• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] Apple pushes to gain more enterprise users with launch of 'iPhone in Business' webpage
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Apple pushes to gain more enterprise users with launch of 'iPhone in Business' webpage

  • Subject: Re: [Fed-Talk] Apple pushes to gain more enterprise users with launch of 'iPhone in Business' webpage
  • From: Paul Nelson <email@hidden>
  • Date: Thu, 26 Apr 2012 08:15:07 -0500
Our PKard Reader is a "monolithic" app because it does not rely much on the base iOS frameworks.  In fact, it does not use the Security framework at all.  We are working on an SDK and we have some design complete.  While I don't want to say too much about this, I can tell you that one of our design goals is to keep app developers from having to talk to a smart card reader directly in their sandbox.  This is an important goal because it allows apps to leverage smart cards and still be able to get apps approved for the App store.  When your app uses a hardware accessory, you have to do a lot of extra things to get it approved.
This will also allow updates for card reader stuff to come from Thursby without your other security based apps having to be updated when new readers come out.  For example, an app that gives you a slick SharePoint interface can get you authenticated to the server and protect data at rest, but when new readers come out, it doesn't need to be updated.

Remember that while apps are pretty well sandboxed by iOS, there is nothing to prevent them from talking to each other.  The hard part is to provide a good user experience.

Our SDK will most certainly provide developers with a pre-built version of OpenSSL that is FIPS certified also, along with directions for fingerprinting your app so it will pass the FIPS self test.  There is some cool stuff in there to make transparent https connections that are authenticated using a smart card.  For example, many of Apple's API can take a URL as a data source for loading an array or dictionary.  With the SDK, you can use those API to fetch from an https url transparently, and with very little extra code.

Beyond that, I would like to get feedback on our SDK, but right now that can't happen on this open forum.  Contact me off line!

Data at rest is a tricky business.  When I first started working with iOS, I assumed that other apps do not have access to the files in my sandbox.  This is true for the most part, but if my app allows iOS to open a document (like the mail app does), my document can be copied into another app sandbox.  When this happens, I lose control of the data.  We made PKard Reader to be as "safe" as possible in this regard.  Data received while browsing the web using https is only kept in memory and we provide a secure reset function that clears everything out of memory.

If you have a difficult data at rest problem you need to solve, you should take a look at what Good is doing on iOS.
http://www.goodforgov.com

Apple's latest way of addressing data at rest only protects the data using the device unlock passcode.  It has been shown how easy it is to get this passcode from a device using an offline attack.  In addition, law enforcement has the ability to get around this too.  Not saying that is bad, just that if they can, so can well motivated hackers.

Paul


On Apr 26, 2012, at 7:36 AM, Miller, Timothy J. wrote:

> On 4/25/12 4:23 PM, "Klumpe, Herb W Civ USAF AFMC AFRL/RIGB"
> <email@hidden> wrote:
>
>> Hi,
>>
>> I already have a Bluetooth CAC reader "sled" for my Blackberry - will your
>> PKard Reader be able to enable its use?  Or even a new software item
>> "PKard
>> BT-Reader" for $$fee on the App Store, so Thursby still makes a few bucks
>> if
>> we don't buy your hardware; but utilize your software?
>>
>> I would bet there are many of us BB users who would consider migration!
>
> Bear in mind that Thursby isn't selling a general "PK-enable iOS" app.
> Thursby's app contains an embedded browser, but Apple's application
> sandbox prevents *any* app from extending the platform.  Thursby's app is
> essentially just a demonstrator for their PKI/smartcard iOS SDK, which is
> intended for developers to use to *embed* PKI and smart card support in
> their apps.
>
> In addition, there are issues of securing cached or downloaded data within
> the app sandbox, which IIRC aren't addressed by Thursby's SDK.
>
> -- T
>
>


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Re: [Fed-Talk] Apple pushes to gain more enterprise users with launch of 'iPhone in Business' webpage (From: "Miller, Timothy J." <email@hidden>)

  • Prev by Date: Re: [Fed-Talk] Apple pushes to gain more enterprise users with launch of 'iPhone in Business' webpage
  • Next by Date: Re: [Fed-Talk] Apple pushes to gain more enterprise users with launch of ‘iPhone in Business’ webpage
  • Previous by thread: Re: [Fed-Talk] Apple pushes to gain more enterprise users with launch of 'iPhone in Business' webpage
  • Next by thread: [Fed-Talk] Not Mac-related, but FYI for all fed, including mil
  • Index(es):
    • Date
    • Thread