An Unwired Platform deployment introduces a multilayer approach to corporate security designed for mobility.
End-to-end data encryption support is based on Transport Layer Security (TLS) and Secure Sockets Layer (SSL), which secures client/server communication using digital certificates and public-key cryptography.
Each runtime service uses its own communication port (secured and unsecured). Security for this tier secures both the server components that provide these services and service communications.
Key Unwired Platform security features for devices include the encryption of data, the implementation of login screens, and the use of Data Vault to store sensitive data.
Application security is based mainly on the mapping of a mobile business object (MBO) package to a security configuration. A security configuration defines the authentication, authorization, attribution, and auditing security provider for an application package's access control and activities. For example, for an application, an administrator may create a security configuration that points to the LDAP server for authentication and authorization, and does not associate any provider for attribution and auditing.
Single sign-on (SSO) security providers provide an alternative to user name and password authentication. These security providers add support for token and certificate-based authentication, such as X.509 certificates. SSO enables mobile device application users to enter credentials only once to gain access to all resources, including servers, packages, and data sources related to that application.
Unwired Platform supports Afaria device management and security functionality, which includes features such as remote device locking, remote data cleanup, data fading (a feature that enables the IT administrator to lock, wipe, or reset a device that has not communicated with the corporate network or Afaria server after a predetermined number of days), and password expiration management. Even without Afaria, the Unwired Server administrator can lock or unlock devices from accessing applications deployed to the server.