Secure your data communications

How much confidence can you place in the data you send and receive across a network? As the Internet and intranets play more important roles in data communications, this question becomes critical. While sensitive data is in transit, it is susceptible to unauthorized viewing (loss of confidentiality) and malicious tampering (loss of integrity). Furthermore, unscrupulous individuals can easily disguise their identity (lack of authentication) or deny involvement (repudiation) with regard to a particular electronic transaction. If you want to secure your data transactions, take a look at the Frontier Technologies e-Lock product line.

e-Lock
The e-Lock suite consists of three modules (e-Sign, e-Mail, and e-Cert) that you can use individually or together. This flexibility lets you tailor the product to meet your need for confidentiality, integrity, authentication, and nonrepudiation. The e-Sign module lets you digitally sign any electronic document. The e-Mail module is a full-featured email package with integrated digital signature and file encryption capabilities. The e-Cert module gives you the tools to operate and administer a private Certification Authority (CA--for more information about becoming a private CA, see Tao Zhou, "You Can Be a Web Certification Authority").

Each module ships with hard-copy documentation that provides helpful background information, a concise guide to installation and configuration, and short tutorials that step you through the major features. The modules also provide comprehensive online documentation presented in the familiar Windows NT format. I installed all three modules without a hitch on an Intel-based machine running NT Server 4.0.

e-Sign
The e-Sign module provides for integrity, authentication, and nonrepudiation by letting the user digitally sign any file. After skimming the first few pages of the e-Sign documentation, I had the module ready to use within five minutes. However, creating digital signatures required that I obtain a public key certificate. When you use e-Sign to digitally sign a file, the module generates a file digest that is encrypted using asymmetric key encryption techniques. You can decrypt the digest only by applying the signer's public key. The public key certificate then serves as the link between the signer's public key and the signer's identity. Using Frontier's Tapestry Web browser (shown in Screen 1), which the standard e-Sign package includes, I quickly acquired and installed a public key certificate from VeriSign. The e-Sign documentation doesn't discuss alternatives to Tapestry for installing public key certificates; and besides the simplicity Tapestry offers for installing certificates, I didn't discover any Tapestry features that set it apart from the more popular browsers such as Netscape and Microsoft's Internet Explorer.

You can access e-Sign from the Start menu and take advantage of NT's right mouse-button functionality. All I had to do was click a filename, choose a signature method (encapsulated or detached), and supply an appropriate certificate and password. I verified a signed file with equal simplicity in only a few seconds.

e-Mail
The e-Mail module uses the Secure MIME (S/MIME) protocol to provide various levels of security between any two email clients that support the protocol. You can choose encryption, digital signing, a combination of the two, or no security. Frontier incorporates S/MIME into its email client, or you can buy the protocol from Frontier as an add-on for other email client packages such as Qualcomm's Eudora and Microsoft Exchange.

I didn't find any significant shortcomings in the email client, and I found all the features I expected in a sound email package. Accessing the integrated security features was elegant and efficient. I could digitally sign or encrypt the message by setting two buttons. The client also has default button settings that will easily encrypt or sign messages if you use the same security options regularly.

e-Cert
The e-Cert module provides the infrastructure for establishing a CA on a private intranet. The CA validates e-Lock's security services without requiring the acquisition of certificates from a public CA. Although establishing a security policy for a private CA is a complex task, the documentation accompanying the e-Cert package provided a helpful overview of the relevant issues and alternatives. With the help of Frontier's documentation and e-Cert's wizards, I created a custom CA issuer, enrolled my Internet Information Server (IIS) server, and enrolled a client in about 30 minutes.

The Verdict
The e-Lock suite is a sound product for addressing the security issues associated with data communications. The only shortcoming I encountered is e-Lock's inability to encrypt arbitrary files. Although you can digitally sign any file to maintain its integrity, you cannot maintain the confidentiality of that data within the e-Lock suite. However, Frontier reports that the next version of e-Lock, scheduled for release this fall, will integrate standard file encryption features into the e-Sign module. With this addition, e-Lock will become a one-stop solution for network data security.

e-Lock 1.1
Contact: Frontier Technologies * 414-241-4555 or 800-929-3054
Web: http://www.frontiertech.com
Email: info@frontiertech.com
Price: e-Cert: $799; e-Sign:$99; e-Mail: $49
System Requirements: Windows NT Server, NT Workstation; 16MB of RAM; 22MB hard disk