Piecemeal add-on security solutions for handheld devices often present problems in software integration, usability, and administration. As an alternative, a unified framework has been developed and is under implementation, which addresses the following security aspects:
The framework also supports multiple policy contexts (e.g., restricted and unrestricted, or low, medium, and high) among which a user can choose to operate. A set of grant-style policy rules defines a policy context. One or more authentication steps can be required for any policy context. A cryptographic repository can optionally be made available for use within a policy context.
Existing desktop authentication solutions are often inappropriate for handheld devices. Obstacles include device limitations such as computational speed, network connectivity, battery capacity, and supported hardware interfaces. Any inconvenience due to a cumbersome peripheral attachment, lengthy authentication process, or error-prone interaction discourages use. Handheld devices also have unique features (e.g., power-on/off behavior) that need to be addressed when asserting an authentication mechanism.
Several types of authentication modules, which match the capabilities and limitations of handheld devices, are being developed for the security framework. They include visual authentication, proximity beacons, and novel forms of smart cards.