FAQ

SecureAge is a Microsoft Windows based software that provides a comprehensive set of security solutions to safeguard organization's sensitive information. It comes with the following basic components:

• SecureData (SecureDs) module provides a comprehensive Data Leak Prevention (DLP) solution. It automatically encrypts all data files on the local hard drives, removable media including USB storage devices and CD / DVD, and network storage devices including network file servers, NAS and SAN systems. SecureDs ensures that data-at-rest and data-on-the-move are always encrypted. Consequently, it helps to protect data loss due to the lost of computers and storage devices, and it also prevents data leaks due to insider, remote and malware attacks.
• SecureEmail module secures (using S/MIME standard) all your email communication with other email users. It ensures the emails that you have sent out or stored on your local drive or file server are fully protected. It supports standard email software like Lotus Notes, Microsoft Outlook, Outlook Express and Mozilla Thunderbird. It also supports Outlook Web Access, webmail access to Lotus Domino and Sun Messaging servers. Optional support to public web mail systems like Hotmail and Yahoo Mail are also available.
• SecureDisk module secures an entire disk volume on your desktop, laptop or network drive transparently. Its powerful PKI capability allows the secure disk volume to be easily and securely shared among any selected group of users.
• SecureFile module provides digital signature and encryption capabilities to protect individual file/folder on your machine and for securely exchanging them with other users. It also comes with a powerful "Wipe" file utility that allows you to erase files without the concern that someone else may recover them later using sophisticated tools.

SecureAge supports a wide range of standard security algorithms and protocols listed below:

• Full PKI technology for key and digital certificate management
• Support SSL, S/MIME standards for network and data/email security
• Support a full range of smart cards and USB tokens for secure key storage
• Support highest security encryption algorithms like 256-bit AES, 168-bit 3DES, RC-4, RC-2, etc.
• Support strong public key algorithms like 1024/2048-bit RSA algorithms.
• Support digital IDs (keys and certificates) issued by standard public Certificate Authorities.

The software runs on Windows 2000, XP, 2003 and Vista. Limited support is also available for Windows 95/98/ME.

Please write to us at contactus@secureage.com to request for a 30-days free trial download. Once the trial period expires, you may purchase a license to continue using SecureAge software.

You could approach your authorized reseller, or contact us at support@secureage.com.

For the technically inclined user, you might want to check for the error log files in the following directory:

<drive>:\Documents and Settings\<user>\Application Data\SecureAge Technology\SecureAge\Log

Digital certificate is a file that contains the user's information, signed by the Certification Authority (CA). It also contains the public key of the user which is made publicly available to all the other users. The private key which corresponds to the public key in the certificate is a secret key that is kept by the user, either in the form of a smart card, USB token, or stored on the local hard disk.

The private key and the public key are very large numbers that are generated with special mathematical property. Specifically, the private key can be used to digitally “sign” a document or email in which the signature can be verified by the public key (or the certificate containing the public key). For encryption, other user can encrypt a digital document or email to the user by using the user’s public key. In this case, the encrypted content can only be decrypted by the user’s corresponding private key. These two operations are the foundation of public key cryptography technology.

In a secure environment, your digital ID should be stored on a smart card or USB token. This ensures that no one can copy the secret keys without the proper PIN. Alternatively, your digital ID can be stored on the local hard drive or on a removable storage device. In such cases, the private key is protected by password based encryption. The user will need to enter the correct password in order to access his/her digital ID.

In an enterprise deployment, a central authority within the organization usually holds a copy of every user key. This is for the purpose of replicating the keys when the users lost their keys or to recover encrypted information when the users left the organization. It is important for the central authority to safeguard the backup keys by storing them in secure location and in encrypted format.

It is a modern branch of cryptography in which algorithms employ a pair of keys (a public key and a private key) and use a different component of the pair for different steps of the algorithm.

For encryption, when A wants to ensure confidentiality for data it sends to B, it encrypts the data with a public key provided by B. Only B has the matching private key that is needed to decrypt the data.

