William Supernor, CTO, KoolSpan. This session is based on KoolSpan’s experience building enterprise-grade secure communications applications on the major smartphone platforms. The strength of key storage on these platforms is critical to our customers. At the end of this session, attendees will have an understanding of the features common to most key storage system, including:
– How they are accessed?
– How are they protected?
– Where are they located?
– When are they protected?
– Who can access them?
The presentation then dives in to a detailed platform by platform view of how keys are stored and accessed on Android, iOS, BlackBerry, and Windows Phone. Attendees will learn some code-level details of the APIs provided to create, use, manage, and destroy keys, including code examples.
For each platform we will also discuss:
– Key protection before boot, during boot, after boot.
– Device lock screen and user password involvement in key protection.
– Key storage techniques, including secure elements, Trusted Execution Environment, and flat files.
– How to verify key storage location.
– The ability (or lack thereof) to securely share keys between apps from the same vendor or other vendors.
– Real world “gotchas” or issues.
– Derived Credentials.
For users that require additional key storage options, we also discuss add-on key storage systems such as smartcards and other hardware tokens, and their portability.