VCAC_MobileTM is a software solution developed and offered by Future Research Corporation (FRC) which allows physical and logical electronic authentication to secure facilities and networks using managed or unmanaged mobile devices. This is an easy to use solution which replaces current methods such as wired or Bluetooth CAC readers for mobile devices. These current methods are bulky and unpopular, leading to a low adoption rate. Our solution uses Derived PVI credentials which are the PKI certificates contained on currently issues CACs.
- Allows electronic authentication not only to networks using mobile devices, but also to physical facilities
- Eliminates the need for bulky CAC readers attached to mobile devices
- Leverages the existing PVI infrastructure
- Encrypted protection of the PKI certificates while on the mobile devices
- Works on both managed and unmanaged mobile devices
- Allows access to secure web sites and enterprise webmail
- Enables the use of mobile devices as a thin client
- Does not store government data on mobile devices
- Micro Hypervisor and Secure App Workspace
- Enterprise e-mail support for Microsoft Exchange
- SMTP Support
- VDI Infrastructure Support
- Integrated Mobile VPN Support
Mobile Devices and Technologies
In recent years mobile devices, such as smart phones and tablets, have dramatically disrupted the IT industry. The unique set of security features and constraints of mobile devices, combined with the different way in which we use and secure mobile devices relative to traditional desktop and laptop computers necessitates the identification and standardization of alternative electronic authentication mechanisms. Derived PVI credentials have the advantage of leveraging current identity management infrastructures, which saves time and money in deploying mobile device authentication.
Personal Identity Verification (PIV) Infrastructure
PIV Cards and their supporting infrastructure was initiated by Homeland Security Presidential Directive-12 (HSPD-12), which mandated a common identification standard to enhance security and promote interoperability. To meet the goals outlined in HSPD-12, the PIV Card was designed to be interoperable across the federal government – both for physical access to government facilities and logical access to Federal information systems. The PIV Card contains several identity credentials supported by a public key infrastructure (PKI) to provide strong identity assurance in an interoperable manner. Our software solution leverages the considerable time and expense spent establishing this PIV infrastructure.
Derived PIV Credentials
Derived credentials leverage identity proofing and vetting processes of a user’s primary credential. For the purpose of PIV, possession of a valid PIV Card is the basis to issue Derived PIV Credentials for mobile devices. To achieve interoperability with the PIV infrastructure and its applications, Derived PIV Credentials are PKI-credentials. The goal of the Derived PIV Credential is to allow for PIV-enabled e-authentication services from mobile devices to remote systems.
Managed and unmanaged mobile devices.
To be able to authenticate a device whether or not it is already managed by a network server will allow significant cost savings. The recent “bring you own device” (BYOD) craze and cloud-based network management has made this easier than it would have been in the past. Key technology enablers in making this possible are encryption of PKI-credentials stored on the device, along with techniques which do not allow for the storage of sensitive data on the mobile device.
Virtual thin client solutions.
A physical thin client is essentially a box that allows a user to connect to the network and use enterprise versions of applications that use data that sits on a server. The box itself is usually nothing more than some ports for network, monitor, and input devices. A virtual thin client is a piece of software that allows a regular computer to function as a thin client for a certain network. In effect, your mobile device would have access to network services as if it were a client connected through a LAN port.