Products

Echoworx Platform

Technology/Platform

• The Power of Encryption and Credentials
• Integration with Third Party Apps
• Cloud Security
• Mobility and Credentials
• Benefits of the Platform
• Centralized Service Delivery
• Simplified Key Management
• Industry Standard Encryption
• Global Directory

The Power of Encryption and Credentials

The Echoworx Encryption Platform also known as the Credential Management Platform is the underlying technology for all Echoworx privacy products, and the underlying technology for organizations that use this infrastructure to run their own applications.

The Platform provides data encryption and credential management for mobile users, and is the solution for IT managers who need to secure corporate data on mobile devices, and for application developers who require authentication processes to enable secure sign-on and encryption from any device.

Due to stringent legislative demands for authentication, password protection is simply not enough especially when issuing valid credentials.

Echoworx is a recognized Certificate Authority (CA), its Encryption Platform encrypts data using industry standard PKI and S/MIME technologies, it provides strong encryption and digital signatures using standard X.509 certificates.

Organizations are using Echoworx to issue valid and verifiable credentials without having to manage PKI and issue digital certificates.

Top

Integration with Third Party Apps

The Echoworx API infrastructure for credential management allows third parties to integrate its credential management functionality into their applications. This is useful for organizations that would like to issue valid and verifiable credentials without having to manage PKI and issue digital certificates.

Echoworx provides a web-based console for easy credential management. This console allows the administrator to easily perform all functions including revoking user credentials, adding, removing or suspending users.

With the Echoworx API (EchoAPI) organizations can use simple HTTP methods in either XML or JSON formats making this an ideal API for developing mobile applications, web applications, and external client applications.

In the last 10 years the EchoAPI has grown considerably, with large and small organizations, using the API to integrate user credentials, user provisioning, key management, and encryption into their own portals, provisioning tools and billing systems.

The API allows third party developers to enable user management, credential management and brand management within the enterprise, mobile and client applications.

Organizations are using credentials issued via the EchoAPI to:

• Strengthen SSO projects based on SAML, OpenID, or OpenAuth
• Deliver unified identities to Soft Token applications and technologies
• Access resources in the cloud for enhanced security and multi-factor authentication
• Ensure files, content, and archives in the cloud can only be assessed by designated individuals
• Enhance VPN access to internal network resources by aligning credentials issued by the EchoAPI for individuals to VPN login
• Enable a model for dual factor authentication to any resource by aligning user name / password (What you know?) and a digital identity created via the EchoAPI (What you have?)

Top

Cloud Security

The EchoAPI addresses security issues faced by cloud providers and their customers by aligning a verifiable digital identity to applications, authentication points, and user profiles.  The central management console allows cloud security providers to control access and ensure data that lives in the cloud is always encrypted.

Top

Mobility and Credentials

With the explosion of mobile devices in the business world, enterprises need credential management solutions to prevent data leakage and to control the flow of corporate data across smartphones and tablets. mobilEncrypt is an on-the-device email encryption solution that automates the process of provisioning user credentials on devices and in the native keystores of these devices.

Top

Benefits of the Platform

Flexible Deployment

The Encryption Platform is designed to run as a managed service from one of our high availability data centers or it can run on-site within an organization’s existing IT infrastructure. Applications requiring client software can be quickly deployed using a Microsoft Installer (MSI) package

Centralized Service Delivery

A common administrative console is used across all applications to facilitate centralized management of users, credentials, policies, branding and reporting. Tasks such as deployment, configuration, management and maintenance can be automated to reduce administrative overhead

Simplified Key Management

Automated and hosted key and trust services facilitate a better user experience and minimize the operational requirements of an on-site key-management system

Works with Your Existing Infrastructure

The Encryption Platform is flexible enough to work with existing email hygiene applications, archiving agents and policy management engines

Standards Based Technology

Echoworx leverages Public Key Infrastructure (PKI), X.509 certificates and S/MIME for strong authentication and encryption. Seamlessly interoperate with governments and business partners who have already adopted solutions based on PKI technology

Low Total Cost of Ownership

Zero to low up-front capital costs, rapid deployment and minimal operational requirements translates to a low total cost of ownership

Top

Centralized Service Delivery

Using the admin consol the administrator can enrol and manage large numbers of employees, as well as control application access and manage policies and credentials. The administrator can also run reports, change the branding and unlock data in extreme situations. Many of these tasks can be automated to save time.

Top

Simplified Key Management

The Key services and Trust services functionality within the Platform automate functions related to authentication, encryption and digital signatures. This minimizes the operational requirements of a public key-based system.

