Digital Design: The protected mail

The protected mail - the solution for safe use of corporate mail on devices iPad and iPhone. The difference of this version of a product from previous consists in processing and optimization of a solution architecture for the purpose of performance improvement and reducing costs for its implementation and maintenance.

Innovation

• At deployment of "The protected mail" the separate server accumulating on itself information and creating additional infrastructure nodes is not required now.

• The structure of functions and the standards and protocols supported by a product is expanded.

Features of protection

"The protected mail" for IOS-DEVICES - the software tool of data protection, to the allowing mobile employees to work with e-mail on iPad and iPhone devices. The solution is held for use in the state and commercial organizations on which mail channel information classified as the confidential, trade secret, personal data (falling under requirements of providing the measures of protection shown to automated systems to class 1G inclusive and processing systems and a personal data storage to class K1 inclusive) is transferred.

Distinctive feature of the product "The Protected Mail" from foreign analogs - application for data protection of the cryptographic algorithms conforming to domestic standards (GOST 28147-89, GOST P 34.11-94, GOST P 34.10-2001).

Implementation of functions of protection and cryptography in the application does not require accomplishment of the procedure of cracking (jailbreak) of the IOS-DEVICE.

Protection mechanisms

Reduction of risk of information security is reached for the account:

• implementations of a secure channel of communication with external perimeter of the organization (TLS/GOST, two-factor authentication, enciphering and control of integrity of traffic); * storages of electronic messages on the IOS-DEVICE in encrypted form; storages of a key container on an external smart card or on the IOS-DEVICE (in any of options the container cryptographic is protected by the user's PIN code).

Depending on type of infrastructure of the customer "The protected mail" applies one of two architectural options: without proxy server or with the proxy server. The option with the proxy-server allows to make mail available to mobile employees even if the mail server of the organization has no port of access to the network the Internet. The TLS port of the proxy server is published in the Internet, and the proxy server is placed in DMZ and is intermediate base of storage of electronic messages in encrypted form that excludes information leak even in case of cracking of the proxy server.

The foreign key is provided

In "The protected mail" enciphering is applied to security of e-mails at the moments of their transfer on the Internet and storages to memories of the device.

The new version of a product got support of the S/MIME (GOST) protocol thanks to what to users transactions of the electronic signature and enciphering of contents of an e-mail before sending are available to the addressee. It guarantees reliability and confidentiality of correspondence.

As security gain measure "The protected mail" supports storage function of private key and the certificate of the user on the external smart card connected to the device via the special reader or a cover.