Glossary

e-Shredding

Deleting files (following the empty recycle bin operation) does not guarantee security against professional

file recovery tools. However, a higher security level on delete can be achieved by physically overwriting all

the file's bits saved on memory. Electronic file shredding in e-Capsule™ Explorer is implemented by overwriting

the deleted files' content and attributes seven times: three times with fixed bit values and four times with

cryptographically secure pseudo-random sequences.

This procedure provides security above the standard dictated by the U.S. Ministry Of Defense (DOD 5220.22-M/NISPOM 8-306). However, for absolute security on your top-secret

documents we suggest that you never store such files on hard disk drives, but only on removable storage media

(such as 3.5" high-density disks). After successfully uploading your documents on the e-Capsule™ repository, you should physically destroy the used storage media in order to preclude any chance of recovery.

---

Encrypted channel

The e-Capsule™ Secure Channel is an encrypted transmission protocol which is used in all communications between

the e-Capsule™ client applications running on the PCs and the e-Capsule™ application servers. It has several

advantages over standard Virtual Private Network (VPN) technologies, since it tunnels the SOCKS5 protocol, an

international standard that provides a flexible networking framework supported by the majority of applications.



The basic benefit of the SOCKS5 protocol is that it enables hosts on one side of a SOCKS server to gain access to

hosts on the other side of a SOCKS5 Server, without requiring direct IP-reachability. What this means in practice is

that two e-Capsule™ clients will be able to securely exchange sensitive information over the e-Capsule™ Secure Channel

in situations where other VPNs would fail.



The e-Capsule™ Secure Channel delivers all the benefits of standard VPNs without requiring any client installation,

enabling the users to establish an encrypted communication channel to the server from any Internet-enabled PC :

Local PC The client application is launched from the USB Access Token and establishes as its first task the encrypted tunnel for authentication and authorization. All the session data is encrypted before it leaves the PC and decrypted only at the PC level. No information is ever left in clear while in transit or while stored on the server side.

Internet Lag All data in transit is at least doubly-encrypted: first at the PC level and then while in the transmission tunnel. During this lag, the e-Capsule™ Secure Channel connects the client to the application server using the SOCKS5 proxy mechanism and delivers VPN-level security. All of this with the advantage of mobility and higher usability over traditional VPN technologies.

Application Servers The e-Capsule™ Application Server handles all security and remote file management requests initiated by the client components. Crucial security operations, such as user authentication and identification, as well as storage, management and exchanges of encryption/decryption keys, database storage and retrieval, data backups and data transport protocols are handled by the e-Capsule™ Server. However, no sensitive data are ever stored in clear on the server side: even system administrators cannot access or even just see the encrypted files.

---

Encryption

The term encryption refers to the process of concealing the true content of a given text by applying a complex mathematical transformation that maps each character to another character. Encrypted text is unreadable and cannot be easily decrypted without the knowledge of a secret piece of information called key. It is an accepted fundamental assumption that the strength of a given encryption scheme should not lie within the details of the applied mathematical algorithm used to encrypt the original text, but rather it should reside entirely in the key.