We Put a Smart Card Inside a Mobile Device
Author: Mike Moir, Technology Alliance Manager, Entrust Datacard
Let’s state the obvious; mobile devices are awesome. Answers to all of your questions and needs are at your fingertips. From doing something as simple as checking the weather to more complicated tasks such as completing business transactions away from your desk, mobile devices have empowered users and become an integral part of our daily lives. And behind the scenes, customization around apps, operating systems and device formats have been created to match every preference, for us, the users.
But what about IT?
For the IT department though, mobile devices have created some challenges. Long gone are the days of protecting the enterprise and your users inside of the firewall, and issuing company-owned devices that you had control over. In today’s perimeter-less world, you are faced with challenges such as:
- How do I manage those mobile devices?
- What about my desktops?
- How do I know who is using what device and what are they accessing?
- What applications should I allow and how do I manage them?
And on top of finding answers to securing your enterprise and users, while still enabling a streamlined and frictionless user experience, some authentication methods just don’t work with mobile devices.
Smart Cards have been a main stay of security-conscious organizations for a long time. Those plastic cards with digital certificates embedded on them that allow the user to authenticate themselves to their desktops and applications, access buildings and perform transactions such as encryption and digitally signing documents. Secure, easy to use with minimal friction to the users. Just insert them into the smart card reader and enter your secret PIN. Works great until you to move to a mobile-centric platform. Then, enter the smart card into the… oh, that doesn’t work. But you may have already invested in smart cards, and you can’t just abandon them. What do you do?
VMware and Entrust Datacard, as a part of the VMware Mobile Security Alliance, have teamed up to bring you the solution.The Entrust Datacard Mobile Smart Credential is essentially a smart card that’s digitally embedded on the mobile device. It provides all the features and benefits of a smart card, but no physical card to carry, and no expensive and cumbersome smart card readers. VMware Workspace ONE, powered by Airwatch unified endpoint management, allows you to manage all of your devices – from mobile phones to desktops to the applications running on the devices from a single digital workspace platform. Combining Workspace ONE with Entrust Datacard Mobile Smart Credential provides a way to leverage mobile devices while maintaining control of what devices are used, who uses them and how they are being used for business applications.
And it gets better. The integrated solution helps you bootstrap the process of implementing a Mobile Smart Credential program. Verifying the identity of an existing user prior to issuing a new credential is imperative to maintain your security posture. But at the same time, it can be expensive, creates user friction and is frustrating since you’ve already verified their identity before issuing their existing credential. Through the Entrust IdentityGuard Self Service Module in conjunction with the VMware PIV-D Manager app, you can leverage the existing credential to verify the user’s identity and quickly and securely issue them a new certificate based Mobile Smart Credential. The best part – users can do it themselves when it suits them. There is no need for an administrator to be involved – unless you want them to of course!
For US Federal Government organizations that use PIV credentials, this solution is certified for use by US Federal Gov’t agencies needing to issued Derived PIV Credentials to comply with NIST 800-156 Guidelines for Derived PIV Credentials.
So now that you have a Mobile Smart Credential on your mobile device what does that allow you to do?
- Use your mobile device to do all the things you can do on a desktop and more
- Securely browse to get the information you need in the field
- Communicate sensitive information securely
- Digitally sign documents, reports etc in the field for greater efficiency and user satisfaction
- Use more of the corporate applications that you haven’t had access to
There is always a drawback, so what can’t you do?
- Show off your 15 character password to your friends – You don’t need one
- Carry a fancy token, smart card or other authenticator in your pocket – it isn’t required
VMware and Entrust Datacard have brought their expertise together to help to make mobile devices more usable while maintaining the control and security demanded by organizations today. And we’re just getting started…
To see how this works in action come and visit us at VMworld 2018 at the Entrust Datacard Booth #2419 in the Mobility Zone. Get an overview, see a demo of pretty cool Bluetooth proximity login and talk to the experts on how it can help. You can also watch an informative webcast at https://info.entrustdatacard.com/vmware-nist-pivd