Your questions – Our answers


Your questions – Our answers

Von der Gemeindeverwaltung über Landkreise und in Städten bis hin zu Bundesbehörden.



What is SecurePIM?

SecurePIM is a container app for secure mobile working. SecurePIM sets up a secure mobile workstation on a smartphone or tablet (iOS or Android), where all important information and data is stored and used within an encrypted container. All data is encryted at rest, as well as in transit. This prevents unauthorized access from outside. E-mails are encrypted according to the S/MIME standard. The app consists of several modules, including the Outlook functions (email, calendar, contacts, tasks, notes), as well as a module for creating, editing and storing documents, a secure browser for accessing intranet pages, for example, a messenger and a secure camera. Easy to use and implement, SecurePIM is the easiest and most secure solution for mobile working.

For whom has SecurePIM been made?

SecurePIM is a solution for government and businesses with a high data security need, who want to provide workers with the same productivity they are used to on mobile and desktop meanwhile being assured that corporate data is safe and under control. Thanks to strict separation of private and business data on the device, SecurePIM is suitable for different enterprise mobility models like “bring your own device” (BYOD) or “corporately owned, personally enabled” (COPE) models. The solution offers different security levels and integrates seamlessly into existing infrastructures. The system solution SecurePIM Government SDS for iOS devices caters to especially high security needs. SecurePIM Government SDS is the only security solution approved by the German Federal Office for Information Security (BSI) to allow the processing and transfer of information classified as “restricted“ (“Ver­schlusssache – nur für den Dienstgebrauch” – VS NfD) on iOS (approval) and Android (pre-approval) devices. In addition, the iOS version has received approval for NATO RESTRICTED.

Which functions does SecurePIM offer?

SecurePIM offers the following functions: email, calendar, contacts, messenger including audio and video calls as well as conferences, document storing, creating and editing, access to fileshare, tasks, notes, encrypted browser for Internet and Intranet and a secure camera.

Depending on your operating system, the SecurePIM version your are using, and your company-specific settings the set of functions available may vary.

Which product variants of SecurePIM are available?

The SecurePIM solution is available in many variations, developed for different infrastructures, devices, mobility strategies, and security levels. In this, the SecurePIM App is available for iOS and Android and is compatible with both HCL Domino and Microsoft Exchange. The solution can also be integrated with an MDM solution (Mobile Device Management solution) or is configured and managed through the SecurePIM Management Portal. Thanks to our unique container-only approach, SecurePIM is flexible to adapt to diverse mobility strategies. Scenarios range from corporate owned devices like COPE (Corporately Owned, Personally Enabled) to BYOD (Bring Your Own Device) as well as mixed models, which combine several approaches.

Virtual Solution has developed solutions with specific security features for businesses with high security needs and for the government sector, SecurePIM Enterprise and SecurePIM Government. The system solution SecurePIM Government SDS includes additional security features to fulfill the highest security standards, for example a smartcard integration, enabling two-factor-authentication, as well as an integration into specific networks. Since Germany’s Federal Office for Information Security (BSI) has granted its final approval for iOS and a pre-approval for Android, the solution now allows processing and transferring information that is classified as “For official use only – VS-NfD”. SecurePIM Government SDS is the only security solution approved by the BSI on iOS and Android devices. Since July 2021, the iOS version has also been approved for NATO RESTRICTED. 

What is so innovative about SecurePIM?

SecurePIM uses the Container technology to protect sensitive information and data on mobile devices. It compiles multiple functionalities in just one application. With the intuitive app, complex encryption processes become one-click-operations. Additionally, SecurePIM Government SDS is the only BSI-certified solution to work mobile with classified data (VS-NfD as well as NATO RESTRICTED) on iPhone and iPad in the government sector. For Android, there is a pre-approval for VS-NfD. SecurePIM is compatible with Microsoft Exchange as well as HCL Domino. SecurePIM is the core of every mobile strategy since it adapts to different infrastructures and conditions, while providing highest security.

On which operating systems does SecurePIM run?

SecurePIM supports mobile phones and tablets with the operating systems iOS, iPadOS and Android.

What makes SecurePIM Government SDS particularly secure?

The solution certified by the BSI is a system solution with several components. In addition to the app a smartcard is integrated. Highly sensitive operations within the SecurePIM app are relocated to the smartcard from the mobile device and are stored encrypted there. All data is securely synchronized with local network servers via a central access to Information Network Berlin-Bonn (IVBB) or other similar networks. Alternatively, the feature “internal smart card” can be used for iOS. It is integrated into the user’s device and allows them to register and log in to SecurePIM. This eliminates the need for an external smart card and the necessary readers to ensure confidentiality, secure data storage, and transmission. When using the internal smart card, only the mobile device and the device PIN is necessary. The solution also uses an approved MDM system for configuration and administration.
The BSI has granted their approval for the SecurePIM Government SDS system solution for iOS-based mobile devices and has given a pre-approval for Android. It can thus as of now be used for the security level “For official use only – VS-NfD”. The iOS version is also now approved for NATO RESTRICTED. The BSI guarantees that sensitive information and data are indeed protected.

Can I use SecurePIM with a smart card?

