LAMBsecuresm

LAMBsecuresm is a secure communication service providing the delivery of encrypted data, reports, images, or any other kind of data through standard email directly to individuals or manual processes. Additionally, LAMBsecuresm provides the means to replace the fax machine with secure, reliable, point-to-point transaction delivery between trading partners. Encryption is automatic and "behind the scenes." Plus, audit and tracking logs are available on-demand showing "who" sent "what" to "whom" and "when". Our secure messaging does not require any new software or hardware or changes to current security and HIPAA polices in place at the providers' offices. LAMBsecuresm uses standard email protocols to minimize any impact to internal security policies and firewalls.

The key difference between LAMBsecuresm and other secure email products is that encryption and key handling is managed automatically and invisibly requiring no intervention or maintenance by the end user. To provide the best and most robust secure messaging, LAMBsecuresm uses a separate email channel (Outlook or other email clients are not required). This insures communication requiring privacy and security is not inadvertently mixed with unsecure messages, thereby running the risk of sending private information in the clear.

Encryption Overview

Our encryption system was developed to provide a process which is scalable, invisible and secure. Our system supports a roll out of hundreds or thousands of trading partners dynamically in an ad-hoc environment. Trading partners or systems that come online must be able to trade immediately within the community.

Secondly, our customers should not be concerned with the management of the encryption process including keys. The entire encryption system is invisible to the end-user. Key management including updates, expirations and new keys are all automated functions. There is nothing for the end-user to do.

Thirdly, the encryption system must be secure. We use standard techniques but with a few twists. These twists make it very difficult for anyone to decrypt a transaction. All transactions are encrypted. No transaction is sent in the clear. If the encryption (outbound) or decryption (inbound) fails, the transaction does not move off the server. We use symmetric encryption which is stronger, bit for bit, than asymmetric encryption (PKI). There are no public/private keys. Only private keys. The twists are that no key is sent with the transaction and only partial information about the encryption is delivered. Basically, the receiver gets only half of the information required to decrypt. Every installation has its own unique key.

When a transaction is ready to go out, certain properties of the data file are used in combination with the sender’s encryption key and the receiver’s encryption key. This generates a dynamic, one time use key which seeds the actual encryption algorithm. The encryption engine can have more than one algorithm available to use. The engine can dynamically select a different algorithm based on the transaction type, the receiver or any other criteria.

Once the transaction is encrypted, it is delivered to the receiver. No keys are attached with the transaction. When the transaction is received, all that is known is that this transaction was for this receiver from a certain sender. Using this knowledge combined with certain parameters about the transaction data, the receiver’s decryption process rebuilds the dynamic, one time key that is used to seed the decryption engine.

It is important to note that the encryption occurs before the transaction leaves the server hosting LAMBsecuresm and is not decrypted until the transaction is physically on the server hosting the receiver’s LAMBsecuresm application. Thefore, the data is encrypted even when traveling through the sender’s and receiver’s internal communications.