Solution Overview
With the development of IT system construction in worldwide and the improvement of IT infrastructures, network applications are increasing in all fields and their core business functions are enhanced steadily. However, in contrast with the development, there are still weakness in terms of security protection, for instance, the information security system is not complete, the information security technologies are underdeveloped and the capacity in operation and maintenance is weak. Therefore, it has become an urgent issue confronted enterprises as well as public service and government authorities.In recent years,with the global exponential data growth, data are becoming more diversified than ever. In the context of huge amount of data, enterprise data becomes more of assets of the enterprise. Therefore, the content security management and encryption of digital assets as well as boundary management tend to be especially important. In consideration of urgent needs of users, Century Longmai presents a DLP product of meDocs – a personal edition of portable electronic document protection system.
Virtual disk function of meDocs
When the user creates a meDocs and initializes it, he/she can specify a space (virtual disk file) and the location for meDocs according to the partition status and size onthe host computer The size of meDocs maybe determined according user’s needs and is restricted by the size of partition on the host computer.
- Authentication mechanism of meDocs: By default, meDocs adopts authentication by user name/password and the user can enable the smart card authentication (without digital certificate) function as they need.
- Access and operation access of meDocs: After the user authentication, meDocs will create a virtual disk partition and the access and operation on such partition is the same as on normal partitions. At the virtual disk driver layer, meDocs adopts AES 128bit symmetric encryption (the algorithm may be replaced) to encrypt the legal access/write operations on meDocs, which is transparent to users so as to ensure the security and usability. After the authentication process, access to files in the virtual disk will be under control of meDocs and only specified trusted process is allowed to read the files and in event of any other untrusted reading operation, a message will appear, requesting confirmation by the user, so as to prevent unauthorized access. After the authentication process, when any document in meDocs is copies or moved to alocation outside meDocs, a message will appear, asking if the user wants such file to be decrypted (not protected by meDocs) or encrypted (to be stored in cyphertext). After the user logs off from meDocs or exit meDocs, the virtual disk partition will automatically disappear. All files in meDocs will be encrypted and hidden in a virtual partition file which can not be retrieved or read, so that it can protect the security in meDocs.
- Network failure protection strategy of meDocs: meDocs provide optional network failure protection strategy, which can meet even higher security requirements. If the strategy is enabled, when meDocs detects that the user is operating a file in the safe box, it will automatically cut off network connected; after the user completes operation to the file in meDocs, the system will automatically restore network connection for the user. In such a way, it can reduce the risks that important files might be secretly stolen by a Trojan horse program or other malicious programs and transmitted via the network connection.
- Backup, restore and destruction of meDocs: If the user changes his/her host computer, he/she can backup the meDocs and restore it in the new host and destruct the meDocss in the previous one.
- Multi-user support of meDocs: The encrypted spaces created by different users on a same host computer are totally different and they will neither interfere with nor allow access of other users, which makes it possible to provide multi-user support on a single host computer.
Document/folder encryption function
meDocs provide transparent encryption and decryption to files/folders and allows specialized encrypted folders.
With the file/folder encryption/decryption function, users can encrypt or decrypt a single files or a number of files in a batch.
With the folder encryption function, some folders on the host computer may be set as a specialized encrypted folder and any copying, cutting, moving or saving operation on such folder will be automatically encrypted.
Users can open the encrypted file in an encrypted folder by double clicking on it without changing user’s habits. When the user tries to edit and save the document, such document will be saved automatically in an encrypted manner. In such a way, the transparent encryption/decryption process is completed and no manual encryption/decryption is required.
Document shredder function of meDocs
The document shredder function is a deletion operation as if the document is put in a paper shredder to completely destruct it. The Recycle Bin function of Windows OS simply marks marks the file deleted, so with ordinary file restoring tools, the important information deleted by “Shift + Delete” operation will be stored very easily, which results in security risks. The document shredder function can ensure that the deleted data will be completely gone and can not be restored by repetitively write random data and erasing operations.
PKI based end-to-end file encryption
meDocs supports enterprise level CA integration. When the user copies a file from meDocs to other location, he/she may select a receiving party from the organization tree under the enterprise and meDocs will automatically obtain and use the digital certificate of such receiving user. The encrypted documents may be transmitted via U disks, E-mail and IM programs to the receiving party. The file will be automatically decrypted after the receiving party authenticates his identity with his own USB digital certificate and copy the file received to the encrypted folder. In such a way, it realizes end-to-end encrypted exchange of important electronic files.