|
Certificate-based security solution for
protection of notebooks and Desktops. With Access Control, Hard Disk
Encryption, Email Encryption and External Secret Key Device (e-IdentityTM) |
 |
|
Theft and loss of notebooks and Desktops
can lead to a much higher damage than just the cost of the equipment,
when secret information stored inside is misused. |
|
|
|
A secure authentication process with the
encryption of hard disk and data carriers is, as a precautionary
measure, absolutely necessary. |
|
|
|
CompuSec with e-IdentityTM, is
the solution: it protects your system, whether notebook or desktop,
against unauthorised access, encrypts the entire harddisk, diskettes,
data and directories on network drives and IP-connections. In addition,
CompuSec also includes S-MIME encryption for emails. |
|
|
|
With the new technology of CE-Infosys, a
complete integration to a PKI is possible with CompuSec. CompuSec with
e-IdentityTM is suitable for both single systems and
enterprises. |
|
|
|
The product |
|
CompuSec is a software-based security
solution, which is complemented by a secure hardware key memory, the
e-IdentityTM. |
|
|
|
The e-Identity comes as an USB-Token or as
SmartCard with USB-Reader. Only with the possession of this hardware
together with the knowledge of the password, can the operating system
start and the data decrypted. |
|
|
|
The processing time for encryption and
decryption does not influence the performance of the system. |
|
|
|
SmartBoot |
|
As the most important element of
PC-Security, hard disk encryption has been handled separately from PKI
solutions. This has been because of the initialisation of hard disk
encryption before booting, so at that time, drivers and system resources
are not available. In the past, this led to isolated solutions for hard
disk encryption. |
|
|
|
The new technology from CE-Infosys, called
SmartBoot, uses the digital certificates of the user to control the user
authentication and the hard disk encryption. This solution can access
SmartCards, with are connected to the USB-Port, before the booting of
the operating system. |
|
|
|
The same digital certificate is also used
for automatic Log-On on the Microsoft-OS or in the Windows-Domain. |
|
|
|
Together with the administration station
GlobalAdmin,
a complete PKI can be realised for an affordable price. |
|
|
|
Efficient Access Control |
|
Before booting the OS, the e-Identity is
addressed (Pre-Boot-Procedure). Only after input of the correct password
the OS starts. You can define the type, complexity and validity of the
password as well as the strategies for changing passwords. In cases
where passwords are forgotten, a challenge-and-response-procedure can
easily help. With the exchange of one-time-used codes the password will
be reset. |
|
|
|
Hard Disk Encryption |
|
To really keep your data secret, the
encryption of the entire hard disk is necessary. With partial encryption
of data, temporary files and even deleted documents could be accessed.
The encryption is based on the secure and fast AES-Algorithm, or
customer-specified algorithms. Because of the encryption of the entire
hard disk, even the operating system is encrypted, so that there is
additional protection against boot viruses and Trojan horse programs.
CompuSec supports the so-called hibernation mode (conservation mode). |
|
|
|
Encryption of Diskettes |
|
Diskettes can be written encrypted. A safe
exchange of diskettes can be ensured with PCs protected by CompuSec with
e-IdentityTM. |
|
|
|
Email Encryption |
|
The CompuSec security suite now comes with
the function to encrypt and digitally sign e-mail. Supported are
Microsoft Outlook and Outlook Express. The digital certificates needed
for the mail security are stored in the e-Identity token. This token has
advanced security mechanism to protect against known attacks on spying
out PIN numbers. Users appreciate this solution, because it eases the
use of e-mail encryption. There is no PIN number to be entered when a
mail is sent or received. The digital certificates from the e-Identity
are automatically recognized when a user logs on at the computer. The
mail security uses the S-MIME standard to guarantee the exchangeability
with other users not yet having CompuSec. The e-mail security functions
are included in version 4.15 of CompuSec. |
|
|
|
Additional functions, shipped with
product |
|
Single Sign On
: Fast and secure log-on using Windows 2000 or XP |
|
SafeLAN : Store
encrypted data and directories on network drives |
|
IPCrypt Client
: Client for secure Remote Access- and VPN-connections |
|
|
|
Installation |
|
The initialisation of an e-IdentityTM,
the setting-up of users and the management of keys are done using a
secure, completely encrypted central Administration system (GlobalAdmin).
While each Client-Software can be easily installed on existing systems
by users themselves. A single user version is also available. |
|
|
|
Overview of performance features |
 |
Highest security with keys
in the e-IdentityTM |
|
Access control with
Pre-Boot-procedure, with e-IdentityTM and password |
|
|
No
influence of system performance by encryption |
|
Support Hibernation-Mode |
|
|
Floppy Disk encryption |
|
Modular system architecture with additional functions |
|
Email
encryption |
|
|
|
Technical Details |
|
|
Strong encryption with AES
Algorithm, 128 Bit key-length |
|
|
Keys stored in the
SmartCard / USB-Token (e-IdentityTM) |
|
|
|
System Requirements |
|
|
Intel-compatible PC |
|
|
Installed Floppy drive |
|
|
min. 1 free USB-connection |
|
|
Operating system Windows 2000 / XP |
|
|
Windows 98, ME, LINUX in development |
|
|
GlobalAdmin-Station
for preparation of e-Identity (not necessary for installation on a
single system) |
|
|
|
Options |
|
|
Government-edition with
customized algorithms are available on request |
