TrustX

• Send and receive secure email messages
• Enable, disable or shred sent messages
• Specify the level of trust required to read an email or download an attachment
• See who has accessed your sent emails
• Multi-platform options – web access, Outlook add-in, Apple application

Read more about TrustX features

• The sender of a secure email uses any of the supported email clients to create the email, specify the level of trust, and send it. Secure emails are automatically routed to TrustX services where it is securely stored until accessed.
• A “proxy” email is sent to all recipients indicating that a secure email is available for reading.
• The recipient clicks on the proxy email to read the secure contents. This read request goes to the TrustX services.
• TrustX queries the recipient’s mobile device to authenticate the recipient of the secure email. Higher trust levels may require more authentication data, including biometrics, such as face or voice.
• The recipient provides the requested authentication data which is returned to TrustX services for authentication.
• When the recipient is positively authenticated, the contents of the secure email are made available to the recipient.

Biometrics are things about you that are physically detectable and unique. Your fingerprint, face, and voice are examples of such biometrics. When a recording of your voice is compared to a previous record that was collected during enrollment, it is possible to strongly authenticate you as the person who originally enrolled. The same is true of other biometrics, such as face. TrustX currently supports face and voice biometrics. In addition, we are enrolling palm prints for potential use in the near future.
Learn more about biometrics

Any authentication method can be compromised, including biometrics. This is why a multi-factor security solution is so important, as is the use of multiple (“multi-modal”) biometrics, such as face, combined with voice, palm, or others. Such combinations of biometrics and factors are much harder for an intruder to defeat than any single mechanism.

In addition, many biometrics algorithms offer liveness detection, and these anti-spoofing mechanisms are improving every day.

Passwords, when used alone, are vulnerable to many attacks:

• They can be written down and subsequently lost or stolen.
• Many of us are guilty of using the same password for many different purposes, which also increases the chances of compromise. If the password is compromised at one site, all other sites/applications protected by the same (or similar) password are threatened.
• Passwords can often be guessed based on personal information either casually known about the user (e.g., family names, favorite hobbies) or acquired through social media sites (e.g., schools attended, cars owned).
• Passwords can be stolen remotely through viruses (e.g., keyloggers) on your computer.

So-called "strong" passwords attempt to address the threat of brute force attacks (where the attacker tries to guess the password by trying many combinations) by using numbers and special characters to increase the possible character combinations in a password. Such an approach does nothing to deal with passwords that are simply stolen (e.g., through a computer virus) and, ironically, such complex passwords increase the likelihood that the user will write down the password and thereby make it more vulnerable to discovery.

TrustX uses strong security measures to protect Customer Data from unauthorized access, maintain data accuracy and to help ensure the appropriate use of Customer Data. These security measures include encrypting the data, securely storing encryption keys separately from the data, digital signatures to ensure the continuing integrity of that data (as well as to evidence any tampering with the data), firewalls, intrusion detection systems, 24 x 7 physical protection of facilities where data is stored, background checks (as permitted by law) for personnel that access physical facilities, and strong security procedures all service operations. These measures help ensure that Customer Data is safe, secure, and only available to the Customer to whom the information belongs and those to whom the Customer has granted access. Customers are responsible for maintaining the security and confidentiality of their TrustX PINS, passwords, or any other “secret” information used as part of the authentication process.

Customers are also responsible for ensuring that the email addresses or user ids they use for sending secure emails or for granting other forms of access are the addresses or user ids registered by the intended recipients with TrustX.

If you are using Outlook with our TrustX add-in as your email client, then you can send and receive non-secure emails intermingled with secure emails.

If you are using the secure TrustX email portal, then you can only send and receive secure emails via this email client.

Yes. Unlike most other mobile applications, customer support is available. Our web site at www.trustx.com provides a telephone numbers where you can request support, and the hours of operation for each region.

Many “unsupported” devices will work with TrustX, but TrustX has only tested the ones listed above. As a result, it is possible that some features may not work with an unsupported device, thus limiting your user experience.

While we will not take customer support telephone calls on unsupported devices, you can email us any problems you experience and tell us about new devices you’d like to see supported. We’ll take your feedback into account when planning future releases!

There are many ways to verify a recipient’s email address, but whatever method you use should give you confidence that this is the person registered in TrustX under that email address. For example, a person could tell you (either in person or over the phone) which email address they have registered with TrustX, or a business organization could publish a list of validated email addresses registered with TrustX by employees.

IdentityX is the underlying authentication technology that supports all TrustX services. This technology is licensed by TrustX to provide hosted services, starting with the secure email capability. For more information on IdentityX, go to www.identityx.com.

TrustX protects your identity by ensuring that no authentication information is stored on the phone. The TrustX design emphasizes a model in which your phone only collects and transmits authentication information (such as your PIN, face/palm photo, and voice sample) -- it is not stored locally on the phone. This provides you with the peace of mind of knowing that if you ever lost your phone, an attacker could not extract personal information for future use.

If a mobile identification solution were to store information on the phone (e.g., storing your PIN on the phone in order to perform PIN matching without having to connect with a server), then a lost phone risks compromise of the PIN. When the customer replaces their lost phone and initializes their account with a new mobile device, their identity is at risk from any such compromised identity information.

TrustX is firmly committed to the protection of your identity, and this extends to eliminating the risk of lost identification information. By ensuring that your information is not stored on the phone, you are protected even when you've lost your phone,

As you may be aware, security professionals are abuzz over the March 17, 2011 announcement from RSA that a severe security breach had occurred on their servers. Although details were not disclosed, it is clear that a compromise of secret server-stored “seed” codes represents a serious and far-reaching weakness of solutions relying on one-time passcode (OTP)-generating tokens. For standard security tokens that display a changing series of digits, these secret seed files are stored on both the server and hard-coded into the fob. A compromise of the seed file on the server means that a new fob must be created and distributed to clients; furthermore, security is defeated before such compromises are detected and each time new hardware is being deployed.

The TrustX solution is not vulnerable to this type of attack, as it employs a multi-layered security approach that does not rely on a simple shared secret. TrustX technology combines multiple authentication techniques: something you have (a smart phone), something you know (a PIN/passphrase), something you are (multi-modal biometrics such as face, voice, and palm) and even somewhere you are (GPS).

Yes. During transmission all data is encrypted via TLS Mutual Authentication. (TLS is the successor to the well know IEFT standard for SSL.) TrustX offers mutual authentication (two-way authentication) so that the mobile device or service provider application authenticates itself against the server and the server authenticates itself to the mobile devices and service provider application(s).