcasts
    • Configuration of device credentials
    • Configuration of mobile networks
    • Tethering
    • Configuration of VPN
    • Configuration of Wi-Fi
    • User-initiated factory reset
    • Apps installation and uninstallation
    • Modify accounts
    • Mount external physical media (USB, SD card)
    • User-initiated network settings reset
    • Outgoing NFC beam
    • Outgoing calls
    • SMS
    • Microphone volume adjustment
    • USB file transfer
Open/close section Mobile Application Management
  • Managed private application library for
    providing applications to the device
  • Application install base kept up-to-date
    with new versions and security fixes
Open/close section Remote Attestation

Tough Mobile’s cryptographic hardware secure element provides proof that the remote device is exactly as it left the factory and carries unmodified, official firmware. The remote attestation service allows the integrity check to be
used by the MDM, VPN gateway and third
party services.

  • Key hardware and software
    components integrity checked
    remotely via Secure Element
  • Integration to VPN
    access control
  • API for integrating to
    third party services
Open/close section OTA Firmware Update

Full control of which devices are updated, when, and with which firmware

  • Automatic fetching of updates
  • Possible to assign updates per device or group
  • Optionally protected by VPN
Open/close section Log Server and Analytics
  • Visual log analytics for efficient incident response and even proactive incident avoidance
  • Collecting and analyzing log data for keeping administrators up-to-date on what happens on device and infrastructure side
Open/close section Secure Push Messaging

Secure and scalable push system that can be easily implemented in apps. Familiar API, similar to common cloud messaging systems.

  • Low power requirements
  • Low latency
  • Low bandwidth
  • Can be hosted on customer premises
  • TLS security and optionally VPN
Open/close section Supported Server Platforms
  • SMR340 SafeMove Appliance
  • Vmware™ virtual appliance