POSTX PRODUCT SUMMARY & CORPORATE OVERVIEW

Transcription

1 POSTX PRODUCT SUMMARY & CORPORATE OVERVIEW

2 TABLE OF CONTENTS Introduction to PostX... 3 PostX Platform Overview... 4 Secure Highlights... 5 PostX Architectural Overview... 8 Delivery Models...9 Deployment Options Scalability & Performance High Availability...23 Administration Security Extensibility Appendix A: Business Overview Appendix B: PostX Customers Appendix C: Industry and Analyst Acknowledgements PostX Product Summary and Corporate Overview 2

3 INTRODUCTION TO POSTX In 1996, just as the Internet began to expand at a phenomenal rate, PostX founders envisioned that would become the preferred channel for business communication. They recognized the need for software to enable secure exchanges between a business and its customers software that worked with all systems and operating systems. And so PostX was launched. In 1998, after eighteen months of engineering effort, PostX released Version 1.0 of the PostX Envelope, an innovation that was awarded U.S. Patent 6,014,688. The PostX Envelope uses embedded executable software to authenticate, decrypt, and present secured content to the recipient. Later that same year, when the United States Postal Service wanted to extend federal protection to First Class Mail delivered electronically, PostX played a key role in developing the USPS Electronic Postmark System. That experience provided PostX with the insight and tools required to move swiftly to commercial implementation. Charles Schwab was among the first major firms to utilize PostX technology. Early in 2000, Schwab began ing 401K statements to customers using PostX Envelopes. Schwab used delivery of statements initially to create market differentiation and deepen customer relationships. Once PostX software was installed Schwab discovered real savings - delivery eliminated the time, energy and money spent preparing and delivering paper statements. Growing Reputation In 2001, PostX released the PostX Messaging Application Platform, the only enterpriseclass secure messaging solution available today. Its open J2EE architecture meets volume, performance, and redundancy requirements with maximum reliability. The PostX Messaging Application Platform could be deployed across multiple servers in clustered or load-balanced configurations to support the delivery of millions of documents per month. PostX Product Summary and Corporate Overview 3

4 In 2002, Mayo Clinic selected PostX to ensure the privacy of confidential medical communications. Many patients had wanted to communicate with Mayo using rather than telephone, but privacy considerations and HIPAA regulations made it impossible to use regular, unsecured s. Additionally, doctors and researchers needed to exchange confidential information in s. The PostX Messaging Application Platform not only met Mayo's need for secure communications but did so while conforming to HIPAA regulations By October of 2002, the U.S. Patent Office had awarded PostX a total of four patents, further solidifying its leadership position in secure technology. As the secure market matured, PostX released PostX WebSafe to meet secure online message center requirements. In 2003 JPMorgan Chase selected PostX technology for the launch and maintenance of their Chase Message Center. In a recent survey of U.S. banks, Livermore Research concluded that the Chase Message Center was the Gold standard for functionality in a message center. And Gomez gave Chase top place in their ranking of credit card customer service sites. In 2004 PostX implementations included AT&T Wireless, who selected PostX to deliver monthly invoices to subscribers, ABN AMRO, and Marsh, Inc. In 2004, IBM selected PostX as a Premier partner and signed a global marketing teaming agreement for Banking and Insurance. The first joint customer for the partnership, Royal Bank of Scotland, launched their online message center, built on PostX WebSafe, in the fourth quarter of Also in 2004, PostX led the establishment of the TECF, an industry consortium focused on efforts to eliminate the phishing and spoofing attacks that can cause identity theft and brand distrust. With Shawn Eldridge of PostX as acting chairman, TECF membership includes over 45 companies from around the world. Since the beginning of the year, PostX has received over 300 mentions in publications including Wall Street Journal, Wired, Newsweek, InfoWorld, eweek, PC World, USA Today, and the San Jose Mercury News. PostX Today Current customers include Aetna, American Family Insurance, Aon, Allstate Insurance, Citibank, Hertz Corporation, Putnam Investments, Mercy Health Partners, the University of Louisville, Friends Provident and HSBC, among others. Already established as the vendor of choice for leading institutions in the financial services, telecommunications, insurance and health care industries, PostX is poised to expand its secure capabilities into new markets. POSTX PLATFORM OVERVIEW The PostX Messaging Application Platform provides an integrated trusted communication framework flexible enough to solve the complete range of secure messaging requirements. PostX Messaging Application Platform is the only enterpriseclass secure messaging solution available today. Its open J2EE architecture satisfies PostX Product Summary and Corporate Overview 4

