PRIVACY is a hardware and software complex, in which PCDST SHIPKA forms the hardware part, and a set of following modules forms the software part:
- For work with keys;
- For encryption of files and folders;
- For protection (through encryption and digital signing) of e-mail;
- For protection (through encryption and digital signing) of instant messages (ICQ, etc., hereinafter referred to as "ICQ");
- Protected virtual disks.
The software part of the complex is an interface for use of the functions of SHIPKA, that means that all cryptographic transformations and the work with keys are performed exclusively by the processor of SHIPKA, but not in the operating system of the PC, in which PRIVACY is installed.
Work with keys
With the help of PRIVACY one can generate keys and key pairs using PCDST SHIPKA, work with symmetric keys already created in PCDST SHIPKA, import and export keys, sign imported public keys, as well as delete keys and key pairs.
The interface provides for indications, according to which one can easily see the difference between keys meeting Federal Standards (GOST) and RSA keys (key with red and blue heads, respectively), imported public keys and key pairs (one and two keys respectively), signature keys and symmetric encryption keys (one or a couple of keys <from a bunch > and a <Gold> symmetric key).
E-mails and ICQ messages are protected using asymmetric cryptography, and files and folders on the hard disk, as well as virtual disks are protected using symmetric cryptography.
The exchange of public keys between users is performed trough transition of a public key certificate via e-mail or in any other way.
PRIVACY supports two types of certificates: the internal format and X.509 format. The internal format of the public key certificate is designed only for PRIVACY users and contains the information required to check the authenticity of the public key.
The support of X.509 format allows to exchange encrypted messages with the users of other software products, based on the use of asymmetric cryptography with certificates of this kind, which is standard for most applications.
Protection of communication performed via e-mail or ICQ
the users of e-mail and ICQ to transmit information in a secure form
inaccessible for other persons, there are services for protection of electronic
communication. One of the services controls the transmission of data via
e-mail, and the second one analyzes the traffic from the clients of programmes
designed for instant messaging.
PRIVACY can be used with any mail clients that support protocols MIME, S/MIME, PGP/MIME, as well as with the clients for instant messaging through OSCAR protocol. A PRIVACY user only needs to customize his account in the PRIVACY interface, set the rules that will govern the processing of outgoing messages, and include the protection function into the PRIVACY menu. After that PRIVACY will serve as a Proxy-server processing all incoming and outgoing messages.
The messages are processed only if SHIPKA is connected to the computer and if the PIN-code is entered correctly. In the absence of any connected SHIPKA neither incoming, nor outgoing messages will be processed by PRIVACY.
The entire customization process is performed only in the PRIVACY window, no change in the settings of the mail client or ICQ client are required.
With the help of the rules or policies of message processing defined in the PRIVACY settings, one can control the filter parameters and the degree of protection of each outgoing message.
All the rules of processing of outgoing messages are stored inside PCDST SHIPKA and start to be applied automatically after switching on the protection function. This approach allows to transfer all your settings together with the device and apply them in different systems, in which the same accounts or ICQ UIN are used.
PRIVACY allows to store files and folders on the hard drive in an encrypted form. To encrypt a file, one needs to select a symmetric key, which should be generated in PCDST SHIPKA with the help of PRIVACY or another application in advance, and specify the files or the folders to be encrypted.
In the process of decryption of the file a key is selected automatically without any intervention of the user.
In order to transmit the encrypted file or provide a possibility for someone else to read it, you can choose the encryption with the key of the recipient. In this case it is necessary to specify the key of the recipient and your own key of the pair, the public key of which is kept by the recipient.
PRIVACY allows the user to work with virtual disks, and the user can choose the size, the file system, and the indication of the virtual disk.
If SHIPKA is not connected to the computer (or connected, but the option <connect virtual disk> is not set in the PRIVACY interface), virtual disks will not be displayed in the list of disks.