Key Services

This service consists of a dual key-pair PKI model (cipher and signature) system and a network-based repository of subscriber’s credentials (certificates). This service performs key functions related to subscriber registration and password recovery.

Signature Keys

The private signature key is used in the production of a digital signature. The message recipient verifies the digital signature using the public signature key. Password authentication to the signature key can be replaced or augmented with additional security factors such as smart cards, hardware tokens, or biometrics.

Certificate Registration

This registration authority is a trusted agent of the certification authority. It first verifies that the subscriber is entitled to a Secure ID and then it invokes the key provisioning component to generate both dual key-pairs. It issues a certificate signing requests to be forwarded to the certification authority. Once issued, the certificates are placed in the directory and returned to the client. There are different levels of trust certification depending on the level of authorization required per transaction.

Password Recovery Service

The subscriber can securely store a password in a network-based repository and securely retrieve it from any web connected system when needed (i.e. if forgotten). Only a valid combination of questions with the correct answers will release the password. As an added security measure a two-stage process requires the subscriber to respond to an instructional message sent to their registered email address; this message contains a temporary web address link to a secure web location where the subscriber is authenticated before the password is revealed. A new password can be registered only after successfully authenticating to the service.

Roaming Mobile Access

When using webmail applications, the subscriber is prompted for their password in order to be authenticated. Key Services then allows the subscriber’s ID credentials to be transparently downloaded over a SSL connection. When the secure email session is terminated or expires, the cached credentials (notably, the private key) are deleted (i.e. securely wiped) from the client machine.

Trust Services

Trust Services relate to the management of digital certificates within a public key infrastructure. Certificates are digitally signed documents, issued by a certification authority, that attest to the validity of the logical binding between a principal user (identified by a unique distinguished name) and a public key, for which only that principal should have the corresponding private key. A dual-key PKI model is used, meaning that separate key-pairs are logically bound to a principal.

Cipher Keys

A private cipher key is used to decrypt a secure (i.e. cipher-text) message or file encrypted by a correspondent using the associated public key. The rationale for a dual-key model, as opposed to a single-key model, is to separate the management of keys for different purposes. The escrow of cipher key allows for key escrow at the enterprise or provider level without introducing issues of repudiation against digital signatures.

Certificate Lookup

This service interface provides an HTTP-based proxy agent by which the encryption applications can retrieve certificates from a directory server.

Certificate Validation

This service interface provides the client with the ability to check the validity of a certificate. In the context of email, it inspects the validity of the message and provides online certificate validation responder capabilities that checks whether a certificate has been revoked (i.e. published on a certificate revocation list or ‘CRL’).

Top

Industry Standard Encryption

Public Key Infrastructure (PKI) and is the de facto standard for enabling strong authentication and encryption for businesses and governments around the world, and is used throughout the Internet today to secure data transmission via well known protocols such as SSL and TLS. By binding the identity of a user or device to a certificate and through core functionality that determines which certificates are trustworthy, PKI is inherently more secure than solutions that do not rely on certificates.

Standards

• Standards include PKI, X.509, SMIME, and SSL
• We are now supporting 2048 RSA Enduser keys
• Echoworx is interoperable with other standards-based systems including Verisign, Entrust, Vontu, and IBM.
• Echoworx also uses the strongest commercially available cryptography known to the industry
• The Echoworx suite of privacy applications and the Encryption Platform are built on the following industry accepted standards for digital signatures and encryption:

• • • 1024 bit RSA End-user Keys
    • 2048 bit RSA CA Keys
    • SHA-1 hash
    • PKIX X.509 v3 certificates & CRLs
    • PKCS#10 certificate signing request
    • PKCS#12 key storage
    • 3DES and AES-256 symmetric encryption
    • S/MIME PKCS#7 encrypted e-mail format
    • HTML / XML, HTTP 1.1 / SSL
    • 2048 bit CA keys
    • CA Key Generation/Protection
    • CA Keys generated/stored on SafeNet LunaSA HSM
    • Keys signed by WebTrust certified Echoworx ROOT CA

Top

Global Directory

The Echoworx Global Directory is a repository of digital identities which makes sending and receiving encrypted emails easy for all Public Key Infrastructure (PKI) users, as it removes the technology barriers and allows for a seamless exchange of encrypted email between the sender and the recipient.
This global directory is all you need to seamlessly send encrypted messages.
Just like a telephone book, the Global Directory holds the public keys of everyone who subscribes to Echoworx Encrypted Mail enabling them to easily communicate with each other while the technology works in the background. Public credentials are identified and automatically and invisibly shared, while the sender’s identity is verified and authenticated.

 

Top