5 volume, performance, and redundancy requirements with maximum reliability. It can be deployed across multiple servers in clustered or load-balanced configurations to support the delivery of millions of documents per month. PostX Messaging Application Platform integrates seamlessly into your application and IT environment. It is supported on multiple platforms (including Sun Solaris, AIX, Windows, and Linux), databases (including DB2, Oracle, and MS SQL), and application servers (including WebSphere, WebLogic, and JBoss). PostX offers three solutions built on the PostX Messaging Application Platform: PostX Secure enables enterprises to secure internal and external communications by providing secure point-to-point delivery of messages. PostX Secure delivers secure messages to any inbox, regardless of the desktop platform or client, and no special software is required to view the document. PostX SecureDocument creates and securely delivers personalized electronic customer communications. Documents, such as statements and invoices, traditionally delivered by the postal service can be delivered securely to customers inboxes. By consolidating information from multiple databases, legacy systems, and third-party data sources, PostX creates targeted personalized documents. Embedded hyperlinks enable customers to navigate directly to information and services available in the company s Internet portal. PostX InteractionHub provides a powerful platform for customers to manage their online interactions and communications to the customer service center. Its extensible, open framework can be tightly integrated with in-house systems, such as Epoch, Customer Relationship Management (CRM), single sign on, authentication, and messaging systems to provide a customized solution to secure messaging requirements. Universal reach and delivery PostX is the only solution which integrates patented push, pull and traditional certificate encryption schemes into a single product platform. PostX provides push delivery, which delivers encrypted directly to the customer s inbox. It also provides pull delivery, where messages are stored centrally and viewed by recipients through a secure website. Additionally, PostX supports S/MIME or OpenPGP for enterprises using Public Key Infrastructure (PKI) or OpenPGP certificates. PostX solutions can be configured to automatically select the appropriate delivery method for each message. PostX ensures that security does not come at the expense of accessibility. PostX patented technology delivers secure messages to any inbox regardless of the computer platform or client. PostX messages work on PCs, Macs, and Unix workstations. And, whether the recipient uses a desktop application, such as Outlook or Notes, or a Web-based system, such as AOL or Yahoo, no special software is needed to receive and read PostX messages. SECURE HIGHLIGHTS Today s customers increasingly seek access to business services through the Internet. By offering online access to services and information, enterprises not only reduce costs but also enhance customer loyalty and satisfaction. It is not enough, however, to promote e- mail as the preferred channel for business communication. messages containing sensitive or confidential data must be encrypted and delivered securely to protect privacy and comply with regulatory requirements. Regulations such as: PostX Product Summary and Corporate Overview 5

6 HIPAA (Health Insurance Portability and Accountability Act) Graham Leach Bliley Act Sarbanes-Oxley Act European Privacy Initiative NASD 3010 Patriot Act SEC Rule 17 affect both profit and not-for-profit companies in all industry sectors. Additionally, communications intended for private use, such executive correspondence and exchanges concerning personnel, legal, and merger and acquisition matters must be protected. IT organizations have already invested significant time and resources to build robust infrastructures that include components such as servers, virus scanning, and spam filtering. Secure is still one more component that must be implemented to work within the existing infrastructure, yet without creating an additional administrative burden. PostX Secure is the complete solution to securing communications with customers, partners, and providers, enabling enterprises to: Ensure compliance - With PostX Secure , sensitive messages are handled in compliance with regulations. Improve customer service - PostX Secure makes it easy for customers to communicate securely using the channels that they prefer. Reduce costs - By migrating phone volume to , PostX Secure enables enterprises to reduce operating expenses. PostX WebSaf PostX Envelope Groupware Servers (Exchange, Domino, etc.) PostX Secure PostX Certificate Repository S/MIME OpenPGP Secure Messaging Infrastructure PostX Product Summary and Corporate Overview 6

