2014 Articles

Secure Mobile Now Protects Data for Windows CE 5

5 January 2012 - Digital Defence have announced that Secure Mobile’s unique technique of encrypting at-rest device data has now been brought to Windows CE 5. Secure Mobile encrypts each file, including its filename, with a unique Encryption Key which is stored {partially on the device; partially inside the file}. The login screen for Device Authentication can be customised to provide full-screen large input button for fast access to the device.

The Challenge

Secure Mobile provides protection of data on handheld devices, but Windows CE is designed for use across a broad range of embedded environments. This presented an architectural challenge to the designers of Secure Mobile; How to provide protection for data on a platform that presents itself in various forms across multiple types of user interface. The decision was made to target specific implementations of Windows CE, in particular those that are designed for handheld computers. The Motorola MC9090-G handheld device was chosen as the initial target for Windows CE data protected by Secure Mobile.

The handheld Windows CE platform supplies only a subset of the APIs provided by Windows Mobile. Secure Mobile requires APIs to protect: Device Authentication, Data Encryption, Application Blocking, Encryption Blocking, Comms Port Blocking, and PC Connection Protection. All of these features must be protected via a user interface on the device.

The Solution

Windows CE 5 does not provide the LASSD/LAP device authentication customisation that Windows Mobile provides. A Secure Mobile implementation of device authentication has been designed and implemented which monitors user activity and power states to protect use of the device. This is a unique feature which is not available on a typical implementation of Windows CE 5.

Secure Mobile has been designed to implement System Application Blocking to ensure undesirable applications are never executed by the population of an Enterprise’s users. This is a unique feature which is also not available on any typical implementation of Windows CE 5.

Secure Mobile performs data encryption at File System Driver level to provide seamless real-time encryption of data, invisible to the user. As this is performed at driver (Windows CE) level, the Secure Mobile data encryption module is identical to that implemented on Windows Mobile.

Windows CE does not supply the APIs provided by Windows Mobile for the protection of WLAN or USB. Secure Mobile protects any WLAN connection via NDIS notification drivers, and USB is protected via USB function driver notifications. Due to the kernel level implementation of Secure Mobile’s data protection, these features have been implemented to ensure data protection unique to Secure Mobile.