Securing E-Mail Secrets and Privacy

Aegis Systems Inc. and Medinex Systems Inc. are looking to make sure that unauthorized eyes cant peek at the more than 1 trillion e-mail messages expected to be sent in North America this year.

Each company is rolling out a system that secures e-mail with relatively little IT department intervention.

The goal of both companies systems is to protect company secrets and clients privacy while, in some cases, complying with federal privacy laws.

Aegis Systems, of Mountain View, Calif., this week will formally launch the company and its technology for securing e-mail, which revolves around the companys Anonymous Key Technology and patent-pending key- distribution and management systems.

The heart of the Aegis system is AegisMail Central, a Linux-based appliance that connects to a corporate network and stores 128-bit keys for each assigned user on the e-mail system. To encrypt and decrypt messages, each user must download a plug-in, AegisMail Client, from the Aegis Web site. After the server authenticates the user and he or she sets a password, a button appears on the users e-mail client menu bar.

To encrypt a message, the user hits the button and enters a password. The message is encrypted at the client and sent to the AegisMail Central appliance, where it is decrypted with the senders key, then re-encrypted with the recipients key and passed on to the intended recipient. The same button decrypts the message at its destination.

Unlike a PKI (public-key infrastructure)-based secure mail system, the Aegis system lets the IT department scan messages for viruses and content during the brief period between the decryption with the senders key and the re-encryption with the recipients, said Aegis CEO Ashok Mathur.

“PKI essentially is pre-Internet technology used in a post-Internet world,” Mathur said.

The Aegis system, due in June, initially will support Microsoft Corp.s Outlook and Qualcomm Inc.s Eudora e-mail clients and will add support for Lotus Development Corp.s Notes client by the end of the year. It will also support a Web client called AegisMail Web at launch.

In addition to the password protection, the system can use other forms of authentication, such as biometrics or smart cards, Mathur said.

The Aegis system does provide an easier implementation than a system based on public keys, said Pete Lindstrom, an analyst at Hurwitz Group Inc., of Framingham, Mass.

“There is a growing trend toward doing cryptography within the application so you dont have [to set up] a broader, separate security infrastructure,” Lindstrom said. “This is a good way for small and medium-size businesses to get some security.”

Meanwhile, Medinex is taking a different tack to make its secure messaging system easy to administer by offering a hosted messaging service. Earlier this month, the company unveiled MxSecure, which provides a secure environment in which doctors, patients and other health professionals can communicate with one another.

The password-protected system is supposed to help health care providers meet the requirements of the federal Health Insurance Portability and Accountability Act, which goes into effect next year, said officials at Medinex, of Post Falls, Idaho.