transparent encryption


Starting from SealPath version 3.0, we offer the ability to encrypt all types of files, so that only users who have permission can access the contents of the files. We offer the same identity encryption and control as the standard products, without digital rights management. Users with permission over the file can save the file unencrypted by saving a copy (“Save as …”) from the viewing or editing program being used. It is a type of content protection similar to that which a PKI or PGP system offers.

The same interface that SealPath offers for controlling digital rights can be used to encrypt a file:

  • Drag the file over a policy in SealPath Desktop.
  • Select a file or folder and apply a policy with the right button on the desktop.
  • Apply a policy or custom protection for recipients from the Outlook plugin.
  • Apply an automatic protection rule to a folder.

The SealPath protection system determines whether the file being protected belongs to the list of file types on which digital rights can be controlled. If the file is not on this list, encryption with identity check is applied.

In the encryption mode, the rights are not taken into account at the same level as in the digital rights mode. When SealPath opens, it takes into account whether the user has any permission or none, regardless of the type of permission. If the user does not have any permission, the opening is cancelled. If the user does have permission, the file will be opened and decrypted temporarily in the user’s personal directories and the application corresponding to the file extension will launch to show the decrypted file.

On the other hand, the opening of the file is transparent; it is not necessary for the user to manually unprotect it or to open the protected file from a special container. When the user double-clicks the file the operating system launches the SealPath application container. The container extracts the file protection policy and queries the SealPath server to determine whether or not the user has permission to open the file. If the user does not have permission, the opening is cancelled.

The user accesses the file within the corresponding editor, the same as if it were any other unencrypted file. Since it is protected with simple encryption mode, no actions within the editor are limited to the user.

Once the file has been opened, the application container continuously checks whether the file has been modified. When it detects that the file has been modified, it protects the modified content. Therefore, the encrypted file is managed transparently. It opens like any other file and the changes are saved in the encrypted file when the program used to work on the file is closed.

Which are the advantages of this type of encryption?

  • Encryption can be applied to any type of file.
  • Encrypted files open transparently, the same way that unencrypted files are opened.
  • The modifications made when editing an encrypted file are saved automatically in the original encrypted file when the application being used is closed.
  • The user who encrypts has tracking of the openings of the encrypted file, can revoke access to the file and can add expiry dates to the encrypted files.
  • Automatic folder protection applies digital rights protection on all the files supported and encryption on the files on which digital rights control is not supported. In encryption mode, SealPath guarantees that all files within the folder are at least encrypted. Therefore, the files are inaccessible for users without permissions and the files are stored or can be copied or transported with complete security. Files such as “msg”, “zip”, etc. are encrypted.
  • When the user protects an e-mail message, the protection applies to all files attached to the message. Therefore, the files are only accessible by the users present on the policy with which the e-mail is protected or by recipients. The sender also has the possibility to block the message and the attached files in case an error was made in sending to a recipient erroneously. The recipient cannot access any of the attached files, which are protected with digital rights or with encryption.
  • The encryption accompanies the file wherever it goes, it is not linked to the hard disk or the machine on which it is stored.
  • Encryption can be applied to local or remote folders. It is also integrated in SealPath FileServer for folders on file servers. The encryption in FileServer, the same as for the protection of Digital rights, can be applied to remote servers if the communication is made over SMB 3.0.