Bittium Tough Mobile C User manual
Bittium
Tough Mobile C
Secure OS Guide
2Bittium Tough Mobile C Secure OS Guide
Introduction
This quick guide describes the Tough Mo-
bile C device security enhancements.
We also encourage you to read Bit-
tium Tough Mobile Quick Start Guide that
can be found in the sales box and via
www.bittium.com/BittiumToughMobile
It will guide you through some of the generic device
features. This guide acts as a supplement to that
guide and the features described here are provided
in addition to the features and functionalities de-
scribed in Bittium Tough Mobile Quick Start Guide.
Security features
• Dualboot
- Two separate operating systems
• Normal mode, Android 6.0.1
Secure mode: Bittium Secure OS
• Two-phase user authentication
• SafeSave
- High security data storage for sensi-
tive information.
- Application for moving sensitive
files.
• System cleaning
- Secure file erase
• Bittium Enterprise Application Library
• Application whitelist
Bittium Tough Mobile C Secure OS Guide 3
Dualboot
The device has a Dualboot feature: it contains two
operating systems: Normal Mode for daily person-
al use and Secure Mode for high security usage.
The operating systems are completely separate
to ensure security for the highly critical informa-
tion stored and used in Secure Mode. Note that
files cannot be used or copied between modes.
Switching between Normal Mode and Se-
cure Mode can be done via the power key:
Pressing the power key lightly on top of the
device opens the Power key menu with op-
tions for Power off, Normal Mode and Secure
Mode, depending on the currently active mode.
4Bittium Tough Mobile C Secure OS Guide
Changing the PIN code
Setting a PIN code for screen unlocking is man-
datory for security reasons. When using the
device for the first time, the security wizard
Setup screen lock (see figure below) requests
you to specify a PIN code for screen unlock.
In the Unlock selection screen choose PIN.
Next, enter the PIN and re-type it for confir-
mation. Now you are ready for the next phase.
NOTE! Both operating systems require their own
PIN codes and these must be set separately.
A new PIN can be entered via: Settings -> Securi-
ty -> Screen lock.
Bittium Tough Mobile C Secure OS Guide 5
Two-phase user
authentication
In Secure Mode the user is authenticated with
two-phase authentication. Two-phase authenti-
cation means that both PIN code and a personal
security key are used to make sure that the cor-
rect person is unlocking the device. “Something
you know and something you have”.
Security Key
The device comes supplied with a Se-
curity Key which is used in the Secure
Mode. To authenticate with the securi-
ty key follow the on-screen instructions.
NOTE! To authenticate, place the Security Key
against the device back cover as instructed.
6Bittium Tough Mobile C Secure OS Guide
Thedevicewill indicatethatpairingissuccessfulby
stating ‘Key pairing successful!’ Tapping ‘Contin-
ue’ finalizes the two-phase authentication setup.
In case the Security Key is damaged or lost
please contact the system administrator for
assistance.
Daily use: Locking and
unlocking the device
To unlock, switch on the device screen and
swipe up. Enter your PIN code. Once the cor-
rect PIN is entered, Unlock view is displayed.
Place your Security Key against the back cover to
unlock the device.
There is a 15-second time limit for placing the
Security Key correctly when unlocking the de-
vice. The timer is shown on the device screen.
Bittium Tough Mobile C Secure OS Guide 7
If unlocking fails or the timer runs out, the device
remains locked. A PIN code is required again be-
fore using the Security Key to unlock the device.
NOTE! Always when switching from Normal
Mode to Secure Mode authenticate yourself at
least once to re-enable secure data services,
like updating the e-mail. Secure connection
will be established after a successful logon.
NOTE! When the screen is locked Safe-
Save is also locked and encrypted. Suc-
cessful two-phase user authentication
gives access also to the SafeSave data.
Security Key
authentication timer
The device may have an authentication timer en-
abled by the device administrator. If this timer is
enabled, the device does not require the use of
the Security Key every time to unlock the device.
If the timer value is set for example to 30 min-
utes, it is enough to enter only your PIN code for
authentication during the 30 minute period
to get access to the device. After 30 minutes,
both the PIN code and Security Key authenti-
cation is again required to unlock the device.
NOTE! SafeSave cannot be used when the
timer is enabled. For security reasons ac-
cess to the full content of SafeSave re-
quires two-phase user authentication.
8Bittium Tough Mobile C Secure OS Guide
Secure Mode activity
user notifications
Normal Mode can notify the user about Secure
Mode activity that requires user attention. This
can be, for example, a secure communication
request which cannot be responded to from
Normal Mode. The notification prompts the user
to switch into the Secure Mode. It is also
possible that the system administrator has
disabled some or all of the notifications
depending on the security policy used.
