e-Lock 1.1

Secure your data communications

How much confidence can you place in the data you send and receive across a network? As the Internet and intranets play more important roles in data communications, this question becomes critical. While sensitive data is in transit, it is susceptible to unauthorized viewing (loss of confidentiality) and malicious tampering (loss of integrity). Furthermore, unscrupulous individuals can easily disguise their identity (lack of authentication) or deny involvement (repudiation) with regard to a particular electronic transaction. If you want to secure your data transactions, take a look at the Frontier Technologies e-Lockproduct line.

e-Lock
The e-Lock suite consists of three modules (e-Sign, e-Mail, and e-Cert)that you can use individually or together. This flexibility lets you tailor the product to meet your need for confidentiality, integrity, authentication, andnonrepudiation. The e-Sign module lets you digitally sign any electronicdocument. The e-Mail module is a full-featured email package with integrateddigital signature and file encryption capabilities. The e-Cert module gives youthe tools to operate and administer a private Certification Authority (CA--formore information about becoming a private CA, see Tao Zhou, "You Can Be aWeb Certification Authority").

Each module ships with hard-copy documentation that provides helpfulbackground information, a concise guide to installation and configuration, andshort tutorials that step you through the major features. The modules alsoprovide comprehensive online documentation presented in the familiar Windows NTformat. I installed all three modules without a hitch on an Intel-based machinerunning NT Server 4.0.

e-Sign
The e-Sign module provides for integrity, authentication, and nonrepudiationby letting the user digitally sign any file. After skimming the first few pagesof the e-Sign documentation, I had the module ready to use within five minutes.However, creating digital signatures required that I obtain a public keycertificate. When you use e-Sign to digitally sign a file, the module generatesa file digest that is encrypted using asymmetric key encryption techniques. Youcan decrypt the digest only by applying the signer's public key. The public keycertificate then serves as the link between the signer's public key and thesigner's identity. Using Frontier's Tapestry Web browser (shown in Screen 1),which the standard e-Sign package includes, I quickly acquired and installed apublic key certificate from VeriSign. The e-Sign documentation doesn't discussalternatives to Tapestry for installing public key certificates; and besides thesimplicity Tapestry offers for installing certificates, I didn't discover anyTapestry features that set it apart from the more popular browsers such asNetscape and Microsoft's Internet Explorer.

You can access e-Sign from the Start menu and take advantage of NT's rightmouse-button functionality. All I had to do was click a filename, choose asignature method (encapsulated or detached), and supply an appropriatecertificate and password. I verified a signed file with equal simplicity in onlya few seconds.

e-Mail
The e-Mail module uses the Secure MIME (S/MIME) protocol to provide variouslevels of security between any two email clients that support the protocol. Youcan choose encryption, digital signing, a combination of the two, or nosecurity. Frontier incorporates S/MIME into its email client, or you can buy theprotocol from Frontier as an add-on for other email client packages such asQualcomm's Eudora and Microsoft Exchange.

I didn't find any significant shortcomings in the email client, and I foundall the features I expected in a sound email package. Accessing the integratedsecurity features was elegant and efficient. I could digitally sign or encryptthe message by setting two buttons. The client also has default button settingsthat will easily encrypt or sign messages if you use the same security optionsregularly.

e-Cert
The e-Cert module provides the infrastructure for establishing a CA on aprivate intranet. The CA validates e-Lock's security services without requiringthe acquisition of certificates from a public CA. Although establishing asecurity policy for a private CA is a complex task, the documentationaccompanying the e-Cert package provided a helpful overview of the relevantissues and alternatives. With the help of Frontier's documentation and e-Cert'swizards, I created a custom CA issuer, enrolled my Internet Information Server(IIS) server, and enrolled a client in about 30 minutes.

The Verdict
The e-Lock suite is a sound product for addressing the security issuesassociated with data communications. The only shortcoming I encountered ise-Lock's inability to encrypt arbitrary files. Although you can digitally signany file to maintain its integrity, you cannot maintain the confidentiality ofthat data within the e-Lock suite. However, Frontier reports that the nextversion of e-Lock, scheduled for release this fall, will integrate standard fileencryption features into the e-Sign module. With this addition, e-Lock willbecome a one-stop solution for network data security.