CompuSec® Mobile is the hardware based security product for Notebooks. This product provides all the features from the CompuSec® Security Suite in combination with a highly secure, hardware based encryption solution.

CompuSec® Mobile provides unique features. For the first time, this product combines the hardware based encryption functionality with an integrated smart card reader in a single PC-Card form factor.

Pre-Boot-PKI2
CE-Infosys invented the Pre-Boot-PKI technology in 2002. With CompuSec® Mobile, this Pre-Boot-PKI2 technology is introduced to mobile computing. A user's smart card contains certificates identifying the user while CompuSec® Mobile provides its own certificates stored in its integrated security chip. With this combination of 2 certificates, a secure an authentication and a secure remote control process are achieved. The use of a smart card as authentication tool allows easy combination with RFID transponder chips for physical access control. The smart card reader is integrated in the CompuSec® Mobile card.

The Computer-User Relation
CompuSec® Mobile is fully supported by the GlobalAdmin management system. This means a user can use any number of machines with the e-Identity® smart card. At the same time, each computer can accept any number of users. This provides flexibility between users and computers. All relations are centrally managed using the GlobalAdmin product. CompuSec® Mobile can also be locally managed in a single user installation.

Identity Management
CompuSec® Mobile manages the identity of the user for applications. For existing applications requiring passwords, CompuSec® Mobile learns the user's passwords, stores them in an encrypted format and automatically inserts the correct password into the application when required. This is available for local and WEB based applications. For newly designed applications, CompuSec® Mobile manages the complete application policies for each user. CompuSec® Mobile collaborates with a policy database where tickets are generated for the applications. A powerful and easy-to-use API is provided for applications to query the user policies. This allows central management of user rights within applications.

Full Hard Disk Encryption
The hard disk encryption of CompuSec® Mobile uses a fast implementation of the AES algorithm. This encryption includes the operating system. Multiple operating systems are supported on a single computer. The initial encryption can be performed before the computer is used by the user or transparent in the background allowing the user to work on the PC, interrupt the encryption process and shut down the computer at any time. The support of the hibernation mode is very important to mobile users. Hibernation of the PC requires the contents of the RAM to be stored in hibernation file onto the hard disk before the PC is powered down. When the PC is restarted, the contents in the hibernation file will be loaded into the RAM. When coming out from hibernation, the user is required to authenticate again to decrypt the encrypted hard disk key before resuming work on the PC. As such, it is safe to use the hibernation mode in the machine. Most hard disk encryption products in the market do not support this mode. CE-Infosys is the first company providing support for hibernation mode with its product line.

Encryption of Diskettes, CD-ROM & Removable Media - CDCrypt
Diskettes, CD / DVD and removable media devices such as Memory Sticks and USB thumb drives can be encrypted by CompuSec® Mobile. The encryption for CD / DVD uses the CDCrypt feature to support internal and external CD burners that are connected using USB or IDE. With central administration, an encryption policy may define whether a user may or may not switch the mode from encrypted to non-encrypted when using such devices. As such, an organisation can easily enforce a policy to use only encrypted Diskettes, Removable Media Devices and CD-RW / CD-R / DVD to minimise the threat of data theft. Such encryption is unobtrusive and does not change the way the user works with these devices.

Encryption of Individual Files - DataCrypt
CompuSec® Mobile includes a module that enables users to encrypt individual files called DataCrypt. DataCrypt will enable users to encrypt their messages and send them via email, ftp etc. The data will travel safely over whatever medium chosen to allow CompuSec® users to safely exchange files. DataCrypt can also be used as a software module and be forwarded to other users without a license, free of charge. DataCrypt employs Public-Key-Cryptography based on elliptic curves to generate keys for encryption and decryption. DataCrypt also uses a new technology called 'Sealing' that will hide all structures in the header of the encrypted file, giving additional protection against 'traffic analysis' on the network.

