Latest articles
More Resources
Global Object Synchronization
One user, many computers and thousands of pieces of information on the network
Several years ago, Cryptzone visited a customer in New York which was a hospital that had a security concern. They knew that their employees used email to send confidential patient health information and they had to comply with HIPAA regulations. They knew they needed to send secured emails but they also had a special requirement but they had not yet found a solution. In their environment, a doctor has the ability to login at any computer in the hospital in order to send and receive emails. Therefore, they needed a system that would support the ability to send "secured emails" from any computer within the facility. This customer requirement started creative discussions with Cryptzone and finally ended with the development of an entirely new and innovative building block in the Simple Encryption Platform. The building block evolved over time, and today is the seed to Cryptzone’s "Global Object" architecture. The concept relates to how the data objects and information within the SEP Platform is distributed between the components and users.
An object can be anything from a security policy, a template, a specific privilege definition, a key object, a password, a licensing descriptor, a log file, and a shared secret. Each object represent a piece of information that together build and uphold the core values of SEP. All objects carry a unique Global Object ID and valid references to tell from where it originates. Every user is centrally associated to several global objects and as soon as a user connects with a SEP client, a built-in synchronization mechanism performs two-way synchronization to give the user access to newly created objects or modify existing ones. This is the quick overview but there are additional layers to the concept.
Another example would be if a user encrypts a file, thereby giving it a new Global Object, additional objects such as keys and security attributes may be created and associated with it. The secured file references these objects by ID, and accessing components will use this information to give end-user a potential access point. All that the user needs to do is to attempt to access the file, and will cryptographically gain access to it if the chain of objects referenced allows for it, and the key object is available.
Global Objects are created and handled in generically within SEP. This mean the synchronization processes in the system doesn’t differentiate between the types of objects, and they are treated in the same way according to a pre-set rulebook. The SEP Server evaluates based upon privileges should have each object, and make sure it gets distributed accordingly across the network. This process is transparent to end-users and provides IT management confidence that there is a strong audit trail and documented history of user actions and events.
Another value of Global Object Synchronization is that if an end user has 20 policies, 5 templates and several thousand encryption keys, the system can easily synchronize this data to any machine that is connected to the server. A user can even have several machines with the software installed and use the software at all machines that share the same central profile. A doctor can go to any machine and start sending and receiving secured emails and the software will provide a seamless solution while being confident that his or her profile data is protected locally through local security policies.