7 As the only enterprise-class secure messaging solution available today, PostX offers unique capabilities: PostX is the only solution, which integrates patented push, pull and traditional certificate encryption schemes into a single product platform. PostX has the broadest production experience on the largest, most comprehensive, longest running deployments of secure messaging in the industry. PostX provides superior policy management capabilities to dynamically route and send messages based on sender, recipient or message attributes through predetermined secure delivery mechanisms. PostX offers robust authentication options including a comprehensive enrollment system, support for LDAP lookup, single sign-on and directory chaining. The open architecture of PostX Secure satisfies volume, performance, and redundancy requirements with maximum reliability. It can be deployed across multiple servers in clustered or load-balanced configurations to support the delivery of millions of documents per month. And it is fully flexible to meet future requirements across the entire spectrum of secure messaging applications. For example, JPMorgan Chase uses PostX to provide secure customer service to a recipient community of over 30 million customers, while Charles Schwab offers secure delivery of 401K statements to over 8 million customers. Point-to-point secure messaging has become the preferred channel for business communication. But messages containing sensitive or confidential data must be encrypted and delivered securely to protect privacy and comply with regulations. PostX Secure provides secure point-to-point delivery of messages to any inbox, without requiring the recipient to install any special software. No client software PostX ensures that security does not come at the expense of accessibility. The PostX Secure guarantees that your customers and business partners will be able to open secure s from any platform on any operating system without installing new software on their desktops. This solution works like regular , no need for the recipients to follow the link back to view secure messages. Reach At the core of all PostX technology is a cross-platform guarantee. Both the server-side and the recipient-side technologies are designed from their cores to work in all major distributed IT environments. The delivery technology is entirely client and platform-agnostic. This assures that a message sent to a user using Windows will work as flawlessly as one sent to a Mac or Linux user; and will work equally well on AOL, Outlook, Lotus Notes, and Yahoo! mail, or Microsoft Hotmail. No advance knowledge of the client is required of the sender, greatly simplifying the secure messaging application. PostX Secure Delivery methods make secure messaging work as simply as normal , with the expectation that no advance recipient-system knowledge is available. PostX Product Summary and Corporate Overview 7

8 POSTX MESSAGING APPPLICATION PLATFORM The heart of the PostX software platform is the PostX Messaging Application Platform. As the name implies, the platform is the core for messaging applications that currently includes: Secure Customer Interaction Hub Electronic delivery and composition of systematic messages such as statements, bills, or notifications. The platform is built on a standards-compliant J2EE code-base that provides comprehensive extensibility and configurability options. This overview just discusses the Secure application, which is core to the other two. Within Secure , the application platform provides: Flexible policy engine Multiple secure delivery options including web-portal based (pull) and standard inbox delivery (push) methods Broad spectrum of deployment and configuration options Secure administration Further, the software provides for both vertical and horizontal scaling, high availability, and extensibility for the future. The following sections are provided to give insight into all of the options available through the PostX server. Policy Engine Message Filters The policy engine receives MIME messages from a variety of sources, primarily SMTP and JMS. The PostX policy engine determines the correct delivery mechanism and branding to be used for each . For example, some recipients should receive S/MIME while others will choose a different delivery mechanism such as PostX Envelopes. Mail that is not sensitive can be forwarded in the clear. The PostX policy engine can filter the using a number of filtering options: a. Standard Message Filters i. Headers: Senders, Recipients, Subjects (keywords / regular expressions), and X-Headers ii. Attributes: Message size, attachment presence/types/names, etc. b. Lookup Filter i. Connects with LDAP directories or Databases (via JDBC) to identify sender / recipient attributes c. S/MIME and OpenPGP Filters i. Designed specifically to identify S/MIME or OpenPGP d. Content Filter i. Can identify nearly any content within a message based on keywords or regular expressions. ii. Supports scoring and thresholds PostX Product Summary and Corporate Overview 8

9 iii. Message component inspection options: 1. Headers 2. Message Body 3. Attachments (including zip, rar, jar, tar, etc.) e. pymatchers i. Fully scriptable (using the scripting language Python) via the UI (no recompilation required) ii. Allows for completely programmable filters to address complex or unanticipated Matcher requirements iii. Can also modify messages (any type of transformation is possible) These policies often are combined to achieve specific effects. By using these policies PostX can direct delivery and branding based on who the sender is, the sender or recipient s domain, whether the recipient is using S/MIME or OpenPGP, the size and type of attachments, or many other available options. In addition, upstream agents can add custom X-Headers to force specific treatment by the PostX engine. Anti-Spam and Anti-Virus Integration PostX works with a number of OEM partners to provide integrated solutions which then are marketed by those partners. Publicly announced partners include CipherTrust, Ironport, SendMail and Proofpoint. Each of these partners has unique capabilities that derive from their analysis of the content of messages. Rather than duplicate this analysis, some customers choose to have the partner s system forward messages requiring encryption to PostX. PostX then applies policies to determine which delivery mechanism is most appropriate. does not get scanned twice, greater performance is achieved and the PostX solution can be optimized for encryption, branding and delivery. DELIVERY MODELS Authentication Options Whatever delivery mechanism is chosen, the next step in the secure messaging process is authentication of the recipient. If our customer already has a relationship with the recipient, as in the case with a recipient where member ID, social security number and other information is already stored, it may be desirable to use that information for authentication credentials when is accessed. If the recipient s information is unavailable through any existing lookup, the customer will need to enroll the new recipient and setup authentication credentials. The PostX architecture provides for a number of authentication schemes and approaches, and some customers use multiple solutions. PostX embeds a default authentication database to store recipient credentials. While this database is capable of handling credentials for large user groups, many customers already have databases or directories containing user information and don t want to build a duplicate store. It is common for the PostX authentication module to access existing customer directories using LDAP lookups. Although LDAP lookups are frequently used for employees, customers are often unwilling to add large numbers of external users to their corporate directories. For some customers, information about many recipients is already stored internally in a database. When available, user specific data such as patient identification or other information can be used for authentication of the recipient. PostX, though Java Database Connectivity (JDBC), can access this information and use it for authentication. PostX Product Summary and Corporate Overview 9

