ERUCES Tricryption® Desktop is a transparent file protection and security solution, which is used to encrypt any sensitive file including programs, executables and shared libraries on desktops, laptops and servers at the department or enterprise level.

Tricryption Desktop allows enterprises with confidential information to protect files from hackers as well as malicious insiders. Since Tricryption Desktop works at the file system level, it provides for a truly transparent and seamless solution for protecting files, applications and their libraries.

Tricryption KeyServer Software Components:

Remote Engine

Performs File Encryption/Decryption

Communicates with Key Server to obtain key modules

• CSM (Dependencies to Key Server CSM)
• KS (Open SSL) – Remote Engine (Open SSL)
• KS (HSM) – Remote Engine (HSM, Open SSL)
• Key Manager (Redirects All Key Requests to KS [if On-line])
• Communications I/O Control to File System Filter Driver TCP/IP/TLS to: File System Filter Manager;
• Command Line Utilities; & Communications Module of Key Server
• Persistency (File) [Conditionally Activated if Offline from KS]o Uses Local Files (Not RDBMS)
• Authentication [Conditionally Activated if Offline from KS]
• Authorization [Conditionally Activated if Offline from KS]

File System Filter Driver

• Kernel component (Loadable Kernel Module)
• Windows “Filter Driver”
• *nix “Stacked Driver”
• Module intercepts requests to a file system on a host OS
• If determined a file is encrypted or needs to be encrypted - calls the Remote Engine
• Functions as a “Transparent Trigger”
• Mandatory secure data-at-rest with dual policy
• nix/Windows enforces where a user saves a document
• Tricryption Client enforces directories to be secure (all files encrypted)
• Files encrypted (AES/3DES) in 4K Chain Block Cipher mode ‘pages’

File System Filter Manager

Platform Independent GUI Application

• Manages local environment
• What Kind of Authorization
• What Folders Will Be Secured
• Authenticate to the Key Server (Login)
• Encrypt File Manually if Desired (Outside Secure Folders)
• Set ACL for Encrypted Files
• Support for online/offline work
• Mark keys that need to be checked out
• Go offline (autonomous action)
• Go online (synchronize keys with KeyServer)

Command Line Utilities

Replicate functionality of the file system filter manager in the command line

• Allows System Administrators to:
• Manage remote workstations
• Utilize functionality of the Tricryption Client in command/shell scripts

Transparent Encryption and Decryption

Tricryption Desktop works within the same system level as most anti-virus products. Anti-virus solutions scan the file for possible virus signatures before writing the file to the hard disk, Tricryption Desktop works in a similar fashion. When a user creates a file, Tricryption Desktop intercepts the clear text data file and encrypts it and stores it on the hard-disk in encrypted format only. No clear text data files, including temporary files and backup files are ever stored on the disk.

One Key Per File Encryption

Tricryption Desktop uses the Tricryption key management technology to provide the enterprise with the most secure and flexible file encryption solution on the market today. The Tricryption Desktop is deployed on desktops and laptops where file protection and encryption may be required. Every file which is created is encrypted with a new unique symmetric key (AES or Triple DES) which is created by the centralized Tricryption Key Server, and stored in a central Tricryption Key Database. No keys are stored with the files they protect. This provides the organization with a level of protection and granularity unattainable with common encryption technologies.

Secure Information Sharing

A Tricryption Desktop user can securely share encrypted documents with other Tricryption Desktop users authorized by the organization. Users can allow other trusted users access to their files and applications. Tricryption Desktop users cannot share encrypted files with outsiders or users who do not have permission to access the Tricryption system.

Remote Management and Real Time Revocation

Since an organization has full ownership and control over the centralized Tricryption KeyServer , it can perform real time revocation of keys and denying or granting access to files that have been encrypted with Tricryption Desktop. Revocation may be required if a policy change occurs or a laptop or data has been lost or compromised.

Secure Removable Media

Tricryption Desktop can require all data transferred and stored on removable media, including USB thumb drives, to be automatically encrypted. This prevents malicious insiders from transferring files to easily concealed portable media for the purpose of data theft.

Mobile Workforce Support

Tricryption Desktop protects an organization’s sensitive data stored on mobile workforce laptops and remote desktops. For users without access to a network connection, key checkout and offline features allow users to access encrypted information and create new encrypted files. Key Checkout and offline functionality are privileges that are granted by the organization to authorized users. A user without such privileges can access files and encrypted information only when connected to the network.

Encryption Policy Enforcement

Tricryption Desktop management and utility tools allow administrators to manage implementation of the product for large scale rollouts and individual desktop or laptop installations. Combined with an effective security policy, Tricryption Desktop secure against sensitive data and file theft or misuse.

Cross Platform

Deploy a single encryption solution across your enterprise while protecting all data types. Tricryption Desktop is supported on multiple platforms including:
Windows XP, Windows 2003 Server, Windows 2000, and Linux platforms.