Bittium Tough Mobile C Secure OS Guide 9
Storing confidential
information
In Secure Mode the device has a SafeSave (high
security data storage) feature. It is recommend-
ed to use SafeSave to store sensitive informa-
tion. Any old data and files that have not been
modified within 30 days are automatically de-
leted from the SafeSave folder. A notification will
be displayed three days before the data remov-
al so that you can back up the data before it is
deleted. SafeSave has limited capacity, so it
should be used strictly for confidential data.
SafeSave is closed after a short timeframe ev-
ery time the screen is locked. After SafeSave
has been closed it can be accessed only by us-
ing the two-phase user authentication. Safe-
Save is not available as a storage folder in Nor-
mal Mode on a computer when connected.
SafeSave application
The SafeSave application can be used to display all
common document files stored in Download and
SafeSave folders. The application allows the user
to move files to the SafeSave folder and to remove
files from the Download and SafeSave folders.
NOTE!: Files stored under third party appli-
cations, such as e-mail, are not listed by the
SafeSave application.
NOTE!: SafeSave capacity is 150MB.
10 Bittium Tough Mobile C Secure OS Guide
If a file, for example an e-mail, contains sensitive
information it is suggested to first save the file
to the Download folder and then use the Safe-
Save application for the easy move operation.
When the SafeSave application is started, it lists
document files from the file system in the Files tab.
Files can be selected for a MOVE or DELETE
operation.
NOTE! Neither MOVE or DELETE operations can be
undone using the SafeSave application. The move
operation moves the files to the SafeSave folder.
Bittium Tough Mobile C Secure OS Guide 11
The SafeSave tab provides easy functional-
ity for deleting files from the SafeSave folder.
12 Bittium Tough Mobile C Secure OS Guide
Double-tapping or pressing and holding on a list
item in the SafeSave or Files tab will open the file
using the application that is capable of opening
the file.
Using an SD card
SD memory card can be used both in the Secure
Mode or the Normal Mode. In addition to the
normal formatting operation before use, the SD
card is also encrypted if it is taken into use in the
Secure Mode. If the SD card is not in use in the
selected mode a notification will be displayed
after the device has started.
NOTE: if you try to access an encrypted SD
memory card in Normal Mode the encypted
contents of the card is reported by the sys-
tem as ‘corrupt data’. However - DO NOT format
the content of the SD memory card in Normal
Mode. If you format it, you will loose the data
stored to the SD memory card in Secure Mode.
System cleaning
The System cleaning function erases temporary
and obsolete files to improve device perfor-
mance and to maintain device security. The
function is set to run automatically and it can
also be started manually via Settings -> Security
-> Advanced -> System cleaning.
Bittium Tough Mobile C Secure OS Guide 13
System cleaning runs both in the Secure and
Normal modes. The cleaning is performed even if
the device is powered only briefly at a time.
Enterprise Application
Library
The Enterprise Application Library is available in
themainviewas anapplicationnamedAppLibrary.
It contains approved applications which
can be downloaded and installed to the
device from a network server. Howev-
er, some application installations may be
blocked although they appear in the library.
You can also view all installed applica-
tions and receive application updates.
14 Bittium Tough Mobile C Secure OS Guide
You can change application settings
such as Updates, Application compati-
bility or Display Theme by opening Set-
tings in the menu in the upper right corner.
You can also rename the local re-
pository via Settings, but you can-
not change the network repository itself.
Bittium Tough Mobile C Secure OS Guide 15
System updates
In Bittium Tough Mobile C, receiving and install-
ing system software updates is possible only in
Secure Mode. The handset’s battery level must
be more than 50% for a successful update to
commence.
The availability of an update can be checked at
any time by going to Settings -> About phone –>
Software Updates –> Check now.
Published by:
Bittium Wireless Ltd.
Ritaharjuntie 1
90590 Oulu
Finland
Phone: +358 40 344 2000
www.bittium.com
For the latest Secure OS Guide, visit:
https://www.bittium.com/secure-
communications-connectivity/bittium-
tough-mobile-c
Legal Notice
Copyright 2019 Bittium. All rights reserved.
The information contained herein is subject to
change without notice. Bittium retains owner-
ship of and all other rights to the material ex-
pressed in this document. Any reproduction
of the content of this document without prior
written permission from Bittium is prohibited.
Notice
Bittium reserves the right to change its products
and the information in this document without
notice due to continuous improvement and de-
velopment. Bittium makes no warranty of any
kind with regard to this material, including, but
not limited to, the implied warranties of mer-
chantability or fitness for a particular purpose.
Bittium shall not be liable for errors contained
herein or for damage in connection with the fur-
nishing, performance, or use of this material.
www.bittium.com
5800583A01
Table of contents
Other Bittium Cell Phone manuals
