• Home
• Products
• Product Documentation
• About
• FAQ
• Library
• External Library
• Patents
• Contact

PRODUCT DESCRIPTIONS

TecSec^® Products

CKM^® or Constructive Key Management^®, is TecSec’s standards-based and patented key management encryption system. Enterprise-issued Credentials (permissions) are required for members to use any CKM Enabled^® end-user product. The enterprise owner establishes security rules and network practices according to the organization’s risk assessment.  These security requirements correspond to the issuance of Credentials, according to a member’s role and responsibility in the organization.  Credentials accessed via cryptography enforce the enterprise’s security requirements. 

TecSec’s highly scalable administrative tool, CKM^® Enterprise Builder, greatly facilitates the issuance, administration and management of Credentials, including their placement on password-protected Tokens, and their distribution to Members of an enterprise. [Hardware Tokens either in a smart card or fob form are available upgrades.] Only holders of proper Credentials are able to access the information encrypted with corresponding Credentials.

CKM^® Workstation is a standards-based Information Sharing product comprised of a variety of utilities and functions.  Data is protected by content, both when in transit or at rest.  By protecting and managing the data object (whether a message, a paragraph, a sentence or a word), information may be segmented with access to the information limited, such as on a Need to Know or Need to Share basis. 

The following products are described in more detail below:

• CKM^® Enterprise Builder
• CKM^® Workstation
• CKM^® Runtime Environment (CKM^® RTE)
• CKM^® Software Developer’s Kit (CKM^® SDK)

CKM^® Enterprise Builder

CKM Enterprise Builder (EB) is TecSec’s sophisticated and flexible administrative tool, well suited to large companies, but also easy for smaller organizations to employ.  It works in conjunction with CKM Workstation, using the CKM Runtime Environment (CKM RTE) lodged in Workstation.

Some of the highlights of EB include:

• Managed by Enterprise personnel after a few hours of training;
• Easily tailored to the existing organizational structure of an Enterprise;
• Can be implemented for the Enterprise’s own risk-assessed security requirements;
• Highly flexible and allows for administration of one or many Domains, including maintaining multi-enterprises and databases.
• This administrative control fits conveniently on a laptop, storable in a safe.

CKM Enterprise Builder provides a simplified method for assigning and distributing Credentials (information access permissions) consistent with the organization’s defined security architecture, its rules and the role(s) of members (employees).   By enrolling members and assigning rights to these members, the system owner establishes who is allowed access to what information. These rights (Credentials) permit data separation and Role Based Access Control (RBAC) enforced cryptographically, protecting content as well.  Credentials are stored on a Token. Tokens are created by EB (soft tokens) or initiated by EB (hard tokens).

CKM Enterprise Builder allows organizations to design, implement and manage a secure architecture for access management and communications - while enforcing the Enterprise’s rules and roles cryptographically.

Added features of CKM Enterprise Builder include:

• Active Directory Link (ADL) capabilities. EB with Active Directory Link (EB ADL) builds the link between Microsoft® Windows® 2000 Active Directory® (AD) and EB, thus providing the foundation for the Enterprise infrastructure.
  • EB with ADL administers all Member and Domain or Organizational Unit (OU) information with the same robust tool.
  • The Information Technology group may be authorized to extend some Enterprise Authority (EA) and Organizational Unit Authority (OUA) functions to AD, minimizing the administrative level of Member and OU information.
  • Changes made in AD are automatically available in EB, continuing controlled access to data.
  • Member information created with AD can be exported into EB by using EB with the ADL program. Therefore, any changes made in AD are automatically available in EB, continuing controlled access to data.
• Maintenance Level Control/Support - at the Member level, giving Domain or Organizational Unit Authorities the ability to change the Maintenance Level for one user rather than having the Domain Authority change the Maintenance Level for the entire Domain.
• Secure database for enterprise’s own customizable e-auditing system (defined reporting on Administrator activities, etc. including transactions).
• CKM Enterprise Builder is a labor saving and control enhancing administrative tool, well suited to the management of the varying security requirements of Enterprises.  Enterprises starting with soft tokens will benefit from EB’s consistency and flexibility upon migrating to hard tokens.