Encryption of Server Files & Subdirectories - SafeLan
File and Directory Encryption with CompuSec® Mobile can be performed for local or network files and/or directories This function called SafeLan will ensure that all files written or copied into the encrypted directory will automatically be encrypted and remaining completely transparent to the end user. This also means that a user without an authorised directory key will not have access to the directory and will also be unable to see the files. This function is used to separate users of the same file server in a strong cryptographic way and also ensure that server administrators cannot see the contents of the encrypted files. SafeLan supports NTFS, Novell, FAT and network based file systems.

Encryption of Voice Communication - [ClosedTalk]®
[ClosedTalk]® is a component of CompuSec® Mobile used for encrypted voice communication between 2 CompuSec® users. The built-in sound system of the computer is used for [ClosedTalk]®. No IP telephone is needed. [ClosedTalk]® uses Internet to transport the voice data from one user to the other. E-mail addresses are used to contact communication partners. An e-mail address is self-explanatory and easier to remember than traditional phone numbers. [ClosedTalk]® uses a gatekeeper service to find the communication partner on the network. The Diffie-Hellman key generation protocol is used to provide secure session keys for each talk.

Advanced VPN Client for Secure Connections to Corporate Networks
CompuSec Mobile provides IP encryption for WAN and LAN users. The IP encryption client supports pool address modes, data compression, multiple dial-in points and other features, which are explained in detail in our IPCryptor product literature. The IP encryption of CompuSec® Mobile needs an IPCryptor as counterpart in the network.

E-mail Encryption and Signing for Microsoft Outlook & Lotus Notes
CompuSec® Mobile uses the Digital Certificates of the user to encrypt and sign e-mails using Microsoft Outlook, Outlook Express or Lotus Notes. The cryptographic software comes with a signed Cryptographic Service Provider (CSP). The mail security uses the S/MIME standard to guarantee the compatibility with other users not using CompuSec® yet.

Smart Card Reader
The inbuilt smart card reader is used by CompuSec® Mobile for all security functions where the user's e-Identity® is required. Furthermore this smart card reader can be used by applications that implement the Microsoft PC/SC interface.

OS Support
CompuSec® Mobile supports Microsoft operating systems such as Windows XP, Server 2003 & Windows 2000. In addition, a support for several Linux distributions based on Kernel 2.6 and 2.4 is provided. Most boot managers are also supported, allowing multiple operating systems to reside on a single system.

Installation & Management
CompuSec® Mobile can be deployed as a locally or as centrally managed product. In single-user installations, CompuSec® Mobile creates a security file with all the secret keys locally. The user is responsible for keeping these keys a secret. In larger organisations, central management of CompuSec® Mobile is recommended. The GlobalAdmin program manages all CompuSec® Mobile policies and provides additional functions like unattended installations, automatic software roll out, remote password reset and a complete management of the VPN functions. CompuSec® Mobile can also be an integrated part of a corporate-wide PKI structure. Details are described in the GlobalAdmin product literature. For large customers with multiple locations, remote e-identity® loading stations are available. A product for the user help desk is also available to assist support staff with the remote password reset functions. Automatic synchronisation with Microsoft usermanagement and Active Directory is provided for CompuSec® Mobile.

About e-Identity® Smart Cards
Each CompuSec® Mobile comes with one e-Identity® smart card. A secure password change mechanism is provided to allow help desk operators to change passwords remotely. The security chip used for e-Identity® and the implemented operating system has a Common Criteria EAL E4 high certificate. e-Identity® can be provided with inbuilt ECC functions or the standard RSA cryptography. e-Identity® supports all standards like Microsoft PC/SC, PKSC#11, Microsoft CSP including an integrated driver-to-driver interface.

Flexibility of Cryptographic Algorithms
CompuSec® Mobile provides the flexibility to modify the encryption algorithms. A fast hardware based AES algorithm is built in. The S-Boxes of the AES algorithm can be customised to provide additional cryptographic security.

> top <