Upload
steven-max-patterson
View
286
Download
9
Embed Size (px)
DESCRIPTION
Citation preview
DICA Technologies AG * www.dica.de * 10.04.23 1
DICA Scrypt-Guard
Mail Encryptor ScryptMan Admin Interface
DICA Technologies AG * www.dica.de * 10.04.23 2
DICA Scrypt-Guard™ Mail EncryptorFunction and Features
Secures E-mail traffic over the Internet
• Authentication between DICA Secure Domains
• Digital signature of E-mails
• Anonymity of the E-mail sender and addressee
• E-mail encryption including all attachments
DICA Technologies AG * www.dica.de * 10.04.23 3
@DICA Scrypt-Guard™ Mail EncryptorBenefits
Simple secure E-mail communications between all company locations as well as between non-affiliated businesses
• Easy to install in existing network environment (Domain)
• Simple scalability
• No changes in user applications
• Unlimited number of users
• Unlimited worldwide usage
DICA Technologies AG * www.dica.de * 10.04.23 4
DICA Scrypt-Guard™ Mail EncryptorSimple Scalability
• No adaptations are needed in domains equipped with DICA Scrypt-Guard™ devices, in case a new domain is equipped with the DICA Scrypt-Guard™ or with a D/SM™ compatible system
• A newly installed DICA Scrypt-Guard™ automa-tically learns about other domains equipped with DICA Scrypt-Guard™ by means of the E-mail traffic between them
DICA Technologies AG * www.dica.de * 10.04.23 5
DICA Scrypt-Guard™ Mail EncryptorFeatures 1
• Authentication between DICA Scrypt-Guard™ devices based on Certificates => Protection against false identity
• Digital signature based on Group Key for Domain => Protection against manipulation
• Strong encryption of whole E-mail content incl. all attachments => Protection against Breach of Confidentiality and
Eaves Dropping
DICA Technologies AG * www.dica.de * 10.04.23 6
Web Browser Administration Interface for Scrypt-Guard
DICA Scrypt-Guard™ Mail EncryptorScryptMan
DICA Technologies AG * www.dica.de * 10.04.23 7
Domain Security Services (2)Scrypt-Guard Security Policies
Default Security PolicyPre-defined Policy, no administration tasks
Company Security PolicyCompany adapted Policy, easy to set with the help of ScryptMan
Web Browser Interface (e.g. Closed Domain Groups)
Personal Security Policy (planned)Per Mail based Policy for the single user (e.g. Mail
Acknowledgement)
DICA Technologies AG * www.dica.de * 10.04.23 8
• The user LAN with mail server and external router/firewall already exists.
InternetMail Server
• The DICA Scrypt-Guard™ will be placed between mail server and its LAN interface.
Router/Firewall
DICA Scrypt-Guard™
Transparent On the Fly Encryption (1)
No Mail Proxy
No IP Host
DICA Technologies AG * www.dica.de * 10.04.23 9
Digital Signature and Strong Encryption
New Header
Public KeyPartner
Session Key
EncryptedSession Key
EncryptedOrig. Header
Original Mail Header
Session Key
Mail Text with Signum
Encrypted Mail Text with Signum
Session Key
Original Mail Header
(Compressed) Mail Text
Optional Text Compression
Signum
Create Digital Signature
Original Mail Text
Transparent On the Fly Encryption (3)
DICA Technologies AG * www.dica.de * 10.04.23 10
The Decryption Process
New Header EncryptedSession Key
Session Key
Private Key
EncryptedOrig. Header
Encrypted Mail Text with Signum
(Compressed)Mail Text
Original Mail Header
Session Key Session Key
NewSignum
Original Mail Header Original Mail Text
Optional Text Decompression
Signum
?
Transparent On the Fly Encryption (4)
DICA Technologies AG * www.dica.de * 10.04.23 11
Public Key Infrastructure (1)
Key Pair Generation : decentral
Registration Authority : decentral
Certificate Authority : DICA Technologies
Certificate Type : Group Certificate
Certificate Format : X.509 v.3
Personal Security Environment: Software (first version)
Hardware
Key Distribution System : E-Mail Infrastructure
Certificate Directory : Web (planned)
Certificate Revocation List : Web (planned)
Infrastructure for DICA Public Key Encryption
DICA Technologies AG * www.dica.de * 10.04.23 12
ScryptGuard is DifferentCompare and Decide about ScryptGuard
Product class Remarks vs. ScryptGuard
Client based software
Installation on each client User must initiate and decide about which Email is to be encrypted Licence per client
No installation on clients
Full automatic Email-encryption No Client licences
Server based software
High efforts in administration and maintanance client/server licences
No administration and maintanance efforts No licences
VPN High threshold value for investment High efforts in administration and maintanance
Cheap No administration and maintanance required
DICA Technologies AG * www.dica.de * 10.04.23 13
Organisation AOrganisation B
Open E-Mails
Signing open E-Mail with inDICAtor
Recognizing inDICAtor by B
Secured E-Mails
. . . .
.
Public Key APublic Key B
Public Key Infrastructure (2)Key Distribution