For signature, when A wants to ensure data integrity or provide authentication for data it sends to B, it uses its private key to sign the data (i.e., create a digital signature based on the data). To verify the signature, B uses the matching public key that A has provided.

In order to ascertain a user’s public key is valid, the public key and relevant information (e.g. name, organization, email address, etc) of the user can be put together and digitally signed (endorsed) by a trusted Certification Authority (CA). The resulting digital document is known as a digital certificate.

Yes. SecureAge provides native generation of RSA key with strength up to 4096-bit. When deployed in conjunction with SecureAge SA PKI, SecureAge acts as a full PKI client with the capability of performing certificate request, retrieval, revocation, and renewal. When used with any third party CA, SecureAge provides a complete interface to import key and certificate in PKCS#12 file format and PKCS#11 smart card and token format.

Yes. SecureAge supports LDAP for certificate look up in both manual and automatic modes. In the automatic mode, SecureAge LDAP supports will automatically search and download missing certificate from the LDAP server. This allows the user to send encrypted email seamlessly even when he or she may not have the recipient’s certificate locally.

Yes. SecureAge provides a comprehensive support for CRL checking, update and retrieval. CRL is always checked every time a certificate is used in any SecureAge operation, including email signing, verification, encryption and decryption. CRL can also be configured for automatic download from LDAP and Web server. Any certificate that comes with valid Certificate Distribution Point (CDP) will also be updated automatically.

Yes. SecureAge supports automatic OCSP checking to complement its CRL support. The real-time nature of OCSP checking for certificate validity assures that SecureAge is protected against security gap that may be introduced even after a certificate has been revoked.

Smart card or USB token provides an additional layer of physical protection to the user’s private key. The private keys that are stored in the smart card and USB token cannot be copied if they fully conform to the PKCS#11 standard. Furthermore, most of the smart card and USB token also come with autolock feature such that the smart card and USB token are rendered inoperable once too many wrong PINs are entered.

Each smart card or USB token comes with their specific device driver. You will need to install the device driver in order to make use of these smart card and USB token. You will also need to specify the exact PKCS#11 device driver file name in order for SecureAge to use the corresponding smart card or USB token. Some commonly used device driver file names are already pre-configured in SecureAge. If you are not sure which file name to specify, please check your smart card or USB token user guide.

SecureAge is capable of generating keys directly within the smart card and USB token. This ensures that the keys are never exposed to untrusted machines and hence provides the highest level of key protection security.

SecureAge can also import a software key directly into the smart card or USB token. This allows the user to initialize the smart card or USB token with the key and certificate they obtained from any CA in the form of PKCS#12 digital ID.

SecureAge comes with a product licensing scheme that ties the product license to your machine configuration. This is very similar to Windows XP product licensing scheme. By entering the product key that comes with your SecureAge software, you will enjoy using the product features for up to 30 days. Anytime during this period, you may activate your product key to receive the full product license from the SecureAge license server. You can then make use of the SecureAge product for as long as you are entitled to under the product key that you have purchased.

Product key can be entered during the software installation time. Alternatively, you can right click on the SecureAge icon (bottom right-hand corner of your screen) and select "About SecureAge". You can then click on the appropriate product key button.

You need to activate your product key only if you are using end-user product key. Right click on the SecureAge icon (bottom right-hand corner of you screen) and select "About SecureAge". You can then click on "Activate..." to activate your product key.

Usually, you do not need to. However, if the activated license code is removed from your machine (e.g. you have reformatted your hard drive), you will then need to re-activate you product key again. If there is no change to you machine configuration, the same product license will be retrieved from the server.

SecureAge comes with a product licensing scheme that ties the product license to your machine configuration. You can reactivate your product key if you have not exceeded your activation limit. If you have exceeded your activation limit, you will need to purchase additional product key from an authorized reseller. If you have legitimate reason for exceeding your activation limit, please contact us at: support@secureage.com.