10 In fact, several pieces of information might be used to create multiple-password authentication. For example, a user might be requested to provide a 10 digit phone number, a 5 digit zip code, as well as a patient id to access secure . These credential lookup methods are not mutually exclusive. The PostX Messaging Application Server allows the customer to chain or cascade multiple authentication lookup methods if required. For example, a credential search could first look in the internal LDAP directory, if unsuccessful scan customer information databases and if no match exists there search the default PostX database for ad hoc recipients. Furthermore, just as delivery and branding can be based on policy, authentication lookups can also be rules-driven. Enrollment One of the most valuable features of the PostX system is that messages may be sent without prior enrollment by the recipient, or even prior knowledge of the delivery method preferred by the recipient. The policy toolkit supporting user enrollment and authentication is rich enough to support nearly any desired protocol, or even several protocols on the same system depending on policy. To handle these new recipients, the PostX Messaging Application Server includes a sophisticated and easily extensible Enrollment Manager. Secure messaging users can be pre-enrolled, or first communications with new recipients can initiate an enrollment process. The PostX Enrollment Manager includes built-in default enrollment functionality, or it can integrate with an existing customer enrollment system. In the Envelope delivery method, when the PostX server cannot find a recipient in an existing enrolled user directory, the secure is queued and an enrollment request is sent to the new user. PostX polls for a successful enrollment, releasing the secure from queue when the enrollment process is complete. The PostX WebSafe (web-based pull method) process is similar, but the message is released from queue into the user s WebSafe mailbox after successful enrollment. By default, the enrollment process sends a clear-text enrollment message to the user. The recipient receives the enrollment message inviting them to enroll in order to receive or open an encrypted . PostX Product Summary and Corporate Overview 10

11 The text of the messages is completely customizable and can be different for every delivery mechanism. For cases where OpenPGP or S/MIME may be in use, the message might include a request to return a signed to an address at the PostX server, where PostX can harvest the intended recipient s OpenPGP or S/MIME certificates. Once harvested, the certificate is used to encrypt and sign secure messages to the newly enrolled recipient. The recipient clicks on message link and enrolls using a PostX secure enrollment web application. The enrollment form asks for name, a password (hidden and confirmed), and the answer to one of five challenge questions such as mother's maiden name or favorite book. This default method is the easiest to maintain and provides the highest level of selfservice. This method assumes that the original is correctly addressed and that the original enrollment notification arrived safely to the intended recipient. To further secure the process, the enrollment engine is commonly modified with additional recipient verification functionality. This verification might ask the recipient to enter a PIN number from the sender that is obtained through other means (phone or IM) or answering questions specific to the recipient. One part of our professional service is to advise the customer in selecting the most appropriate enrollment approach. Once the recipient is known, PostX has the flexibility to deliver the message according to customer policies or recipient preferences. Push & Pull Not every secure delivery mechanism can fit all end-user recipients. Some users are more technologically sophisticated than others. Some have high bandwidth connections while others have dial-up. Some were early adopters of secure and have their own solutions in place, while the majority of users do not. It is PostX policy to support relevant, standard delivery options (such as S/MIME and OpenPGP). In addition, PostX provides unique delivery options that are more flexible and extensible than legacy options while retaining a standards-compliant base. PostX Product Summary and Corporate Overview 11

