How does it work Home»Solutions»Data safe»How does it work
How does Data Safe work from the user’s perspective?
Every user must posses a token, which allows him/her to work with the computer and encrypted documents. To sign into the operating system, the user must insert the token. Afterwards, no complicated password is needed but a simple PIN, which verifies that the token has been inserted by its owner. From this moment, the user can work with the computer and access all the encrypted documents he/she needs for his/her work. If the user ejects the token, the computer is automatically locked and the encrypted documents are not accessible. The same applies in case of an automatic locking of the computer. The computer unlocks by repeated inserting of the token.
Of course, the Data Safe solution also takes into account the situation, when the user forgets their PIN or looses or forgets the token. In case the organization decides to help the user in this case, the user can launch an emergency mode from the sign-in dialog. By connecting to the central administration, the user can be temporarily allowed to work with the computer and be allowed access to the encrypted data. This unique way principally increases the availability of the computer and of the encrypted documents without decreasing their safety.
How does Data Safe work from the administrator's perspective?
A smooth operation of Data Safe is based on the central administration, which controls the entire system of securing the documents. The central administration can be accessible for various employees at various work positions and, by assigning the right role, it allows the performance of the desirable operations. The central administration allows the performance and precise control of the work procedures related to encrypting keys, encrypted documents, encrypting policies, tokens and emergency modes.
Everything starts with preparation and issuance of the token to a user. The preparation of the token lies in storing the encrypting keys to the documents the user should work with, and generating the sign-in information. All the encrypting keys are automatically backed-up in the central administration, and they can be, at any time, stored in the token in case of its loss or damage. Also, the sign-in data can be synchronized with the Active Directory.
Before being given the token, the user is filed in a work group (organization unit), which has a certain pre-set encrypting policy and encrypted documents. In major cases, there are several groups within an organization and, by filing the user in a certain group, the operations related to issuing the token are finished. Whenever the user accepts the token, everything works automatically. At the first login in the computer using the token, the encrypted documents become accessible and, eventually, the documents which shall be encrypted and still are not, encrypt.
During the everyday work of the user, sometimes a requirement to access the documents encrypted by an encrypting key will arise, which the user does not have access to by the token. The central administration allows to simply and immediately insert such an encrypting key in the user's token, remotely, using the computer with which the user works.
In case the organization decides to provide the users with the solution of emergency modes caused by forgetting the PIN or by loss or damage of the token, then the central administration controls the process of the emergency modes as well. This process lies in verification of the user and remote filing of the token or temporary unlocking of the computer and encrypted documents via an extra recovery token.
