CompuSec® e-Identity® is a
Security Suite that protects Notebook and Desktop PCs. It provides
Access Control, Single Sign On, Hard Disk Encryption, CD encryption,
file encryption, network encryption and VoIP encryption. CompuSec®
e-Identity® uses PKI technologies and comes with an e-Identity®
security device, a smart card with USB reader
CompuSec® is made for customers who want more than just a password protection. The high level of security achieved is combined with a flexible and transparent mode of operation. Individuals, small groups of users as well as large enterprises use the product. CompuSec® e-Identity® combines a set of often-needed security functions, while providing users the option to configure the product to their own needs. Large organizations will also find a host of special functions to efficiently manage a large implementation of CompuSec®, such as unattended installation, centralized rollout, support for disk images, central software distribution, service functions and central user management. CompuSec® uses new technologies developed by CE-Infosys to provide functionalities previously unknown to PC security products, such as Pre-Boot USB access, the use of PKI technology before a system boots and the support for Hibernation mode.
Password Management Single Sign On Hard Disk Encryption Encryption of Diskettes,
CD-ROM & Removable Media - CDCrypt Encryption of Individual
Files - DataCrypt Email Signing &
Encryption Encryption of Server
Files & Subdirectories - SafeLan Encryption of Voice Communication - [ClosedTalk]®
Advance VPN Client For
Secure Connection To Corporate Networks Installation & Management
|
||||||||||||||||||
|
© 2006 - 2008 CE-Infosys. All rights reserved |
|
or an USB token.
The password strategies can be defined according to the organizational
need. This includes password lifetime, password usage count,
password change options, minimum and maximum length and more. In
situations where passwords are forgotten, a challenge-response
procedure with the GlobalAdmin station provides an easy and secure
method for users to obtain their new password.
Two
alternatives for single sign on are provided. In the first method,
the e-Identity® of the user stores the system logon password
together with the user ID and the domain name. This replaces the
traditional logon procedure at the operating system. The second and
more advanced method provided by CompuSec® e-Identity® uses a
digital certificate of the user together with its private key inside
the e-Identity®. This certificate-based logon at the domain server
is the preferred way for domain users and is fully integrated into
the Microsoft operating systems. The certificate based
Single-Sign-On requires the GlobalAdmin station which may be used as
a full Certification Authority (CA). Lotus Notes users will store
their ID file in the e-Identity® and also use the certificates of
the e-Identity®.
The hard disk encryption of CompuSec® e-Identity® uses a fast
implementation of the AES algorithm. This encryption includes the
operating system. Multiple Operating systems are supported on a
single computer. The initial encryption can be performed before the
computer is used by the user or transparent while the user is using
the PC. The latter which is Background-Encryption allows the user to
interrupt the encryption process and shut down the computer at any
time. The support of the Hibernation mode is very important to
mobile users. In Hibernation, the contents of the computer RAM are
written to the disk and the computer shut down. When restarted, the
contents in the RAM are reloaded from the hibernation file and the
user can continue to work. This is faster and allows the user to
shut down in the middle of an application. So far, most hard disk
encryption products could not support this mode and disabled
hibernation. CE-Infosys is the first company providing support for
hibernation mode with its product line. 
Diskettes, CD / DVD and removable media devices such as Memory Sticks and USB
thumb drives can be encrypted by CompuSec® 
CompuSec® e-Identity® includes a module that enables users to encrypt
individual files called DataCrypt. DataCrypt will enable users to
encrypt their messages and send them via email, ftp etc. The data
will travel safely over whatever medium chosen to allow CompuSec®
users to safely exchange files. DataCrypt can also be used as a
software module and can be forwarded to other users without a
license free of charge. DataCrypt employs Public-Key-Cryptography
based on elliptic curves to generate keys for encryption and
decryption. DataCrypt also uses a new technology called 'Sealing'
that will hide all structures in the header of the encrypted file,
giving additional protection against 'traffic analysis' on the
network.
CompuSec® e-Identity® provides the necessary encryption modules to encrypt and
sign e-mail using Microsoft Outlook, Outlook Express or Lotus Notes.
The required digital certificates for e-mail security are stored in
the user's e-Identity®. The cryptographic software comes with a
signed Cryptographic Service Provider. The e-mail security module
uses the S-MIME standard to guarantee the exchangeability with other
users not using CompuSec® yet.
File and Directory Encryption with CompuSec® e-Identity® can be performed
for local or network files and/or directories. This function called
SafeLan will ensure that all files written or copied into the
encrypted directory will automatically be encrypted and remaining
completely transparent to the end user. This also means that a user
without an authorized directory key will not have access to the
directory and will also be unable to see the files. This function is
used to separate users of the same file server in a strong
cryptographic way and also ensure that server administrators cannot
see the contents of the encrypted files. SafeLan supports NTFS,
Novell, FAT and network based file systems.
[ClosedTalk]® is a component of CompuSec® e-Identity® used for encrypted voice
communication between CompuSec users. The built-in sound system of
the computer is used for [ClosedTalk]T. No IP telephone is needed.
[ClosedTalk]® uses Internet to transport the voice data from one
user to the other. E-mail addresses are used to contact
communication partners. An e-mail address is self-explanatory and
easier to remember than traditional phone numbers. [ClosedTalk]®
uses a gatekeeper service to find the communication partner on the
network. The Diffie-Hellman key generation protocol isused to
provide secure session keys for each talk.
CompuSec® e-Identity® provides IP encryption for WAN and LAN users. An
enhancedIPSec client is a selectable function of CompuSec® 
CompuSec® e-Identity® can be installed as a product without a central
management station. In this case, CompuSec® e-Identity® creates a
security file with all the secret keys of this installation. It is
the user's responsibility to keep these keys secret. In larger
organizations, a central management is recommended. This GlobalAdmin
station manages all the CompuSec® e-Identity® installations and
provides functions for unattended installations, automatic software
rollout and software update, remote password reset and a complete
management of the VPN functions. CompuSec® e-Identity® can be used
as an integrated part of a company wide PKI structure. Details are
described in the GlobalAdmin product literature. For large customers
with multiple locations, a remote e-Identity® loading station is
available. A supplementary product for the user help desk is also
available to assist support staff with the remote password reset
functions. Automatic synchronization with Microsoft user management
and Active Directory is provided for the management of CompuSec®
e-Identity®.