SecurePIM Government SDS uses a smart card for authentication. The TCOS 3.0 Signature Card Version 2.0 is used as the external smartcard. It can be used with the AirID 1, AirID 2 and AirID 2 mini smart card readers. Contactless use via NFC is also supported. Alternatively, the feature “internal smart card” enables secure mobile working without the use of a physical smart card and readers.


What is TrustDok?

TrustDok is the first ultra-mobile indigo application for editing documents. With it, we extend basic functions such as email, contacts, and calendar with additional collaboration options. This allows classified Office documents and data to be edited, saved, and sent directly from email attachments – with a high level of security. Collaboration with the native iOS apps “Mail” and “Calendar” is seamless. All business data is stored separately from private data in the so-called managed indigo environment.

For whom is TrustDok been made?

TrustDok is primarily aimed at government authorities for whom it is essential that classified information and documents can also be processed securely and efficiently on the move. It is essential that the security of the data is guaranteed, but at the same time a simple and intuitive user interface is available.

Which functions does TrustDok offer?

TrustDok allows documents from other indigo apps to be opened and saved in the managed iNDIGO environment. Sharing with other indigo apps, such as sending by email, is also possible. In addition, new documents can be created, and existing ones edited. Notes and comments can be added. Change tracking of Office documents is also supported.


What is VS IAT?

The Virtual Solution Infrastructure Analysis Tool (VS IAT) is a test application that can be used to test the infrastructure and setup for SecurePIM for possible misconfigurations. It helps to easily detect problems by automatically performing a wide range of configuration tests, and provides detailed information about problems that prevent SecurePIM from working as intended.

For whom has VS IAT been made?

VS IAT is designed for technical support, IT administrators and security engineers.

Which functions does VS IAT offer?

VS IAT offers the possibility to perform setup tests on devices with the help of a series of predefined test runs. In this way, administrators can see, for example, whether the user has the correct network configurations, whether the certificates are correctly installed, valid and trustworthy, or whether the smartcard support is configured correctly.

The following test runs are available:

  • Test for access to EST (Enrollment over secure transport) service and SDS Gateway with SDS-Trusted Root-CA list including smartcard support
  • Test for access to EST Service and SDS Gateway with own Trusted-Root-CA-List incl. smartcard support
  • ActiveSync test (incl. SecurePIM Gateway)
  • Exchange Web Services (EWS) test (incl. SecurePIM Gateway)


What is SecureVPN?

SecureVPN is a companion app for SecurePIM (Android), which enables the establishment of a VPN connection without user interaction via an interface. In case of a mass rollout of Android devices, SecureVPN facilitates the setup of an IPsec IKEv2 VPN. This automates the installation as far as possible.

How does SecureVPN work?

SecureVPN can either be used together with an MDM or with SecurePIM Government SDS in combination with a smartcard. Each time SecurePIM is used, SecureVPN automatically establishes the VPN connection and disconnects it when it is no longer needed.

For use with MDM, SecureVPN must be provided as an Android Enterprise App in MDM. During installation, the VPN key is obtained via MDM. When using SecurePIM Government SDS, the key must be on the smart card so that SecureVPN can obtain it from there.

What is SecureVPN based on?

SecureVPN contains the Open Source software Strongswan vpn client
Changes carried out by Virtual Solution are subject to the GNU GPL v3 license conditions as published by the Free Software Foundation.

The modified version can be obtained by sending an e-mail to support@securepim.com.

SecurePIM Management Portal

What is SecurePIM Management Portal?

The application is managed and configured via the SecurePIM Management Portal, an integrated part of the SecurePIM solution. The SecurePIM Management Portal allows administrators to define security policies for the SecurePIM app and enforce them on mobile devices.

User management and maintenance is also easy. Administrators can add users for both SecurePIM and SecureCOM either manually or through LDAP import, assign different security standards to user groups or departments, and more.

The SecurePIM Management Portal also offers a self-service portal that can be optionally activated. The self-service portal allows users to manage their own mobile devices and easily transfer S/MIME certificates to the mobile devices.

How is the SecurePIM Management Portal operated?

The SecurePIM Management Portal is a Java web application. It runs in an Apache Tomcat with an Apache webserver as frontend. It can be provided as a server component (On-premises) for installation or managed on a server hosted by Materna Virtual Solution GmbH with administrator rights (Cloud).

SecurePIM Gateway

What is SecurePIM Gateway?

The SecurePIM Gateway secures the connection from the app to the IT infrastructure. It checks the identities of the users and only allows pre-verified access via the secure SecurePIM app. Hacker attacks can be avoided in this way, as Exchange servers, for example, are no longer directly connected to the Internet.

This gives users of the SecurePIM app secure and high-performance access to mail and calendar servers, file sharing and web apps. SecurePIM’s hardened browser secures mobile access to internal web-based applications such as knowledge and collaboration tools, support and ticket systems and CRM.

How is the SecurePIM Gateway operated?

The SecurePIM Gateway is installed as an application installed in the demilitarised zone on the server of a company or a government authority.

Do you have further questions?
If you have questions or need more information, please use our contact form. our experts will get in touch with you as soon as possible.

SecurePIM: Test it for free
You would like to test SecurePIM at your company or authority? You can try it  for 30 days for free.