Validated Product - Voltage SecureMail Suite 2.0

Certificate Date: 29 May 2007

Validation Report Number: CCEVS-VR-07-0029

Product Type: Secure Messaging

Conformance Claim: EAL2

PP Identifiers: None

CC Testing Lab: InfoGard Laboratories, Inc.

Security Target [PDF]
Validation Report [PDF]
CC Certificate [PDF]

PRODUCT DESCRIPTION

The Voltage SecureMail Suite 2.0 is a secure email system using identity-based encryption (IBE) that allows users to communicate securely via email without requiring pre-registration by external users

The TOE (Configuration I) consists of a Voltage SecurePolicy Suite and a Voltage SecureMail plug-in for Microsoft Outlook, plus a Zero Download Messenger that may be used, if needed, by clients using only a web browser.

TOE Configuration II adds an IBE Gateway Server.

The Voltage Policy Server and the Voltage SecureMail plug-in for Microsoft Outlook email clients provide the minimum system configuration that provides the core functionality of the system, the ability to encrypt and decrypt email messages using IBE encryption and decryption. The Policy Server contains the following core functionality elements:

  • An Authentication Server that ascertains the authentication status of users or administrators. The TOE does not contain its own system for authenticating users or system administrators but instead relies on external authentication methods such as Windows Domain Authentication, or local system credentials.
  • A Key Server generates public/private key pairs using IBE (Identity-Based Encryption) cryptography. Public and private keys are generated on demand so there is no need for a private key server. Public keys may be stored within the system (in association with user names) for efficiency.
  • A Server Management Console provides a GUI for administering the system. Administrators are authenticated if they are logged into the Windows Domain and they are included in a local administrative group (VoltageConfigAdmins or VoltageAuditAdmins) on the server.
  • Authentication Adapters interface with enterprise authentication systems enabling the Policy Server to leverage enterprise authentication. The evaluated configuration uses the Microsoft Active Directory as the external authentication service provider.

The Voltage SecureMail plug-in for Microsoft Outlook integrates Voltage SecureMail Suite key management and usage capabilities with Microsoft Outlook Account Access functions, giving users the local abilities to encrypt and sign outgoing email messages, and to decrypt and verify signatures on incoming email messages.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Voltage SecureMail Suite 2.0 was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.2 and International Interpretations effective on 22nd September 2005. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2. InfoGard Laboratories determined that the evaluation assurance level (EAL) for the product is EAL 2. The product, when configured in accordance with the guidance associated with this TOE, satisfies all of the security functional requirements stated in the Voltage SecureMail Suite 2.0 Security Target. The TOE is physically delivered to the end user.

This IT product does not conform to a Validated Protection Profile. Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by InfoGard. The evaluation was completed in 2007. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report for Voltage SecureMail Suite 2.0, prepared by CCEVS.

Vendor Information


Voltage Security
Luther Martin
650.543.1280 x123
650.543.1279 (Fax)
martin@voltage.com

http://www.voltage.com/

--->