12 The two basic delivery strategies are delivering a message directly to the end user (push) or holding the message in a web-based system for the user to view via the web (pull). PostX provides both options. Pull (or Web mail) solutions are browser-based infrastructures, similar to Yahoo! or Hotmail, that allow users to exchange information securely while in the browser environment. They often are integrated with existing customer Web portals. Advantages of the pull approach include: The interfaces can be similar to Hotmail or Yahoo and may be familiar to the end user. The Web mail site and the corporate web site can be tightly integrated so the user experience is one of a single web site. Web mail can be a better experience if very large (many megabyte) statements or attachments are required. The sending company fully controls storage, expiration and access control for the . This can be a benefit or a disadvantage, depending on circumstances. The benefits are largely control and management-related. (See disadvantages below) Provides unrestricted reach to all recipients who can access web browsers. Some of the disadvantages to pull delivery methods are: The Web mail site represents yet another place for the user to receive mail. The user must be online to read . You become responsible for storing your customers messages, including retention policies, backup and high availability storage. Depending on archival and retention policies, storage costs could become a major factor. The web portal becomes another access to the corporate site for hackers. Care needs to be taken to secure this server as with other servers and web servers. There may be legal liabilities that derive from your access to your users mail. With push delivery, is encrypted at the sender s site (on a gateway or on the desktop of the sender) then shipped to the recipient. Once delivered, is opened and decrypted at the recipient s desktop. Common advantages to the push delivery method include: The sender and the sender s site do not need to maintain or store the . The recipient assumes that responsibility. Customer friendly analysts have stated that 70-80% of customers would rather receive communications addressed to and accessible in their existing inboxes. Most familiar the push delivery method is the most analogous to the US Postal Service experience. The user can maintain a single location to open all s. Depending on the solution, each can be branded to represent the sending company s look and feel. Depending on the delivery model, can be read without being connected to the internet. Disadvantages of the push methods include: Difficulties in handling very large s/attachments ISP systems frequently limit s to 2 to 10MB. PostX Product Summary and Corporate Overview 12

13 Different push options provide different levels of security. Selected option should be carefully matched to the security requirements of the payload. Password or certificate management can be cumbersome if a true offline solution is selected. There are a very small number of recipients who may not be able to receive PostX Envelopes. This could occur in very restrictive environments where all HTML attachments are stripped. This is rare. With the OpenPGP and S/MIME delivery models the recipient must have the ability to obtain and install the appropriate software and certificates. PostX does not provide OpenPGP client software or S/MIME certificate authority services. Outside users cannot generally initiate an conversation and can only act as receivers. Some solutions provide the ability to securely reply to incoming secure s. Full-featured solutions provide a web interface that allows recipients to initiate a secure communication. It is possible to use pull and push methods together. In fact, most organizations eventually discover that they need both delivery methods to solve their business issues. The ability to use both push and pull depends on the integration of the selected applications. For example: Do the products share enrollment and authentication databases and procedures? Is there a common rules engine that can select delivery method based on matching criteria like domain, attachment size and source application? Is a hybrid approach the most appropriate (ex: a monthly statement with single click online access to the check archive)? Because PostX provides both push and pull solutions -- built on a common code base with shared enrollment, content filtering, authentication, storage and archiving mechanisms -- integration between the PostX solutions is seamless. S/MIME and OpenPGP Options PostX also offers multiple methods of push depending on requirements. These include: S/MIME Gateway to Gateway S/MIME Gateway to Desktop OpenPGP Gateway to Gateway OpenPGP Gateway to Desktop PostX Envelopes S/MIME and OpenPGP are long established methods of sending using asymmetric key encryption technology. The PostX S/MIME Adapter utilizes RSA standardization. S/MIME (Secure / Multipurpose Internet Mail Extensions) is a protocol that adds digital signatures and encryption to Internet MIME (Multipurpose Internet Mail Extensions) messages described in RFC OpenPGP is a similar encryption standard, described in IETF RFC In a gateway-to-gateway scenario, PostX can encrypt messages using a site key to another domain that will accept the messages from the PostX site, decrypt the messages, and deliver them in the clear to the end user. This method is very effective for B2B or partner communications. PostX Product Summary and Corporate Overview 13

14 Using S/MIME or OpenPGP to the desktop, the sender must have the receiver s public key to encrypt (to be decrypted by the recipient s private key). Similarly, the recipient needs the sender s public key to reply. As the number of senders and recipient s grow, the number of key pairs that each participant must maintain can become overwhelming. This key management responsibility along with the need to install and maintain desktop client software has limited the adoption of both of S/MIME and OpenPGP. In the gateway-to-desktop model, PostX proxies for the participant inside the gateway. That is, encryption and decryption is done at the PostX gateway using a public/private keypair generated and maintained by the PostX engine on the internal participant s behalf. The experience for the external participant is the same as if the internal participant held the keypair. On the other hand, the internal participant need not be aware of the specific protocol used for the message. He just pushes the Send or Send Secure button as usual and the gateway manages the details. Similarly, the PostX gateway can maintain a directory of external keys. At enrollment time, the PostX system can harvest keys from inbound mail. The centralized management of keys can significantly reduce the complexity of interoperating with external users who have established S/MIME or OpenPGP requirements. While the PostX enhancements to S/MIME and OpenPGP usability can make support for an existing implementation easier, our experience is that adoption continues to be slow due to issues intrinsic to the administrative challenges. Among these are: Issues with maintaining certificates, including revocation and reissue management Lack of support for either technology in all major web-based mail portals (AOL, Yahoo, MSN, etc.) Fear of complexity and management overhead based on war stories Difficulty in setting up and maintaining desktop client configurations For these reasons, PostX has developed its own secure delivery technologies designed to meet two key requirements no client software requirements and universal reach to all clients. PostX Envelope and SecureReply (with user experience) PostX provides a user and administrator-friendly delivery method, the PostX Envelope. This envelope is targeted to the majority of users that have never used secure and may not have the software or desire to utilize it. To open an Envelope, the end user only requires a standard browser and the ability to authenticate. The sender experience is transparent from the beginning. There is no need to acquire or maintain a personal certificate or certificates for intended recipients. The sender simply sends messages using any client just as with non-secure . The PostX server handles decisions on encryption and delivery automatically and transparently. The server determines the encryption and delivery methods depending on policies and recipient requirements. Using the PostX Envelope, the recipient needs no certificates or additional plug-in software. For both the sender and recipient, the PostX Envelope greatly reduces the startup requirements for encryption since certificate management or software downloads is not required. The encrypted arrives as an in the clear with PostX Product Summary and Corporate Overview 14

