Wave Systems Corp. (fka WAVXQ)

[RootOfTrust]

wd, ty for that presentation. I poured over it and it's most useful in understanding the user-based CAC/PIV schemes that have been implemented in the miltary and gov't.

Essentially the PIV architecture can be ported to a mobile device with the secure element (smart card chip) on the device hosting the PIV in close parallel to how a physical smart card hosts it. Pretty slick in a number of respects as it provides strong hardware-based user ID for both logical access (e.g. computer networks) and physical access (e.g. building entry) as well as the NFC bonus enabling the use of the mobile device in lieu of physically swiping the smart card.

But CAC/PIV is strictly user-based ID, correct? We still need hardware-based device ID to establish known devices with secure boot integrity and other trusted elements. PIV-based user ID does go nicely with TPM/MTM-based device ID and we can also link PIV with TPM/MTM, no? I would say PIV and MTM are synergistic and belong together on a gov't smartphone.

Indeed BlackBerry does have native CAC/PIV support and supports PKI-enabled apps but I believe PKI for device ID needs to be secured in an MTM (not in a secure element).

Also, I still can't find that BlackBerry supports internet-based VPN access (enterprise Wi-Fi network access only). "Secure Enterprise Resource Access" is one of the principle mobile use cases cited in the ActivIdentity presentation. Internet-based corporate VPN access via a mobile device is a must.

http://docs.blackberry.com/en/admin/deliverables/16648/Using_a_VPN_with_a_Wi-Fi_enabled_BB_845134_11.jsp