The Gateway-Server for e-mail encryption and signatures with S/MIME, OpenPGP and HTTPS-Messaging.

Z1 SecureMail Station protects all of an organisation´s e-mail traffic against unauthorised access, manipulation and spoofing. This server based solution signs and decrypts all e-mail traffic at a central location. Z1 SecureMail Station is a new product variant of the successful Z1 SecureMail Gateway.

Retrieval of external public keys through a Security Service Provider (MSSP)

 

The Z1 SecureMail Station enables all management of business partners´ public certificates to be sourced out to a central Trust Point at a Managed Security Service Provider. Z1 SecureMail Station, as well as the company, is fully relieved of complex, time-consuming tasks like the acquisition, verification and administration of external certificates and PGP Keys.

Common access to a central, external certificate management service means that all Z1 Stations share a common certificate and PGP key pool that is professionally managed by the service provider´s PKI experts. For example a verified certificate is available to all Z1 SecureMail Stations connected to the certificate management service, immediately after an incoming e-mail´s signature has been verified by the certificate management service´s Z1 Station.

No local certificate management

Z1 SecureMail Station has, as opposed to Z1 SecureMail Gateway, no local certificate management. When an outgoing e-mail is encrypted the Z1 SecureMail Station accesses an external Z1 Backbone of Trust Server. This is connected to trust centres and certificate service providers worldwide and takes care of the acquisition, administration and verification of certificates and keys. The certificate management system Z1 Backbone of Trust runs in the highly accessible electronic data processing centre of an efficient and reliable service provider.

Advantages of using the Z1 SecureMail Station:

• Manual management of business partners´ public keys is no longer necessary.
• Time-consuming LDAP enquiries in a multitude of directories are no longer necessary.
• Manual verification of business partners´ public keys is no longer necessary.
• Regular, time-consuming downloads of multiple CRLs are no longer necessary.
• Time-consuming OCSP enquiries at a multitude of OCSP services are no longer necessary.
• Manual management of CA certificates is no longer necessary.
• A common pool of external public keys is shared.
• If a user imports a public key then this key is immediately available to all other users.
• Using applications with PKI technology is greatly simplified.
  A central contact person for all queries with regard to business partners´ public keys.
• Your own helpdesk is greatly relieved.

Linking a "Z1 SecureMail Station" to the Z1 SecureMail web-based administration interface is very simple:

Entering one or more certificate management server URLs as well as carrying out a further access procedure links the Z1 SecureMail Station to the administration interface. A suitable load distribution, in regard to a failover strategy, is determined in the same way. It is also necessary to enter a user ID in order to use the service. The necessary user ID can be requested online for evaluation purposes on the Zertificon Solutions GmbH website.

The central, external certificate management service offers a browser-based online user interface. The following functions are permanently available over this web interface:

• Announcements regarding supported trustcenters and PGP key certifiers
• Announcements and downloads of available CA certificates, CRLs and OCSP servers
• Announcements and downloads of additional 3rd party LDAP directories and PGP key servers
• Search for public certificates and keys in the local service databank
• Use a Meta-Search to look for public certificates and PGP keys in all connected directories and PGP key servers
• Validity checks of certificates and PGP keys
• Import/upload valid certificates and PGP keys to the service database

The central certificate management service is transparent for users. Business partners can easily make their public certificates and PGP keys available for users applications.