15 an HTML attachment that includes an encrypted payload containing the original text and attachments. The clear text is fully configurable and normally instructs the recipient on entering password information to decrypt the html attachment. An example of such a message is seen below. The attachment can be opened with any standard browser that will ask the recipient for authentication credentials. The screen shot shown below shows a typical authentication using a single password. As mentioned previously, PostX also supports the use of multiple passwords or other authentication schemes. The external envelope view and text messages can be customized for each delivery option. After entering the correct authentication, the is decrypted and presented as in the following screen. PostX Product Summary and Corporate Overview 15

16 As can be seen below, attachments are completely supported with the envelope. As can be seen above, the user may be offered (as an option, configurable by the PostX administrator) any or all of the response functions shown; Secure Reply, Secure Reply to All, and Secure Forward. These buttons provide a secure link (SSL) back to the PostX server displaying a page for composing secure . This interface supports attachments. The PostX server transforms the compose page into a MIME , which is scanned for encryption handling as with any message going to the PostX server. The Secure Reply screen is shown below: Comment [MA1]: Do we need to describe secure forward and that the recipients will also be enrolled, or certificates will be used? PostX Product Summary and Corporate Overview 16

17 Additionally, PostX can provide the ability for enrolled external users to initiate securely. PostX SecureCompose provides this functionality via a link on a customer web site or portal. After a user selects the 'Contact Us' (see example below) link and completes the authentication process, PostX SecureCompose launches a browser-based form. After the user completes the inquiry, a click of the 'Send Secure' button sends the to PostX SecureCompose using HTTPS, where it is securely forwarded to the intended recipient. PostX Product Summary and Corporate Overview 17

18 An example of SecureCompose is shown below: Additional PostX Envelope Functionality The PostX Envelope provides additional functionality beyond other push methods. As an example, the PostX push method is more efficient than many competing technologies. PostX Envelopes include the decryption code in the secure html attachment. The result is that no client software outside a common browser is required to open and decrypt the secure message. Further, the secure message will, under almost all circumstances, decrypt without server intervention. Other vendor solutions use a technique best described as triple trip to provide push delivery without client side software. In a triple trip solution, the recipient establishes an SSL connection to a server that decrypts the message and renders it back to the user s display. Triple trip significantly increases the resources required on the server and networking infrastructure, since the data is transferred three times once on initial send and a round trip for rendering and will generally be slower than local decryption. PostX supports triple trip as a fallback method, gracefully degrading if client setup does not allow local decryption. PostX Envelopes can be encrypted using RC-4 or AES encryption. Both are well know and proven encryption algorithms. Proprietary technologies do not have a proven track record, introducing questions about future support and viability. Using an industryrecognized standard mitigates such risks. PostX Envelope Online Authentication/Offline Authentication Envelope using Online Authentication -- For most customers interested in message tracking, the PostX Envelope using Online Authentication is the best choice. With this implementation, a random key is generated for each message, or Envelope. Technically known as a session key because it is used only once, the key is used for decrypting the envelope and stored in the PostX server (key server). The Envelope is sent to the user without this key. When the message is opened at the recipient desktop, the Envelope automatically establishes an SSL connection to the PostX server. Once the authentication has been successfully completed, the server releases the key for decryption and the message is decrypted locally at the recipient s desktop. Unlike triple trip, only PostX Product Summary and Corporate Overview 18

