Windows Phone 8.1 Security and MDM Part 3 – Certificate Authentication

Windows Phone 8.1 Security and MDM Part 3
Anyone who knows me can tell you how much I all things mobile and how to secure and mange those deices. That is why I am excited to write that Microsoft has released information regarding Windows Phone 8.1 Security and Mobile Device Management. Here is some additional informational excerpts from the white papers on Certificate authentication.

Windows Phone 8.1 Security Overview
Windows Phone 8.1 MDM Overview

Certificate authentication

Many apps and remote connectivity solutions use certificates as an additional authentication factor and for signing. Windows Phone supports the use of certificate authentication for:

Wi-Fi connections. Windows Phone supports EAP-TLS and EAP-TTLS authentication for Wi-Fi connections. For more information about Wi-Fi connections in Windows Phone, see the “Wi-Fi identity and access” section later in this guide.

Virtual smart cards. Windows Phone supports the use of virtual smart cards for more secure browsing and also for S/MIME signing and encrypting of email messages.

S/MIME signing. S/MIME signing requires a certificate or virtual smart card that is used to create the digital signature for email messages. For more information about S/MIME signing, see “S/MIME signing and encryption” earlier in this guide.

Windows Phone protects certificates and keys by using the TPM that is built into each device. The TPM can release keys automatically, on demand, or based on a secondary authentication factor (such as a PIN in the use of virtual smart cards). Windows Phone 8.1 security overview.

Most MDM systems allow you to manage certificates throughout their life cycle, including certificate enrollment, renewal, and revocation. Windows Phone uses the Simple Certificate Enrollment Protocol (SCEP) to perform certificate management. SCEP allows you to use the certification authority (CA) of your choice (or as required by the MDM system).

Leave a Reply

Your email address will not be published. Required fields are marked *