ARCHITECTURE

A summary of how the CryptoExpress approach to secure data transfer differs from traditional SSL.

Traditional SSL method.

Create an SSL encrypted channel to transmit data.

Data within the channel is in plain form, no encryption.

Sender and Receiver can read and understand the transmitted data.

The secured channel prevents third parties from viewing the data.

The CryptoExpress method.

In addition to the SSL channel CryptoExpress further encrypts the data using the private key of the intended recipient. The machine receiving the data at the other end of the SSL channel may not be the intended recipient but without the private key of the intended recipient the data cannot be read. The data flows as follows;

Data is encrypted with the intended recipients public key.

A secure SSL channel is created to further encrypt the encrypted data.

If the SSL channel is broken the unintended recipient or attacker cannot read the data as it has another layer of encryption.

While the secured channel can in most cases protect the data from view of third parties, only the sender and the intended recipient can actually read and understand the data.

Data storage.

CryptoExpress use a central server to receive and store the encrypted data when the intended recipient is offline. When the user/recipient connects to the server the data is then forwarded to them.

The server does not hold the encryption keys and stores only the encrypted data. Private keys are always on the client machine. The server can only determine whether the data is a message or a file and the intended recipient.