| Encrypted Offline Cache |
Protect sensitive information from malware attacks and device theft |
|
Uses AES256 and PCKS #5 for on-device encrypted storage of app-generated information, with random server-generated numbers for high security |
| |
Allows user authentication when server is offline |
| |
Implemented in JS (highly obfuscated) with optional native performance enhancements |
 |
 |
|
| Client Code Attestation |
Protect applications against malware manipulation and phishing apps impersonation |
|
Challenge-response based mechanism for proving client-application identity (coming soon)
|
| |
Uses tamper-resistant self-inspecting code (coming soon) |
|
|
|
| Remote Update |
Ensure timely propagation of critical security updates to the entire install base |
|
New versions of the code can be distributed without requiring the manual update of the app (currently JS/HTML) |
|
|
|
| Remote Disable |
Enforce timely adoption of critical security updates to the entire install base |
|
Server-side console allows configuration of allowed app versions. Administrator can force users to install security updates to the native code |
|
|
|
| Authentication Framework |
Ability to lower overall cost and complexity of integration with authentication infrastructure |
|
Server-side architecture designed for integration with back-end authentication infrastructure based on JAAS, with Authentication realms |
| |
Client-side framework for asynchronous login requests on session expiration |
|
|
|
| Server-side Safeguards |
Prevent SQL Injection and protect against XSRF |
|
Prepared-statement enforcement |
| |
Validation of submitted data against session cookie |
|
|
|
| Enterprise SSO Integration |
Leverage existing enterprise authentication facilities and user credentials and enable employee-owned devices
|
|
Client side mechanism obtains and encrypts user credentials, sends to the server with requests |
| |
Encryption incorporates user-supplied PIN, Server side secret and deviceID |
| |
Credentials cannot be retrieved from lost or stolen device |
|
|
|
| VPN Alternative |
Enable secure delivery and operation of mobile apps for employee-owned devices or device types not allowed on the corporate network, as well as enable secure delivery when installation of VPN client on mobile devices is not possible or complicated to manage |
|
Client side and server side framework act as SSL based VPN |
| |
Network access control and policies pre-configured in the client side framework layer |
| |
Network access and security measures updated using server side framework |
| |
On device encrypted storage to prevent compromise of sensitive data |