19 the key is transmitted; requiring far less resources than shipping the full message three times. Step 1: PostX Envelope with online authentication sent via SMTP to the customer s inbox. Step 2: Customer is authenticated at corporate server and receives key. Step 4: Decryption and display occur on customer s PC. Public Intern Step 3: Message activity logged on corporate server. This method also provides complete control and tracking of the message. Since the key is required to open the message, the PostX server records that the message has been opened. In addition, the sender of the message can be sent a return receipt that the recipient cannot disable. Further, if a user is unsuccessful opening a message after a specified number of attempts because they are using an incorrect password, the PostX server can lock the message automatically. Only an administrator can unlock the message. Messages can be locked manually at any time by the administrator or sender and/or automatically expired after a defined period of time. Envelope using Offline Authentication -- The PostX Envelope is also available with Offline user authentication. In this implementation, the session key is encrypted using a hash of the user s credentials, and included in the html attachment. As a result, the key need not be requested from the server and only the user s credentials are required to open the message. Because communication with the PostX server is not required for opening, the messages can be opened offline when disconnected from the internet. Offline authentication is typically used when delivering notifications or statements where tracking is not required. PostX Envelope Tamper Detection Options Security of the PostX Envelope can be further enhanced with the use of tamper detention technologies. Two such technologies are available and both authenticate the sending domain and the contents of the original with what has arrived at the recipient s mailbox. The first option is with the U.S. Postal Service Electronic Postage Stamp, or EPS. Each time an Envelope is sent, the is checked in, a checksum is taken and a corporate certificate is attached. When the recipient opens the message, the envelope can be verified with the EPS code by clicking on the stamp in the upper right hand corner of the envelope. The USPS charges a fee for each envelope, and promises US government action against anyone tampering with the mail, just as is true with the standard US mail. Alternately, the PostX EnvelopeSignature can provide similar functionality on the PostX server itself. The following shows an envelope using PostX EnvelopeSignature. PostX Product Summary and Corporate Overview 19

20 By clicking on the Verify this envelope s signature, the envelope is checked for the signature and content at the PostX server. The following is an example message from the server after the check has been completed. WebSafe (with user experience) If the delivery mechanism chosen is pull, the recipient is sent a notification telling the recipient that has been received at the web portal and provides a link to the WebSafe environment. An example of the is shown below. As with the text messages in the PostX Envelope, the message sent with the link is completely configurable. PostX Product Summary and Corporate Overview 20

21 Once clicking the link, the user is taken via a secure connection (https) to the WebSafe web-mail environment. As with the PostX Envelope, the user must authenticate to enter the environment using any number of authentication schemes. A typical environment is seen below and may be customized to reflect the customer s web styles and could be different for different business units. The can be opened and viewed in a similar fashion to Yahoo! Mail or Hotmail. DEPLOYMENT OPTIONS The PostX solution provides deployment flexibility and scalability in a number of ways. One way is in the choice of underlying technology used to deploy the product. These choices include the hardware platform used to host PostX, the database that is used by PostX to store information, and web applications. These architectural features provide PostX with the greatest flexibility in secure message delivery. PostX Product Summary and Corporate Overview 21

22 Platform options PostX is available on AIX, RedHat Linux, Solaris, and Windows. The hardware selection is left up to the customer, with a minimum PostX Server requirement for at least one high performance CPU (2 preferred for threading), at least 1 GB of physical memory and at least 50 GB of disk storage. Should the customer desire, vertical scaling using more or faster processors can provide additional performance on single PostX servers. Largely for cost/performance reasons, the preferred scaling method is horizontal, implementing multiple inexpensive load-balance servers for greater scalability and performance. Database options PostX can interface with DB2, Oracle, PostgreSQL, MySQL, and Microsoft SQL. Using one of these common databases, customers can maintain PostX as they would any other production database application. There are no special requirements for database backup or high availability. PostX recommends database replication and regular hot backups to maximize solution availability. Application Server options PostX is self-contained and is generally configured with this internal Web-application server, JBoss. PostX fully supports this built-in application server as a component of the solution, and the customer will have no need to interact directly with JBoss. When needed for customer standards compliance, PostX can also be configured with a WebSphere Application Server. Layout diagrams Deployment of the PostX solution will depend on the component of the server being used and the level of security desired at the site. In the simplest configuration, a single server can be deployed in the DMZ as seen below. In most deployments, external users will need to connect to the PostX server via an SSL (https) connection. This connection is needed for: PostX Native Enrollment Retrieving PostX Registered Envelope Decryption Keys SecureReply SecureCompose WebSafe External Administration PostX Product Summary and Corporate Overview 22

