Glossary and FAQ: Mobile Security

SecurePIM is a container solution for secure mobile working. SecurePIM sets up a secure mobile workspace on a smartphone or tablet (iOS or Android), in which all important information and data is stored and used in encrypted form within an isolated container. The data is encrypted both during storage and transmission. This prevents unauthorized access from outside. Emails are encrypted in accordance with the S/MIME standard. The app consists of several modules, including the Outlook functions (e-mail, calendar, contacts, tasks, notes) as well as a module for creating, editing and managing documents, a secure browser for accessing intranet pages, for example, a messenger and a secure camera. Thanks to its ease of use and implementation, SecurePIM is the simplest and most secure solution for mobile working.

SecurePIM is a solution for public authorities and companies with high data protection and data security requirements that want to give employees the opportunity to work productively on the move. Thanks to the strict separation of business and private data on the device, SecurePIM is suitable for mobility models with both private (BYOD) and company-owned (COPE) devices. The solution offers various security levels and can be easily integrated into existing infrastructures. The SecurePIM Government SDS system solution was developed for particularly high security requirements. It is approved by the German Federal Office for Information Security (BSI) and can therefore be used for processing information up to the classification level VS-NfD “classified information – for official use only” (approval for iOS, release recommendation for Android) and NATO RESTRICTED (iOS).

SecurePIM offers the following functions: Email, calendar, contacts, messenger including audio and video calls and conferences, document storage, creation and editing, file share access, tasks, notes, encrypted browser for internet and intranet and a secure camera.

The range of functions may vary depending on your operating system, the SecurePIM version and, if applicable, your internal company settings.

The SecurePIM solution is available in several versions that are designed for a wide range of infrastructures, devices, mobility strategies and security levels. The SecurePIM app is available for iOS and Android and is compatible with HCL Domino and Microsoft Exchange. The solution can also be integrated into an MDM solution (Mobile Device Management solution) or managed and configured via the SecurePIM management portal provided. The container approach makes SecurePIM flexible for various mobile strategies. There are application scenarios with company-owned devices, such as COPE (Corporate-Owned, Personally Enabled) and BYOD (Bring Your Own Device) models, or scenarios in which several models are used in combination.

The SecurePIM Enterprise and SecurePIM Government solutions have been developed with special security features for companies with high data protection and data security requirements, as well as for authorities and local authorities. In order to meet the highest security standards, the SecurePIM Government SDS system solution has additional functions that guarantee even greater security, such as smartcard integration for two-factor authentication and integration into special networks. By receiving official approval (iOS) or the release recommendation (Android) from the German Federal Office for Information Security (BSI), this security solution enables the processing and transmission of classified information with the classification level “Classified information – for official use only (VS-NfD)”. This makes SecurePIM Government SDS the only solution for iOS and Android that has been approved or recommended for release by the BSI for VS-NfD. The iOS version has also been approved for NATO RESTRICTED since July 2021.

SecurePIM uses container technology to protect sensitive information and data on mobile devices, combining various functions in a single app. The user-friendly app turns complex encryption procedures into one-click processes. SecurePIM Government SDS is also the only BSI-approved option for VS-NfD in the government environment and NATO RESTRICTED with the iPhone or iPad. There is also a release recommendation for VS-NfD for Android. SecurePIM is compatible with both Microsoft Exchange and HCL Domino. SecurePIM is at the heart of every mobile strategy, as it can be adapted to different infrastructures and circumstances while offering maximum security.

SecurePIM supports smartphones and tablets with the iOS or iPadOS and Android operating systems.

The BSI-certified solution is a system solution with several components. A smartcard is integrated in addition to the app. Highly sensitive operations within the SecurePIM app are transferred from the mobile device to this smartcard and stored there in encrypted form. The data is synchronized with the servers of the in-house networks via a central access point of the Informationsverbund Berlin-Bonn (IVBB) or similar networks. Alternatively, the “internal smartcard” feature can be used. It is integrated into the mobile device and enables registration and login to SecurePIM. As with the external smartcard, this ensures data confidentiality, secure data storage and data transmission – without the need for an external smartcard and reader. When using the internal smartcard, only the mobile device and the device PIN are required. Finally, an approved MDM system is used for secure configuration and management.

The BSI has granted the SecurePIM Government SDS system solution final approval for use on iOS-based mobile devices and a release recommendation for use on Android mobile devices. It can therefore be used with immediate effect for the classification level “Classified – For official use only”. The iOS version is also approved for NATO RESTRICTED. The BSI is responsible for ensuring that sensitive information and data worthy of protection is actually secure.

