Enterprise Security Solutions Security Solutions Enterprise Security Security encryption Security Services Enterprise Security Solutions
      About Us  |  Contact Us  |  Careers  |  Site Map  
 

Security Solutions

  Blog  |  Facebook  |  Twitter  |  Skype  
       |  Français  | Español  |  Polski  |  عربية  
Security Solutions

Home  |  Security  |  Solutions  |  ERP Systems  |  MKT Services  |  IT Services  |  SEM/eCommerce  |  Alliances  |  Partners  |  Locations  | 

Security Services Enterprise Security Solution



eCLIPse – Enterprise Security Solution is an encryption software security solution for any business that requires frequent exchange of secure encrypted data. eCLIPse, simple to integrate and apply, (supports multiple encryption tables) provides safe transfer of confidential data to and from authorized external resources all the while preventing unauthorized viewing. Security is managed by smart-card technology (smart-card chip fitted into a USB token). Using simple, effective and affordable physically secure USB tokens, eCLIPse functions at the National Institute of Standards ( USA’s NIST “FIPS 140-2 Level 3”)

Initialization - Setting up the keys
A standard practice is to have groups of two users from two business areas with each user only providing one half of an encryption key.
     
The company is protected, since this practice ensures that one user does not know the other’s key choice. Putting the two halves together by random selection means that each user does not know a final key value. eCLIPse supports multiple encryption tables with randomly assigned keys. Head office security administration sets up the USB token contents to match. There are two levels of head office control. One is constructing one more tables by choosing ten keys to insert into a table, and the other is choosing which of the keys from within an assigned table will be further assigned to an individual or group. Essentially, each business area may set up its own table and assign users to specific keys.

Comparison with Hard drive Encryption
eCLIPse encryption management is the best solution. Here is why. The argument that one will provide is, why not use a hard drive that is fully encrypted, who needs eCLIPse ?

When the hard drive is encrypted, a problem may arise if a file has to be copied or if maintenance has to be performed. An encrypted copy from that hard drive may not decrypt correctly on the target device. This is usually due to hardware differences between disk drives from the same manufacturer and especially if the target drive has no encryption. If a technician has to repair the contents of the system with the encrypted hard drive, he needs the encryption / decryption keys (provided at logon). If he can log onto the system, he has access to the data, and likewise, so can a hacker. Other concerns include alpha-numeric sorting of encrypted data. There is no guarantee that in using an encrypted drive, data can be sorted in lexicographical order.

Your company’s “Information” is more valuable than the computer it is on. If your laptop computer is lost or stolen, your confidential information cannot be decrypted without your authorized USB token.

Other Uses for eCLIPse Enterprise Security
Do you have trouble remembering all your passwords and other personal information? With eCLIPse, you can safely store them in an encrypted file protected by the USB token.

How Eclipse works
Easy, first you will receive the pre-encrypted file (s) from Head Office. The encrypted file was created choosing two of the 10 keys. Instead of transmitting the keys, the index entries of these two keys prefix the data along with other meta data, such as the encryption algorithm used. The file is sent to the user(s) using a safe file transfer method (Secure FTP in an SSH environment). Note that the 10 keys stored in the USB token are identically stored in the head office image of the token’s table.

To view the file, start eCLIPse and plug in and log-into USB token. The two key indexes and the encryption method is read from the file. The two index values are used to retrieve the decryption keys from the USB token. Along with the algorithm ID, decryption takes place. Encryption publication methods supported are “DES Data chaining” and Triple DES.

For uploading to the server, start eCLIPse and logon to the USB token. Two of the encryption keys stored in the USB token are used to encrypt the data prior to uploading. The encryption keys, selected by head-office administration, are different from the server to laptop decryption keys. The file is encrypted and pre-pended with the indexes of the encryption keys placed in the file header. After reception by the head office, the data is decrypted in decrypted in the same way as files sent to the laptop.

All encryption keys and key locations in the table are managed with the eCLIPse administration facility. The administration facility is a head-office tool, and it is the only place where one can initiate an update to the USB token. All information on the USB token is hardware protected and encrypted. Common practice is to update all the USB tokens and decryption keys every other year.

Two different recipients with copies of the same data, after encryption, may receive differently encrypted downloads as the “table with keys” and the ordered list of encryption/decryption keys may differ from USB token to the next. This means that if one individual loses his USB token, the one he borrows from his peer may not decrypt his own data.

Three Strikes and Your Out.
The hardware of the USB token is designed to support an absolute maximum of ten successive failed logon attempts after which the USB token must be returned for hardware re-initialisation. Within eCLIPse we have set the application logon threshold to three. In the event of USB token logon failure, eCLIPse provides for overrides via voice contact to head office. Standard questions from head-office are used to validate the user. Following user validation the user has twenty minutes to use a password given verbally or by email. He uses it to login to the USB token and is forced to immediately enter a new user password.

Session timeout
If the user leaves the laptop inactive for predefined time, eCLIPse can be set to block and requires a new logon. There is a keyboard lock option to handle coffee breaks.

