SecureAge Technology



	SecureAge^® l SecureEmail l SecureFile l SecureDisk
	SecureAge®
	General
	1.	What is SecureAge^®?
	2.	What is the underlying security technology used by SecureAge^®?
	3.	What system does SecureAge^® supports?
	4.	Is SecureAge^® free and how do I download SecureAge^®?
	5.	I am having problem not addressed in this FAQ, where can I get help?
	Digital Certificate and Private Key
	6.	What are Digital Certificate and Private Key?
	7.	How can I access my personal digital ID (private key & digital certificate)?
	Public Key Infrastructure (PKI) Support
	8.	What is Public Key Cryptography?
	9.	Does SecureAge^® support key and certificate generation?
	10.	Does SecureAge^® support Light-weight Directory Access Protocol (LDAP)?
	11.	Does SecureAge^® support Certificate Revocation List (CRL)?
	12.	Does SecureAge^® support On-line Certificate Status Protocol (OCSP)?
	Smart Card and USB Token
	13.	Why is it better to store my private key on a smart card or USB token?
	14.	What do I need to do in order to make use of a smart card or USB token with SecureAge^®?
	15.	What else can SecureAge^® do with a smart card or USB token?
	Product Activation
	16.	What is product activation?
	17.	How do I enter my product key?
	18.	How do I activate my product key?
	19.	Do I need to re-activate my product key if I re-install SecureAge^®?
	20.	After I change my machine configuration, I am being asked to re-activate my product key again. Why?

	General
	1.	What is SecureAge®?
		SecureAge® is a Microsoft Windows based software that provides a comprehensive set of security solutions to safeguard organization's proprietary corporate information. It comes with the following basic components: SecureEmail module secures (using S/MIME standard) all your email communication with other email users. It ensures the emails that you have sent out or stored on your local drive or file server are fully protected. It supports standard email software like Lotus Notes, Microsoft Outlook, Outlook Express, Eudora and Netscape. It also supports web mail access to the Exchange, Lotus Domino and Sun Messaging servers. Optional support to public web mail systems like Hotmail and Yahoo Mail are also available. SecureDisk module secures an entire disk volume on your desktop, laptop or network drive transparently. Its powerful PKI capability allows the secure disk volume to be easily and securely shared among any selected group of users. SecureFile module provides digital signature and encryption capabilities to protect individual file/folder on your machine and for securely exchanging them with other users. It also comes with a powerful "Wipe" file utility that allows you to erase files without the concern that someone else may recover them later using sophisticated tools.
		[ Back to top l Back to 'General' Questions]

	2.	What is the underlying security technology used by SecureAge®?
		SecureAge® supports a wide range of standard security algorithms and protocols listed below: Full PKI technology for key and digital certificate management Support SSL, S/MIME standards for network and data/email security Support a full range of smart cards and USB tokens for secure key storage Support highest security encryption algorithms like 256-bit AES, 168-bit 3DES, RC-4, RC-2, etc. Support strong public key algorithms like 1024/2048-bit RSA algorithms. Support digital IDs (keys and certificates) issued by standard public Certificate Authorities.
		[ Back to top l Back to 'General' Questions ]

	3.	What system does SecureAge® supports?
		The software runs on Windows 95/98/NT/2000/ME/XP.
		[ Back to top l Back to 'General' Questions ]

	4.	Is SecureAge® free and how do I download SecureAge®?
		SecureAge® comes with a 30-days free trial period. Once the trial period expires, you have to purchase a license to continue using SecureAge®. If you are interested to evaluate our SecureAge® solution 30-days free trial, please email your request to contact@secureage.com.
		[ Back to top l Back to 'General' Questions ]

	5.	I am having problem not addressed in this FAQ, where can I get help?
		You could approach your authorized reseller, or contact us at support@secureage.com. For the technically inclined user, you might want to check for the error log files in the following directory: <drive>:\Documents and Settings\<user>\Application Data\SecureAge Technology\SecureAge\Log
		[ Back to top l Back to 'General' Questions ]

	Digital Certificate and Private Key
	6.	What are Digital Certificate and Private Key?
		Digital certificate is a file that contains the user's information, signed by the Certification Authority (CA). It also contains the public key of the user which is made publicly available to all the other users. The private key which corresponds to the public key in the certificate is a secret key that is kept by the user, either in the form of a smart card, USB token, or stored on the local hard disk. The private key and the public key are very large numbers that are generated with special mathematical property. Specifically, the private key can be used to digitally “sign” a document or email in which the signature can be verified by the public key (or the certificate containing the public key). For encryption, other user can encrypt a digital document or email to the user by using the user’s public key. In this case, the encrypted content can only be decrypted by the user’s corresponding private key. These two operations are the foundation of public key cryptography technology.
		[ Back to top l Back to 'Digital Certificate and Private Key' Questions ]

	7.	How can I access my personal digital ID (private key & digital certificate)?
		In a secure environment, your digital ID should be stored on a smart card or USB token. This ensures that no one can copy the secret keys without the proper PIN. Alternatively, your digital ID can be stored on the local hard drive or on a removable storage device. In such cases, the private key is protected by password based encryption. The user will need to enter the correct password in order to access his/her digital ID.
		[ Back to top l Back to 'Digital Certificate and Private Key' Questions ]