SecurePIM Government SDS uses a smart card for authentication. The TCOS 3.0 Signature Card Version 2.0 is used as the external smartcard. It can be used with the AirID 1, AirID 2 and AirID 2 mini smartcard readers. Contactless use via NFC is also supported. Alternatively, the “internal smart card” feature enables secure mobile working without the use of a physical smart card and reader.

TrustDok is the first ultra-mobile indigo application for editing documents. It extends basic functions such as email, contacts and calendar with additional collaboration options. Confidential Office documents and classified data can be edited, saved and sent directly from email attachments – with a high level of security. Collaboration with the native iOS apps “Mail” and “Calendar” is seamless. All business data is stored separately from private data in the so-called managed indigo environment.

TrustDok is primarily aimed at public authorities for whom it is essential that information and documents with confidentiality protection can also be processed securely and efficiently on the move. It is essential that the security of the data is guaranteed, but that a simple and intuitive user interface is available at the same time.

TrustDok can be used to open documents from other indigo apps and save them in the managed indigo environment. Sharing with other indigo apps, such as sending by e-mail, is also possible.

You can also create new documents and edit existing ones. Notes and comments can be added. Change tracking of Office documents is also supported.

SecureVPN is a companion app for SecurePIM (Android) that enables a VPN connection to be established via an interface without user interaction. SecureVPN makes it easier to set up an IPsec IKEv2 VPN during a mass rollout of Android devices. This largely automates the installation process.

SecureVPN can either be used together with Mobile Device Management (MDM) or with SecurePIM Government SDS in conjunction with a smartcard. Every time SecurePIM is used, SecureVPN automatically establishes the VPN connection and disconnects it again when it is no longer needed.

For use with MDM, SecureVPN must be provided as an Android Enterprise app in MDM. During installation, the VPN key is obtained via the MDM. When using SecurePIM Government SDS, the key must be stored on the smartcard so that SecureVPN can obtain it from there.

SecureVPN contains the open source software Strongswan vpn client.
Modifications made by Materna Virtual Solution are subject to the license terms of the GNU GPL v3 as published by the Free Software Foundation.

The modified version can be obtained by sending an e-mail to support@securepim.com.

The application is managed and configured via the SecurePIM Management Portal, an integrated part of the SecurePIM solution. Using the SecurePIM Management Portal, administrators can define security requirements for the SecurePIM app and enforce them on mobile devices.

Managing and maintaining users is also easy. Administrators can add users for both SecurePIM and SecureCOM either manually or via LDAP import, assign user groups or departments with different security standards and much more.

The SecurePIM management portal also offers a self-service portal that can be activated as an option. In the self-service portal, users can manage their own mobile devices and easily transfer S/MIME certificates to the mobile devices.

The SecurePIM Management Portal is a Java web application. It runs in an Apache Tomcat with an Apache web server as the front end. It can be provided for installation as a server component (on-premises) or managed on a server hosted by Materna Virtual Solution GmbH with administrator rights (cloud).

The SecurePIM Gateway secures the connection from the app to the IT infrastructure. It checks the identities of the users and only allows pre-verified access via the secure SecurePIM app. This prevents hacker attacks, as Exchange servers, for example, are no longer directly connected to the internet.

This gives users of the SecurePIM app secure, high-performance access to mail and calendar servers, file sharing and web apps. SecurePIM’s hardened browser secures mobile access to internal web-based applications such as knowledge and collaboration tools, support and ticket systems and CRM.

The SecurePIM Gateway is installed as an application in the demilitarized zone on the server of a company or public authority.

TrustOwl extends the basic functions of Apple indigo with a secure intranet browser. With TrustOwl, employees can use their mobile device for both private and business purposes. Within the managed indigo environment, they can access intranet services, specialist applications and VS-NfD-classified information. Their business and private data are always strictly separated from each other.

TrustOwl is primarily aimed at public authorities for whom it is essential to be able to access information with confidentiality protection securely and efficiently on the move. It is essential that the security of the data is guaranteed, but that a simple and intuitive user interface is available at the same time.

With TrustOwl, employees can access internal resources such as web services and specialist applications – regardless of whether they are in the office or on the move. This enables mobile working with VS-NfD-classified information on internal websites. In addition to an intuitive user interface, TrustOwl has everything a modern mobile browser should have, such as password management, browser history and tab management.