PDF Print E-mail

@TheOffice Technology Highlights

Core technology innovations

“Virtual IP address” Allows remote users secure access to the company resources such as file servers, printers and database applications transparently, without requiring reconfiguration of these applications when roaming. Once a user is connected via @TheOffice the network treats the connection as part of the corporate LAN. All IP traffic is securely tunnelled between the Virtual IP address and the LAN.

IPSec over P2P. To solve the problem of firewall and NAT traversal, Trispen developed a proprietary protocol that tunnels all IP traffic over IPSec and then over a peer to peer connection. This eliminates firewalling configuration in almost all circumstances. Both gateway and client software will only make outgoing connections to Trispen's Lookup Server.

Certificate based authentication. The Gateway issues a Digital Certificate to users during the enrolment process. To facilitate mobility, these certificates are stored securely both on the remote PC and the Gateway. This enables users, with the correct credentials, to connect from different PCs.

Windows Domain Integration. The Gateway automatically authenticates users against the Windows user database during enrolment, to identify the user before a certificate is issued. Once the certificate is issued, the user authenticates him/herself using the certificate and a private key pass-phrase. On subsequent connections, the gateway will verify that the user is still active on the Windows database before allowing the connection to proceed.

Security considerations

Although @TheOffice.Wherever! is extremely easy to use, the underlying technology created to achieve this transparency is extremely sophisticated.

  • High-level cryptographic mechanisms offer maximum protection of privacy and ensure network security.
  • 3DES & AES encryption standards may be used interchangeably on a per gateway basis.
  • Users enrol for certificates over an encrypted TLS (SSL) Session.
  • The user’s private key is stored on the gateway and on the user’s PC in encrypted form, protected by the user’s personal pass-phrase. The gateway never obtains any information to decode this private key.
  • Dynamic firewalling feature assures that the user cannot inadvertently become a “router” between the office network and the Internet by automatically restricting all other traffic from the Internet and outside of the local subnet
  • The gateway has a built-in automated Certificate Authority (CA) and automatically issues all required user and gateway certificates.
[ Back ]
©Trispen Technologies 1999-2010