Richard J. Newhook

Password-based mobile access, alternatives and experiences

In current networked organizations, the rise of mobile devices has become not just a nice-to-have, but is now necessary and expected by users. It is no longer feasible for most organizations to simply reject access to mobile devices; instead, they must now look towards crafting policies and technologies to manage their presence and also protect internal resources. Commonly, most network resource actions are controlled largely via the username and password pair. This may suffice in closed, relatively limited environments. However, this paradigm is largely incompatible with mobile technologies, with issues such as user friendliness problems, bleeding of security mechanisms into personally owned equipment, and an all-or-nothing access model. In this paper we discuss the shortcomings of the user/password access model, and describe our experiences in alternative access systems with an eye to mobile device presence. We describe methods for a passwordless activation and authorization systems, application design patterns that account for mobile-specific security concerns, and a more nuanced, fine-grained trust system to ensure badly behaved mobile devices are limited in the damage they can cause.

Real-time experience techniques for collaborative tools on mobile

Mobile is no longer an extended equipment in the enterprise assets. They are being placed to the center of enterprise architectures and its role is being redefined in the way thats promoting mobile device as a mainstream in revenue generating of the organization. People have been getting connected to the online world day by day and there has been always a need for them to have ability to work remotely, collaboratively together on a same piece of work in a real-time manner. With the moving of mobile to the mainstream of the organization, the need is also transformed into mobile landscape. Fast, Real-time are two responding levels have been being pursued in building up such collaborative solutions now even more critical because mobile users tend to require a sense of immediacy, for employees to work with each other as well as with customers, partners to effectively convey information. In this paper we would discuss the architectural proposal for the problem with an experimented use case of building up a virtual Whiteboard solution with the involvement of HTML5, Hybrid mobile app approach and Node.JS.

Techniques and real world experiences in mobile device security

Mobile devices have become ubiquitous in todays technology-enabled organization. Not only have they become commonplace, many business practices have not only matured to support mobile interaction, but embraced it at all levels, culminating in a rising “mobile first” philosophy throughout the organization. With this rise in mobile presence, however, comes significant challenges. The rise of “Bring Your Own Device” (BYOD) brings new requirements on organizations, including new approaches to security, data protection and information flows. It no longer suffices to craft organizational policies and procedures around wholly-owned corporate devices; todays security policy makers must craft more flexible and dynamic systems that can support privately- owned devices. Here in this paper, we discuss the many different factors and considerations that go into approaching security for mobile devices in an organization, not just from existing technologies, but to our experience in putting these models to use in the enterprise. We talk about not only high-level techniques, such as encryption and identity/authorization, but also of new and developing security approaches surrounding the mobile ecosystem. We will show examples of our own experiments in novel security approaches, and discuss our successes and failures in the course of bringing our organizational security.

Enhanced mobile security using SIM encryption

Mobile security is a main topic of concern for the enterprise. Corporate data stored in employees device post a potential security risk of getting lost, stolen or get accessed by unauthorized personal. There are many solutions in the market that addresses this issue. Most of these solutions revolve around applying stronger password, others make use of the encryption of either full or partial hard drive. Data encryption for mobile devices is a known art. However, the existing mobile data encryption solutions share the same methodology with slight implementation variation. The common techniques used to secure mobile data and or mobile code is wither on the application layer using software encryption or on the hardware layer. Our proposed solution introduces a new approach for securing data in mobile devices with encryption technique that is integrated with the mobile SIM card and robust enough to accommodate the common use case of mobile upgrade and yet keep corporate data encrypted.