Security IP icon

Security

VPN Client for Android

The Rambus VPN Client (formerly the QuickSec VPN Client from Inside Secure) provides Android devices with a highly secure IPsec connection. Developed and maintained by security experts, it is widely used by tier 1 phone makers to meet the demanding requirements of governments, enterprises and operators.

Available as a pre-loaded version for OEMs, it enforces security all the way down to the kernel level, and does so as a downloadable version.

Secure

High-grade security with a FIPS140-2 certified crypto and IPsec policy enforced in kernel

Proven

Widely used for enterprise access, government security and Voice over WiFi

Interoperable

Tested and validated in the Rambus interoperability laboratory

How the Rambus VPN Client works

The Rambus VPN Client enables robust authentication, confidentiality and data integrity developed in compliance with over 90+ standard specifications required to work with the various versions of IPsec. It is delivered as source code, either as a pre-loaded version for OEMs enforcing top security all the way to the kernel, or as a downloadable version that can easily be installed over the air. Both versions have excellent interoperability and a complete feature set.

Customers regularly verify the interoperability of flagship devices at the Rambus interoperability laboratory.

The Rambus Security team has developed premium IPsec technology for over 20 years, as well as co-authored the IKEv2 specification (RFC 7296). The VPN Client is embedded in well over 100 million smartphones and tablets.

Interoperable and Feature Rich

The VPN Client for Android supports the wide set of features required to be interoperable with all the major VPN gateways such as 

  • IKEv1 & IKEv2
  • MOBIKE
  • Pv6
  • Tunnel mode IPsec
  • L2TP
  • Xauth
  • EAP-based authentication,
  • NSA Suite B cryptography
  • Split tunneling
 

Mobile Optimized with Proven Technology and Interoperability

The Rambus IPsec technology is used commercially by leading VPN gateway vendors and mobile vendors.  The VPN Client for Android has been tested for interoperability with all the major VPN gateways. Mobile VPN Client for Android provides an intelligent architecture that enables minimum runtime memory allocation, which frees CPU and memory resources for other tasks and only starts on demand to avoid using RAM when it is not needed.

High Grade Security for  Enterprise & Governments –FIPS, Suite B and STIG            

The VPN Client for Android uses a FIPS-certified crypto library, is NSA Suite B complaint, and offers security in line with the Security Technical Implementation Guides (STIGs) authored by the U.S. Department of Defense’s Defense Information Systems Agency.  Implementation of this technical guidance provides risk assurance to meet the standards prescribed under the National Institute of Standards and Technology’s (NIST) authority and to meet the requirements of the Federal Information Security Management Act (FISMA). Besides being utilized in the U.S. Government, the DISA STIG has been adopted for use in the corporate business sector. In addition, the VPN client includes support for accessing external security tokens such as U.S. government Common Access Cards.

Quicker Time to Market

The VPN Client is a toolkit, shipped in source code, that allows control of customization and integration. It offers enhanced troubleshooting tools for debug information and error cause reporting.  

Interoperate with ePDG for Voice over WiFi

Major carriers are now delivering their services (e.g. VoLTE) through any available WiFi access. To provide their services in a secure way and to authenticate their users, an IPsec connection using IKEv2 and EAP-SIM or EAP-AKA is made from the mobile device to the carrier’s ePDG. To ensure seamless handover and IP address preservation, the IPsec stack needs to be deeply integrated with the mobile device. That mobile data off-load solution is referred in 3GPP 23.402 and 33.402 as network-based mobility (NBM) over untrusted access.

The VPN Client delivers advanced IPsec features required to off-load carriers’ services (e.g. VoLTE) to WiFi through an ePDG: multiple concurrent VPNs, EAP-AKA and EAP-SIM, seamless handover, IKEv2, dual IPv4/IPv6 addressing. It has been successfully tested with major carriers and OEM vendors. 

CryptoManager Root of Trust Cover

The CryptoManager Root of Trust

Built around a custom RISC-V CPU, the Rambus CryptoManager Root of Trust (CMRT) is at the forefront of a new category of programmable hardware-based security cores. Siloed from the primary processor, it is designed to securely run sensitive code, processes and algorithms. More specifically, the CMRT provides the primary processor with a full suite of security services, such as secure boot and runtime integrity, remote attestation and broad crypto acceleration for symmetric and asymmetric algorithms.

Don’t miss out on the Rambus Design Summit on October 8th!