Trend Micro's Email Encryption product line leverages Identity Based Encryption technology to provide both desktop-to-desktop delivery of encrypted messages (Email Encryption Client), and now gateway-to-desktop encryption via the Email Encryption Gateway. The products are the result of the company's acquisition of Identum early in 2008.

In brief, Identity Based Encryption forgoes standard PKI implementations and instead leverages a user's E-mail address as their public key; from this key the vendor's own hosted key servers (which they state are deployed in central locations in nuclear bunkers) determine both the private keys that are supplied to the end users as well as random encryption keys that are used to encrypt the messages. I.E., target messages are encrypted via 256-bit AES using a randomly generated key. This random key is then itself encrypted via the user's public/private keys. To read a message, the end user provides the appropriate passphrase that authenticates them and enables them to unlock the encrypted random key; and that key is then used to decrypt the actual contents of the message.

On the sending side, the user can leverage an E-mail client--the Email Encryption Client--plug-in (Outlook, Outlook Express) to encrypt target messages prior to sending them to the recipient. Additionally, the new Email Encryption Gateway (which is delivered as a VMware Virtual Appliance) provides a means to analyze messages at the corporate egress point and automatically encrypt them based on corporate-defined policies. The Email Encryption Gateway can also work in tandem with existing Gateway security devices; applying encryption as a result of their own policy scans.

Recipients of an encrypted message can decrypt the message using their own Email Encryption Client or gateway, if they have them; and if not, can use a browser-based tool--accessible via an attachment included with the encrypted message itself--to decrypt the message, following the answering of some security questions. The first time the user attempts to decrypt a message in this fashion they are asked to register with the system and provide the security questions/information for subsequent decryption sessions. Thus, encrypted messages can be sent to any recipient; they need only later version Web browsers to ultimately read the messages.

The vendor states that the E-mail messages themselves are sent directly from the sender to the recipient, and not through the vendor's Key Servers. I.E., the Key Servers handle only the generation/management of Key registration information; they do not actually house or access message data.

Trend Micro's Email Encryption Client is available now; the Email Encryption Gateway is expected to be available on December 1, 2008 with a price of $60 per user per year. Volume discounts are available.

Visit the Trend Micro Web site for further information.