The StealthWare Security Suite will contain a number of modular software components, closely coupled and integrated, to provide a highly secure environment that will offer easily managed, transparent security for the user. The product design paradigm will incorporate:
- Multiple very high speed encrypted drives,
- Secure e-mail employing a central certificate server and global address books,
- Secure file transfer,
- Secure on-line storage,
- Integrated VOIP and secure messaging,
- Two-factor authentication capability supporting third party tokens,
- Multi-Lingual.
Architecture
The product follows a client/server model using middleware architecture as distributed authentication servers supporting full redundancy. The diagram below illustrates the basic architecture as employed by the design.
Basic Conceptual Architecture – Copyright & Restricted
The Client Modules
These applications or applets are the parts of the StealthWare Security Suite that will be installed on the users PC. They will handle configuration, operation, authentication, encryption, data storage, VOIP integration and secure inbound and outbound email. There will be a central “host” module which will contain the individual applets and will manage the interaction between the various application functions.
The client side user experience will be split into two separate tasks – configuration and operation. Separating the configuration process from the operational component will provide additional controls that will ensure fewer support calls and, ultimately, happier users. Research has shown that users in general take considerably more care when running applets from The Windows Control Panel. The StealthWare configuration will therefore be encapsulated into a standard Windows Control Panel Applet
Each of the modules is described in detail below…
Configuration Manager
The Configuration Manager will provide functionality to allow the user to manage the secure StealthWare environment. Encrypted drives, volume sizes, remote storage, VOIP integration & secure mail will be controlled from this utility. In addition this utility will also manage registration and user preferences. The configuration manager will be installed into the Windows Control Panel.
Authentication Manager
Authentication is the process whereby StealthWare will attempt to authenticate a particular user independently of the Operating System. The process will support both single factor (password) based authentication and two factor (Hardware Token plus Password) based authentication. The Authentication Manager will allow a user to define his/her authentication parameters and will also create the required certificate and key processes depending on the users selected authentication procedure.
The Security Suite will call secure procedures inside the Authentication Manager for any process, either local or remote, that requires user authentication. This process will be transparent to the user unless they are required to enter a password etc.
Mail Manager
The Mail Manager will control the sending and receiving of secure emails and attachments. Transparent email encryption will be achieved allowing the user to send and receive authenticated and encrypted mails without any interference or additional processes. The Mail Manager will include a MAPI compliant email client with integration into Outlook (if required) although the mail client will be a fully autonomous mail engine with no reliance on the existence of Outlook.
Drive Manager
The Suite will deliver data security through the configuration and mounting of encrypted virtual drives, using user-selected key lengths and algorithms. Support for IDEA, Blowfish, CAST, DES 56 and Triple-DES will be built in as standard.
The Drive Manager will support Multiple Secure Drives (Registered Users Only) up to a pre-defined maximum. A series of drive manipulation functions (Format, map, re-map, resize, delete, backup/ restore, synchronise) will also be included. There will also be the ability to export/import data to secure archives.
VOIP Integration
The StealthWare Security Suite will also support the integration of VOIP technology from Skype. (www.skype.com). The Skype package is the current leader in capability and performance and is also the only voice product that supports fully secured voice and messaging. Adding VOIP, particularly a well marketed product such as Skype will undoubtedly add significantly to the take up expected by the products. Skype VOIP is now achieving in excess of 135,000 sign-ups per day.
The Server Modules
The central servers will provide the core functionality within the Security Suite User Base. This is a critical business area and will require careful and ongoing management. We have engaged NetSYS to manage the server network and security to ensure that we are fully capable of maintaining forecast growth and matching this with both resilience and fail-over redundancy network support. Traffic to and from the servers is encrypted ensuring no clear data or commands pass over the Internet.
SWAS – StealthWare Application Server
This middleware server will be called by every user installation with a request to create a certificate and a public/private key-pair. The certificate will be based on industry standards but will be maintained and stored on the central servers instead of the current requirement of each certificate to be downloaded to the user’s local machine.
The server will use The Elliptic Curve algorithm to create the key-pairs as this results in smaller key lengths, is considerably faster and produces highly secure asymmetric key pairs.
Address Book Server
This server is the hub of the entire eMail capabilities of the Suite. The applications running on this server will be highly optimised to ensure maximum throughput. All applications will be native binaries to ensure very high integrity and speed.
The Address Book Server will also perform background authentication of every user by identifying the embedded security code within each user message and record. This will make it impossible for one user to pretend to be another making phishing and SPAM a thing of the past for StealthWare users if a user elects to only receive mail from StealthWare registered users.
Registration & Validation Server
This server applet provides online registration and upgrade capabilities. A user may register online directly from the application or may be pre-registered by purchasing a product from a share-ware vendor or an authorised OEM partner.
The Registration Server will also handle the annual support and update subscription procedures and will allow individual users to be automatically updated if properly registered and/or subscribed.
Marketing Server
The Marketing Server provides internal marketing capabilities for the company and, to a limited degree, our OEM Partners. This server will provide the ability to execute targeted marketing campaigns by distributing emails and publications to the current user base.
It will allow OEM partners to connect to the database and to view only their customers. This will be seen as a very substantial benefit by the better OEM’s and will lead to additional marketing opportunities.