Bittium Secure Suite™

Full set of services for secure communications with Bittium Tough Mobile product family's secure smartphones

Overview

Bittium Secure Suite is a device management and encryption software product that complements Bittium Tough Mobile product family's secure smartphones with a full and scalable set of software and services. The software and services are for both the device and server side and enable high level of security for communication, data transfer and device management. Bittium Tough Mobile smartphones together with Bittium Secure Suite form a unique and reliable solution for processing and transferring encrypted and classified material. Together with different variants of the Tough Mobile, the combination has been certified to RESTRICTED and CONFIDENTIAL security levels (NCSA-FI).

Data in Transit Protected

Bittium Secure Suite complements Bittium Tough Mobile product family's secure smartphones with for example encrypted network traffic, mobile device management and mobile application management making it the perfect secure mobile communication solution.

Solution Overview

Bittium Secure Suite together with the secure Bittium Tough Mobile smartphones creates a network-wide secure zone that provides encrypted access to your organization's confidential data and services. This secure zone can be deployed either on public internet or private networks as the solution has no dependency on the public internet services. It can be hosted entirely by your organization, according to the security standards of your premises and without any backdoors.

 

Technical Specifications

Open/close section Mobile VPN Features
  • IPsec, IKEv2
  • Integrated firewall
  • Always-on, cannot be bypassed by apps or user
  • Require successful remote attestation for VPN access
  • Extensively tested and externally audited code base
Open/close section Mobile VPN Crypto
  • CNSA/NSA suite B compatible
  • SHA2-512
  • AES-256, SERPENT
  • Elliptic curve cryptography:
    • ECDH groups 19, 20, 21 (NIST) and 27, 28, 29 and 30 for IKEv2 (Brainpool)
    • ECDSA certificates
  • RSA keys up to 16k
Open/close section Mobile Device Management

Centralized, remote management of the Tough Mobile and Android security features from the server.

  • Remote policy update (push)
  • SafeMove VPN policy management
  • Remote wipe
  • Remote lock
  • Retrieve device audit log
  • Manage trusted CA certificates
  • Wi-Fi management:
    • SSID configuration
    • Security Policy
    • Credentials
Open/close section Device Policy
  • Device lock password policy:
    • Numerical, alphanumeric, complex
    • Password length
    • Altogether, it is possible to control
      a total of 100 parameters
  • Device wipe after failed password entry
  • Device lock timeout
  • Password expiration time
  • Enable/disable:
    • Software from untrusted sources
    • Android Debugging Bridge (ADB)
    • Developer settings
    • Bluetooth
    • Camera
    • MMS send and receive
    • Location services
    • iZat (Qualcomm AGPS)
    • Android connectivity check
    • Volume adjustment
    • Application settings control
    • Cell broadcasts
    • Configuration of device credentials
    • Configuration of mobile networks
    • Tethering
    • Configuration of VPN
    • Configuration of WiFi
    • User-initiated factory reset
    • Apps installation and uninstallation
    • Modify accounts
    • Mount external physical media (USB, SD card)
    • User-initiated network settings reset
    • Outgoing NFC beam
    • Outgoing calls
    • SMS
    • Microphone volume adjustment
    • USB file transfer
Open/close section Mobile Application Management
  • Managed private application library for
    providing applications to the device
  • Application install base kept up-to-date
    with new versions and security fixes
Open/close section Remote Attestation

Tough Mobile’s cryptographic hardware, TPM (Trusted Platform Module), provides proof that the remote device is exactly as it left the factory and carries unmodified, official firmware. The remote attestation service allows the integrity check to be
used by the MDM, VPN gateway and third
party services.

  • Key hardware and software
    components integrity checked
    remotely via TPM
  • Integration to VPN
    access control
  • API for integrating to
    third party services
Open/close section OTA Firmware Update

Full control of which devices are updated, when, and with which firmware

  • Automatic fetching of updates
  • Possible to assign updates per device or group
  • Optionally protected by VPN
Open/close section Log Server
  • Visual log analytics for efficient incident response and even proactive incident avoidance
  • Collecting and analyzing log data for keeping administrators up-to-date on what happens on device and infrastructure side
Open/close section Secure Push Messaging

Secure and scalable push system that can be easily implemented in apps. Familiar API, similar to common cloud messaging systems.

  • Low power requirements
  • Low latency
  • Low bandwidth
  • Can be hosted on customer premises
  • TLS security and optionally VPN
Open/close section Supported Server Platforms
  • SMR330 SafeMove Appliance
  • Vmware™ virtual appliance