23 By allowing this access, the PostX server is more open to external attack. To mitigate this situation, the PostX server is usually placed behind the internal firewall and is frontended with a reverse proxy server in the DMZ. In some rare cases, companies have not allowed reverse proxy servers. To support these environments, the PostX server can be split into the base server and web-facing components. The web-facing PostX server is installed in the DMZ, while the Policy Engine and other components are housed inside the inner firewall. An overview of this deployment option is seen below: SCALABILITY & PERFORMANCE PostX implementations have been placed in some of the largest Secure environments in the world. Some of these implementations can support 10 million messages or more per month. This level of performance is provided using a group of load balanced PostX servers. The number of servers will depend on several factors, including the size of the messages, the operating system, the speed of the hardware, and the level of integration with other infrastructure components such as LDAP. Typically, the limiting factor in performance is the network infrastructure rather than the PostX solution. For most customers, PostX recommends using Linux servers with dual 2.4 GHz Pentium IV (or faster) CPUs. Using an average message size of 5 KB, two servers (configured for high availability) can process more than 90 messages per second or 324,000 per hour. This configuration provides more than enough capacity for most customers current requirements and plenty of growth for the future. Our largest statement generation application sent more than 1M 300KB statements per month. PostX also supports Windows, Solaris and AIX. HIGH AVAILABILITY The PostX platform is designed as an enterprise-class solution, and integrates with industry standard clustering, load balancing, replication and high availability/fail-over options to satisfy this requirement. For example, in the PostX solution multiple Messaging Application Servers can share the encryption load, accessing a single, central, replicated database. This creates a load-balanced, redundant solution where messages bound for any server can be immediately rerouted to another. In this configuration, PostX integrates seamlessly with Cisco and other DNS/MX based loadbalancing/availability solutions to approach 100% uptime. As mentioned earlier, PostX supports enterprise class replicated databases like Oracle, DB2 and SQL Server to store keys, enrollment information and messages in queue or in WebSafe storage. These PostX Product Summary and Corporate Overview 23

24 databases that are usually located on other servers can be clustered with standard techniques if desired. Finally, PostX can also integrate with load-balancing devices on the inbound path, providing high performance and availability for key-service and mail portal access with multiple PxWeb servers. The following diagram shows a high availability solution for a typical PostX Secure implementation. The servers in the blue boxes represent the PostX redundant components. The servers in the DMZ are generally proxy servers rather than PostX servers or may include the full PostX configuration depending on security requirements. With either approach, the number of required PostX servers for high availability can be easily reduced to two systems. The database servers are optionally clustered for high availability applications. ADMINISTRATION The PostX Administration GUI is provided though a web browser and can, depending on security, be accessed from outside the organization using https if desired. This interface provides: Configuration Management Real-time Reporting User Tracking and Management Registered Envelope Key Management Certificate Management Access to this interface can be strictly controlled and managed as required by customer policies. Authorization options PostX users with the current version, 5.2.2, are designated as: PostX SuperUser The SuperUser role can access the following features/functionality: Edit values of individual entries in the configuration file Start/stop services related to the PostX system Revert to an earlier configuration View reports Edit the certificate store PostX Product Summary and Corporate Overview 24

25 PostX User PostX Admin The User role can only view the PostX configuration and monitors. The Admin role can access the following features/functionality: Edit values of individual entries in the configuration file Add applications, matchers, data sources, etc. Start/stop services related to the PostX system Revert to an earlier configuration Add, modify and delete users View reports Edit the certificate store Archive Admin Archival Admin can search, view and resend archived messages via the user interface. These roles are completely independent from system rights thus providing another level of security for the Secure environment. Administrators of systems that have no knowledge or reason to access this PostX configuration are not automatically granted rights. Though these levels of administration are useful for many environments, many customers wanted a more granular assignment of roles. PostX 5.3 has a fundamentally different mechanism for roles and privileges. PostX is enhancing the product to make it easier to delegate certain user management tasks to administrators who manage user categories defined by our customer, such as departments or subsidiaries. Version is expected to be available in April, Reporting and Audit The administrative interface also provides a number of real-time reporting and monitoring capabilities. The Messaging Application Server s Tracking and Reporting component records all message delivery activities and system events from macro to micro level. PostX offers full reporting on message delivery activity from the web-based administration interface. Audit trails can be viewed for selected messages, and reports track success and exception rates. Time-based triggers can be used to monitor message delivery and take action when deliveries fail. PostX logs basic information about each message sent through the system (time stamp, From, To, Application used to send), and provides a UI for running reports on this throughput data. PostX Tracking and Reporting includes the ability to track and report on: An individual message's path through the PostX system from initiation through delivery Message open events, when using the Registered Envelope or WebSafe Bounce-backs Click-level events, but this is typically customized based on specific requirements. This can also be integrated with traditional Web tracking systems, such as WebTrends Because all reporting data is stored in an ODBC compliant database, custom reports can be created easily using third party report generation tools, like Crystal Reports. PostX Product Summary and Corporate Overview 25