The use of eMail over the Internet is a great tool, however if your company's confidential eMail arrives in the wrong hands and can be read the consequences could be serious. The PC Pay™ device can help remove the concern of transmitting very confidential data from one place to another by providing a means to protect an encryption key used to encrypted confidential files in your PC before they are transmitted out onto the network.

The concept is to use a smart card to store a corporation's public encryption key securely whereby gaining access to the "public" encryption key is via a PIN number entered into a secure device such as the PC Pay™ device. The "public" encryption key would be public to only the corporation's employees with a properly issued company smart card, however remain private to the rest of the internet world. The "public" encryption key could be a corporate encryption key that changes periodically but is still only accessible if the employee knows the proper PIN number to access the private key in the smart card. The public key could even be encrypted using DES encryption with a special company DES key in the PC Pay™ devices owned by the corporation to further protect the public key in the smart card in case the smart card was lost. The PC Pay™ device could decrypt the public encryption key prior to sending the public key to the PC to decrypt a confidential file using a public/private key scheme such as RSA can offer; therefore, the public encryption key can remain private to the company yet the benefits of public/private key cryptography can be realized without the corporation needing a "trusted third party" to bank the corporation's "public" encryption key. Additionally, the employee's "private" encryption key should be stored in the smart card also and be only available if the proper PIN is entered to gain access to the "private" encryption key prior to sending confidential eMail.

The corporation can then manage their "public" key instead of allowing a "trusted third party" to maintain their public encryption key. An example of where this could be useful is if a corporation desires to broadcast eMail to their employees over the internet and they only want their employees to be able to read the message. Headquarters at a corporation may broadcast an encrypted messages using the corporation's "private" encryption key to all employees and if the employees have a company smart card that requires a PIN entry to gain access to the company public key ("public" yet private to only the company employees in this example) to decrypt the broadcast message, then only individuals that have in their possession a company smart card and know the proper PIN can gain access to company confidential data by decrypting the confidential message with the company "public" key. The company "public" encryption key could be changed periodically online using possibly a master/session encryption key approach supported by the PC Pay™ device whereby the corporation's headquarters updates the corporation's "public" encryption key in the company's smart cards.

An alternative to the above approach would be to have the corporation's headquarters send an individual message encrypted with the recipients public key whereby the said "public" key was obtained by a "trusted third party". This approach is functionally acceptable, however depending on the size of the file to be encrypted and the number of recipients this approach could be very processor time consuming. The recipient should still have their "private" key stored securely in a smart card with this alternative approach.

Furthermore, the combination of the company smart card and PC Pay™ device could be used to control access to the employees personal computer. For more information on secure access to personal computers and protection of confidential eMail contact innovonics at sales@innovonics.com. Additionally, please see our consulting information. The use of RSA public/private key technology is patented and companies or individuals interested in using public/private key cryptography should contact RSA at http://www.rsa.com.

Altronics, Inc. Online File Server

Graphical Logon Menu

PC Pay Homepage

Overview of the system | Usage | Security Considerations | Press releases and articles
Contact Us! | Take a QuickTour | Download Software
Request Information about PC Pay

Site Administration:

Other Languages | Innovonics Online Main Menu | Site Map and HELP!
Comments or Suggestions | Submit a Problem Report

Administered by: webmaster@innovonics.com