	Public Key Infrastructure (PKI) Support
	8.	What is Public Key Cryptography?
		It is a modern branch of cryptography in which algorithms employ a pair of keys (a public key and a private key) and use a different component of the pair for different steps of the algorithm. For encryption, when A wants to ensure confidentiality for data it sends to B, it encrypts the data with a public key provided by B. Only B has the matching private key that is needed to decrypt the data. For signature, when A wants to ensure data integrity or provide authentication for data it sends to B, it uses its private key to sign the data (i.e., create a digital signature based on the data). To verify the signature, B uses the matching public key that A has provided. In order to ascertain a user’s public key is valid, the public key and relevant information (e.g. name, organization, email address, etc) of the user can be put together and digitally signed (endorsed) by a trusted Certification Authority (CA). The resulting digital document is known as a digital certificate.
		[ Back to top l Back to 'Public Key Infrastructure (PKI) Support' Questions ]

	9.	Does SecureAge® support key and certificate generation?
		Yes. SecureAge® provides native generation of RSA key with strength up to 4096-bit. When deployed in conjunction with SecureAge® SA PKI, SecureAge® acts as a full PKI client with the capability of performing certificate request, retrieval, revocation, and renewal. When used with any third party CA, SecureAge® provides a complete interface to import key and certificate in PKCS#12 file format and PKCS#11 smart card and token format.
		[ Back to top l Back to 'Public Key Infrastructure (PKI) Support' Questions ]

	10.	Does SecureAge® support Light-weight Directory Access Protocol (LDAP)?
		Yes. SecureAge® supports LDAP for certificate look up in both manual and automatic modes. In the automatic mode, SecureAge® LDAP supports will automatically search and download missing certificate from the LDAP server. This allows the user to send encrypted email seamlessly even when he or she may not have the recipient’s certificate locally.
		[ Back to top l Back to 'Public Key Infrastructure (PKI) Support' Questions ]

	11.	Does SecureAge® support Certificate Revocation List (CRL)?
		Yes. SecureAge® provides a comprehensive support for CRL checking, update and retrieval. CRL is always checked every time a certificate is used in any SecureAge® operation, including email signing, verification, encryption and decryption. CRL can also be configured for automatic download from LDAP and Web server. Any certificate that comes with valid Certificate Distribution Point (CDP) will also be updated automatically.
		[ Back to top l Back to 'Public Key Infrastructure (PKI) Support' Questions ]

	12.	Does SecureAge® support On-line Certificate Status Protocol (OCSP)?
		Yes. SecureAge® supports automatic OCSP checking to complement its CRL support. The real-time nature of OCSP checking for certificate validity assures that SecureAge® is protected against security gap that may be introduced even after a certificate has been revoked.
		[ Back to top l Back to 'Public Key Infrastructure (PKI) Support' Questions ]

	Smart Card and USB Token
	13.	Why is it better to store my private key on a smart card or USB token?
		Smart card or USB token provides an additional layer of physical protection to the user’s private key. The private keys that are stored in the smart card and USB token cannot be copied if they fully conform to the PKCS#11 standard. Furthermore, most of the smart card and USB token also come with autolock feature such that the smart card and USB token are rendered inoperable once too many wrong PINs are entered.
		[ Back to top l Back to 'Smart Card and USB Token' Questions ]

	14.	What do I need to do in order to make use of a smart card or USB token with SecureAge®?
		Each smart card or USB token comes with their specific device driver. You will need to install the device driver in order to make use of these smart card and USB token. You will also need to specify the exact PKCS#11 device driver file name in order for SecureAge® to use the corresponding smart card or USB token. Some commonly used device driver file names are already pre-configured in SecureAge®. If you are not sure which file name to specify, please check your smart card or USB token user guide.
		[ Back to top l Back to 'Smart Card and USB Token' Questions ]

	15.	What else can SecureAge® do with a smart card or USB token?
		SecureAge® is capable of generating keys directly within the smart card and USB token. This ensures that the keys are never exposed to untrusted machines and hence provides the highest level of key protection security. SecureAge® can also import a software key directly into the smart card or USB token. This allows the user to initialize the smart card or USB token with the key and certificate they obtained from any CA in the form of PKCS#12 digital ID.
		[ Back to top l Back to 'Smart Card and USB Token' Questions ]

	Product Activation
	16.	What is product activation?
		SecureAge® comes with a product licensing scheme that ties the product license to your machine configuration. This is very similar to Windows XP product licensing scheme. By entering the product key that comes with your SecureAge® software, you will enjoy using the product features for up to 30 days. Anytime during this period, you may activate your product key to receive the full product license from the SecureAge® license server. You can then make use of the SecureAge® product for as long as you are entitled to under the product key that you have purchased.
		[ Back to top l Back to 'Product Activation' Questions ]

	17.	How do I enter my product key?
		Product key can be entered during the software installation time. Alternatively, you can right click on the SecureAge® icon (bottom right-hand corner of your screen) and select "About SecureAge". You can then click on the appropriate product key button.
		[ Back to top l Back to 'Product Activation' Questions ]

	18.	How do I activate my product key?
		You need to activate your product key only if you are using end-user product key. Right click on the SecureAge® icon (bottom right-hand corner of you screen) and select "About SecureAge". You can then click on "Activate..." to activate your product key.
		[ Back to top l Back to 'Product Activation' Questions ]

	19.	Do I need to re-activate my product key if I re-install SecureAge®?
		Usually, you do not need to. However, if the activated license code is removed from your machine (e.g. you have reformatted your hard drive), you will then need to re-activate you product key again. If there is no change to you machine configuration, the same product license will be retrieved from the server.
		[ Back to top l Back to 'Product Activation' Questions ]

	20.	After I change my machine configuration, I am being asked to re-activate my product key again. Why?
		SecureAge® comes with a product licensing scheme that ties the product license to your machine configuration. You can reactivate your product key if you have not exceeded your activation limit. If you have exceeded your activation limit, you will need to purchase additional product key from an authorized reseller. If you have legitimate reason for exceeding your activation limit, please contact us at: support@secureage.com.
		[ Back to top l Back to 'Product Activation' Questions ]