CompuSec® e-Identity® is a Security Suite that protects Notebook and Desktop PCs. It provides Access Control, Single Sign On, Hard Disk Encryption, CD encryption, File Encryption, Network Encryption and VoIP Encryption. CompuSec® e-Identity® uses PKI technologies and comes with an e-Identity® security device, a smart card with USB reader 
or an USB token.
CompuSec® is made for customers who want more than just a password protection. The high level of security achieved is combined with a flexible and transparent mode of operation. Individuals, small groups of users as well as large enterprises use the product. CompuSec® e-Identity® combines a set of essential security functions, while providing users the option to configure the product to their own needs. Large organisations will also find a host of special functions to efficiently manage a large implementation of CompuSec®, such as unattended installation, centralised rollout, support for disk images, central software distribution, service functions and central user management.
CompuSec® uses new technologies developed by CE-Infosys to provide functionalities previously unknown to PC security products, such as Pre-Boot USB access, the use of PKI technology before a system boots and the support for hibernation mode.
Pre-Boot-PKI
CompuSec® uses a newly developed Pre-Boot-PKI technology to manage the access to the hard disk of a computer. This allows multiple users access to a single machine as well as access for a single user to multiple machines. The management of user is easily performed by the GlobalAdmin station for large organisations, or by the installation program for small user groups or individuals.
Password Management
The password strategies can be defined according to the organisational need. This includes password lifetime, password usage count, password change options, minimum and maximum length and more. In situations where passwords are forgotten, a challenge-response procedure with the GlobalAdmin station provides an easy and secure method for users to obtain their new password.
Single Sign On
Two alternatives for Single Sign On are provided. In the first method, the e-Identity® of the user stores the system logon password together with the user ID and the domain name. This replaces the traditional logon procedure at the operating system. The second and more advanced method provided by CompuSec® e-Identity® uses a digital certificate of the user together with its private key inside the e-Identity®. This certificate-based logon at the domain server is the preferred way for domain users and is fully integrated into the Microsoft operating systems. The certificate based Single Sign On requires the GlobalAdmin station which may be used as a full Certification Authority (CA). Lotus Notes users will store their ID file in the e-Identity® and also use the certificates of the e-Identity®.
Full Hard Disk Encryption
The hard disk encryption of CompuSec® e-Identity® uses a fast implementation of the AES algorithm. This encryption includes the operating system. Multiple operating systems are supported on a single computer. The initial encryption can be performed before the computer is used by the user or transparent in the background allowing the user to work on the PC, interrupt the encryption process and shut down the computer at any time. The support of the hibernation mode is very important to mobile users. Hibernation of the PC requires the contents of the RAM to be stored in hibernation file onto the hard disk before the PC is powered down. When the PC is restarted, the contents in the hibernation file will be loaded into the RAM. When coming out from hibernation, the user is required to authenticate again to decrypt the encrypted hard disk key before resuming work on the PC. As such, it is safe to use the hibernation mode in the machine. Most hard disk encryption products in the market do not support this mode. CE-Infosys is the first company providing support for hibernation mode with its product line.
Encryption of Diskettes, CD-ROM & Removable Media - CDCrypt
Diskettes, CD / DVD and removable media devices such as Memory Sticks and USB thumb drives can be encrypted by CompuSec®
e-Identity®. The encryption for CD / DVD uses the CDCrypt feature to support internal and external CD burners that are connected using USB or IDE. With central administration, an encryption policy may define whether a user may or may not switch the mode from encrypted to non-encrypted when using such devices. As such, an organisation can easily enforce a policy to use only encrypted Diskettes, Removable Media Devices and CD-RW / CD-R / DVD to minimise the threat of data theft. Such encryption is unobtrusive and does not change the way the user works with these devices.
Encryption of Individual Files - DataCrypt
CompuSec® e-Identity® includes a module that enables users to encrypt individual files called DataCrypt. DataCrypt will enable users to encrypt their messages and send them via email, ftp etc. The data will travel safely over whatever medium chosen to allow CompuSec® users to safely exchange files. DataCrypt can also be used as a software module and can forwarded to other users without a license free of charge. DataCrypt employs Public-Key-Cryptography based on elliptic curves to generate keys for encryption and decryption. DataCrypt also uses a new technology called 'Sealing' that will hide all structures in the header of the encrypted file, giving additional protection against 'traffic analysis' on the network.
Email Signing & Encryption
CompuSec® e-Identity® provides the necessary encryption modules to encrypt and sign e-mail using Microsoft Outlook, Outlook Express or Lotus Notes. The required digital certificates for e-mail security are stored in the user's e-Identity®. The cryptographic software comes with a signed Cryptographic Service Provider (CSP). The e-mail security module uses the S/MIME standard to guarantee the exchangeability with other users not using CompuSec® yet.
Encryption of Server Files & Subdirectories - SafeLan
File and Directory Encryption with CompuSec® e-Identity® can be performed for local or network files and/or directories. This function called SafeLan will ensure that all files written or copied into the encrypted directory will automatically be encrypted and remaining completely transparent to the end user. This also means that a user without an authorised directory key will not have access to the directory and will also be unable to see the files. This function is used to separate users of the same file server in a strong cryptographic way and also ensures that server administrators cannot see the contents of the encrypted files. SafeLan supports NTFS, Novell, FAT and network based file systems.
Encryption of Voice Communication - [ClosedTalk]®
[ClosedTalk]® is a component of CompuSec® e-Identity® used for encrypted voice communication between CompuSec® users. The built-in sound system of the computer is used for [ClosedTalk]T. No IP telephone is needed. [ClosedTalk]® uses Internet to transport the voice data from one user to the other. E-mail addresses are used to contact communication partners. An e-mail address is self-explanatory and easier to remember than traditional phone numbers. [ClosedTalk]® uses a gatekeeper service to find the communication partner on the network. The Diffie-Hellman key generation protocol isused to provide secure session keys for each talk.
Identity Management
CompuSec® e-Identity® manages the identity of the user for applications. For existing applications requiring passwords, CompuSec® e-Identity® learns the users' passwords, stores them in an encrypted format and automatically inserts the correct password into the application when required. This is available for local and WEB based applications.
Advance VPN Client For Secure Connection To Corporate Networks
CompuSec® e-Identity® provides IP encryption for WAN and LAN users. An enhancedIPSec client is a selectable function of CompuSec®
e-Identity®. The IP encryption client supports pool address modes, data compression, multiple dial-in points and other features, which are explained in detail in our IPCryptor product literature. The IP encryption of CompuSec® needs an IPCryptor as counterpart in the network.
Installation & Management
CompuSec® e-Identity® can be installed as a product without a central management station. In this case, CompuSec® e-Identity® creates a security file with all the secret keys of this installation. It is the user's responsibility to keep these keys secret. In larger organisations, a central management is recommended. This GlobalAdmin station manages all the CompuSec® e-Identity® installations and provides functions for unattended installations, automatic software rollout and software update, remote password reset and a complete management of the VPN functions. CompuSec® e-Identity® can be used as an integrated part of a company wide PKI structure. Details are described in the GlobalAdmin product literature. For large customers with multiple locations, a remote e-Identity® loading station is available. A supplementary product for the user help desk is also available to assist support staff with the remote password reset functions. Automatic synchronisation with Microsoft user management and Active Directory is provided for the management of CompuSec® e-Identity®.
> top <
