Windows Mobile device security

There are special considerations to be aware of when securing a Windows Mobile device.

Authentication

IBM Traveler relies on the Domino® infrastructure (HTTP and Admin Client) to authenticate the user. The authentication credentials can be one of the user's allowed Domino® name formats, along with the user's HTTP password, or it can be something defined with the Directory Assistance database. All devices use HTTP Basic Authentication, so HTTPS is recommended for security reasons unless using a VPN or a secured network.

Account information and passwords

Account information is stored in the operating system registry.

The account password is encrypted using AES 256-bit encryption before being stored on the device.

The IBM® Notes® ID password used for reading Domino® encrypted mail is cached for the duration specified by the device lockout timeout and is encrypted using the AES 256-bit encryption.

Data storage

Data is stored in the operating system registry and persistent storage. The devices do not support encryption of this storage.

Encryption of the storage card is supported.

Domino® encrypted mail is stored using AES 256-bit encryption on the device using a key based on the IBM Traveler password. When the user views an encrypted mail, the IBM® Notes® ID password is used to decrypt the data and store it in volatile memory solely for viewing.