The USB token remains on the owner’s keychain, is not stored with the laptop and is not normally interchangeable with another users USB token. Each USB token also has a logon access mechanism, with options to control number of logon attempts before lockout, number of allows executions, timeout mechanisms and many other selectable security functions.

eCLIPse provides up-to-date safe transfer of confidential data to and from managers and auditors, all the while preventing unauthorized viewing. Encryption security is managed by eCLIPse's head-office administration system, tailoring full transfer management of encrypted data between the individuals laptop and head office.

eCLIPse Modes of Operation
eCLIPse may be setup for batch download.. eCLIPse itself does not do the file transfer. Encrypted files are stored on the laptop or on a flash drive. No unencrypted data will be present on either. eCLIPse may also be used for real-time live access. Application Programming Interfaces (APIs) are provided.

Some additional system management information
USB token management. When the head office client receives his order of serial numbered USB tokens, he registers the serial numbers in a database and lists them as unassigned. The database design can hold information for 10,000 USB tokens.A USB token can be used with one or more applications but to only one specific user. If need be, a user may have more then one smart-card USB token, to answer his particular needs.

Usage Examples
A large Canadian Banking-Financial Institution has regional data centers in different localities. After the head-office data processing of sensitive business data is completed, the files are encrypted and sent to their regional centers.
The regional centers decrypt the received file and immediately re-encrypt it for the authorized user of the USB token. This action prevents a head-office person from knowing decryption key information for the files destined to the end-user. In 10 years of use, no security loss of confidential encrypted information has ever occurred. This institution dedicated two of the 10 encryption key slots for global inter-branch transmission. A user uses the USB token to encrypt and transfer data that is needed in another branch.

Canada’s Quebec Provincial auditors, l'Autorité des marchés financiers, are using the eCLIPse security solutions system to manipulate laptop based secure data.

Not implemented is Public key encryption or PGP, but may supported on request. Triple DES is banker secure, executes well on older laptops as well proven. The USB token keys for future algorithm support may vary from 64 bits to 640bits (8 bytes to 80 bytes).

The eCLIPse USB token is validated to security level “FIPS 140-2 Level 3”, from the National Institute of Standards and Technology, USA.

Want to learn more?
Do you want to learn more about Security Sulutions ? To speak to a representative who can help answer your questions please contact the itBMS sales office or email your questions to: sales@itbms.biz
   


 
Download eCLIPse Security Solution PDF Brochure






Smart USB Encryption
Security Device



The SPYRUS Smart card and USB Security Devices and Smart card readers provide strong encryption with authentication, nonrepudiation, and auditing capabilities in a compact form factor. Now available with enhanced algorithm support, the Series II security device provides the strongest, most economical, future-proof protection available anywhere for sensitive data.

About Encrypted Security Systems
Federal Information Processing Standards Publication (FIPS PUB) 140-2, Security Requirements for Cryptographic Modules, specifies the security requirements that are to be satisfied by the cryptographic module utilized within a security system protecting sensitive information within computer and telecommunications systems (including voice systems). The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3, and Level 4. These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be employed. The security requirements cover eleven areas related to the secure design and implementation of the cryptographic module.

These areas include the following:
1. Cryptographic Module Specification
2.Cryptographic Module Ports and Interfaces
3. Roles, Services, and Authentication
4. Finite State Model
5. Physical Security
6. Operational Environment
7. Cryptographic Key Management
8.Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC)
9. Self Tests
10. Design Assurance
11. Mitigation of Other Attacks

The Cryptographic Module Validation Program (CMVP - www.nist.gov/cmvp) validates cryptographic modules to FIPS PUB 140-2 and other cryptography based standards. The CMVP is a joint effort between NIST and the Communications Security Establishment (CSE - www.cse-cst.gc.ca) of the Government of Canada. Products validated as conforming to FIPS PUB 140-2 are accepted by the Federal agencies of both countries for the protection of sensitive information (United States) or Designated information (Canada).

In the CMVP, vendors of cryptographic modules use independent, accredited testing laboratories to have their modules tested. Organizations wishing to have validations performed would contract with the laboratories for the required services.


Tailored Security Solutions

Provides your Company
whith the most valuable
Security Solutions Systems


Please contact us to learn
more about

Security Solutions

Article to read:

The role of eCLIPse in Security
by Leslie Satenstein
October, 2009

Security Reference Material
to read:

- FIPS 140-2 Level 2

- FIPS 140-2 Level 3

- National Institute of Standards
and Technology, USA.




 

SOLUTIONS
eCLIPse Security Solutions
ETAPS
EPSOD


SEO / SEM
Search Engine Optimization
Search Engine Analysis
Search Engine Marketing


ERP by INDUSTRY
General Info
Wholesale / Retail Distribution
Manufacturing
Retail Point of Sales (POS)
Finance
Fashion and Apparel
Service Industries



SERVICES
Sales and Representation
Business Development
Build Channel of distribution
Pre-Sales-Customer Service
Technical SupporT
Call Centers


SEM/eCOMMERCE
Web Site Solutions
Viral Marketing


WHITE PAPERS
Market Report
Business Analysis Report
Newsletters
Executive Report
Survey Report
Product Review
Podcast
Case Study


PARTNERS
Distributor
Reseller

ALLIANCES

OpenBravo
SugarCRM
Spyrus


LINUX
Friendly


Validate by Valid XHTML 1.0 Transitional Valid CSS! itBMS - IT BUSINESS & MARKETING SOLUTIONS INC. - © 2009 - 2015 - Powered by eGRAPH Enterprise Security Solutions