CKM^® Workstation

CKM Workstation consists of the following components, as described below:

§  CKM Desktop

§  CKM Mail

§  CKM Word

§  CKM Secrypt

• The CKM^® Desktop Suite (CKM Desktop) - Convenient and transparent, the basic CKM Desktop unit contains the CKM Runtime Environment (CKM RTE) and also consists of the following components:

o   CKM^®file is a file encryption tool that provides file level RBAC. This application supports digital signing and verifying of signatures, as well as integration with Microsoft^® Outlook^® for E-mail attachments. It has a user-friendly and intuitive drag-and-drop interface and includes a secure delete component.

o   CKM^®web is a web plug-in that integrates seamlessly with Microsoft^® Internet Explorer. It allows you to decrypt files that have been encrypted using CKMfile and uploaded to the web.  CKMweb also provides digital signature verification for files that have been digitally signed.  CKMweb lends itself to rapid, broad distribution of confidential information.

o   CKM^®clipboard works with your built-in Microsoft^® Windows^® Clipboard to encrypt sensitive information.  It enables you to cut or copy any kind of data (text, graphics, tables, multimedia files, etc.) from any Microsoft^® Windows^® program that has Clipboard support (Microsoft^® Word^®, Microsoft^® Excel^®, Microsoft^® Notepad, Microsoft^® Paint etc.), encrypt it and paste it into any other such program. 

• Recent enhancements to CKM Desktop include:
  • Enhanced Token Management - The former CKM^® tokens application has been seamlessly integrated into CKM Desktop.  Token management is now being handled within CKM Desktop via a Tokens tab in the CKM Desktop Preferences window, giving end-users the same look, feel and usability as all other components of CKM Desktop.
  • CKM^®file - not only allows a user to encrypt a file using Credentials and Certificates but now allows encryption using only a PKI Certificate.
  • CKM^®clipboard - allows you to place an ActiveX^® object inside of any supporting application as an icon that replaces the ciphertext used in previous releases.  The ciphertext functionality is still available for those who prefer to display ciphertext.
  • PKI Interoperability - In addition to Entrust^® PKI v6.0, Microsoft^® Windows^® 2000 PKI, RSA Keon^® CA v6.02, Sun™ ONE Certificate Server v4.7 (formerly iPlanet), Digital Signature Trust, Verisign Managed PKI v5.0 and many more, CKM Desktop is now interoperable with Access Certificates for Electronic Services (ACES) and DoD Interim External Certificate Authorities (IECA).

• CKM^® Mail - CKM Mail enhances Microsoft^® Outlook^® where it is well suited to a large network environment providing (1) content protection and (2) access control enforced cryptographically.  Sensitive e-mail may be protected both in transit and at rest.  Convenient and highly transparent, CKM Mail decrypts an incoming message or attachment with a click, assuming the recipient has the proper permissions (credentials). CKM Mail also provides the ability to digitally sign messages and attachments using assigned Certificates. These Certificates – along with a user’s credentials, are located on the user’s token. CKM Mail, whether used to send encrypted messages or encrypted attachments or both, rovides a convenient means of Information Sharing on a Need to Know basis.

• CKM^® Word - Using CKM Word and the common highlighting process, a data object is selected by the user, whether it be the entire message down to a paragraph, a word or even just a character. The credentials of the addressee (defined by the organizational role and responsibilities assigned to the addressee) determine the level of access.  Graphic images, tables, media files and even engineering drawings can be protected.  Read/write privileges may be differentiated.  Parceling data in this manner controls user access, providing varied levels of access based on a user’s “security permissions”.  CKM Word allows you to encrypt portions of the same document using different Credentials so that only those with a "need to know" can access the information they are intended to see - providing Role Based Access Control.

• CKM^® Secrypt^® - CKM Secrypt is a disc encryption product that permits the user to protect sensitive information at rest. By designating one or more Workstation drives or folders as "Secrypt Volumes" all information placed in those Volumes is automatically encrypted using TecSec's standards-based CKM technology. Once a Secrypt Volume is created and an audience is specified for the encrypted content, only users holding the proper Credentials will be able to access and/or share the information contained in this Secrypt Volume. This audience can be redefined simply with the creation of new folders or subfolders.  Ideal for use on a laptop by a frequent traveler, the entire memory may be encrypted and not just drives or folders.  Thus, stolen laptops will yield nothing to the thief.

• TecSec® Eagle Card® – The Eagle Card is an all American FIPS-201 approved smart card with a starting memory size of 360K of memory and separate processors for the contact and contactless operations, offering increased security.  The enhanced version includes fast Secure Biometric Match on Card and a secure multiple user, multiple application  system that provides secure remote update capabilities, fine-grained secure memory allocation (using the company’s SILOS technology), and on-card CKM capabilities.