How SecureIT works

For large dynamic networks, SecureIT® automates site-to-site link set up and maintenance via periodic reference to an authoritative LDAP directory. Certificates and other data obtained from the directory are cached locally. For smaller static networks SecureIT® provides simplified manual link set up.

SecureIT® permits:

  • More than one active certificate per domain

  • Different certificates for signing and encryption.

  • Different signing and encryption algorithms for each link.

  • Multiple internal domains/users with their own certificates, proxy signing.

  • Automatic retrieval of replacements for expired public certificates..

  • Intelligent handling of external List Server messages.

  • Annotation of message From: and Subject: fields to show secure arrival.

  • Concealment of Subject.

  • Outbound subject line commands select policy & change sender address.

  • Use of keywords in the message body, attachments or subject line to trigger policy.

  • Collection and optional activation of certificates from inbound messages.

  • Retention of before and after encryption copies for archive purposes.

  • Detailed reporting of signature verification and decryption status is used to create meaningful messages and activity logs.

  • Messages failing policy to be annotated (message text prepended and appended) or attached to an informative message.

  • Automatic retry when outbound certificate problems occur.

  • Integration with customised messaging systems via remote procedure call API.

For large dynamic secure communities policy rules are stored, updated and disseminated centrally. SecureIT® automates link set up and maintenance, and automatically obtains and caches certificates via LDAP and CRLs via https.

For smaller static secure communities SecureIT® provides local policy and simplified manual link set up and maintenance.

Link policy is stored, updated and disseminated centrally.

Detailed signature verification and decryption status indicators are reported and can be used to create very meaningful error messages for recipients. Messages failing encryption/signature policy can be annotated (message text prepended and appended) or encapsulated (added to an informative message as an attachment).

SecureIT® uses Certificate Revocation Lists (CRL) and automatically changes the status of revoked certificates.