Drug discovery and development work is increasingly a group effort. In many cases, researchers even within a company are geographically dispersed, and research and clinical trial collaborations are often done with third-party organizations.
So there is a growing need for secure ways to protect the intellectual property within shared research data files and maintain HIPAA patient confidentiality requirements when clinical trial data is being shared.
In spite of the availability of secure file-sharing programs on the market, e-mail is still the most common way people exchange information. One way to protect data shared in collaborations is to encrypt e-mail messages.
But anyone who has worked with e-mail encryption products knows the complications involved. Namely, both the sender and receiver must purchase and install the same software (something that is not always possible) and the software is often complicated to use.
Last week, Secured eMail used the InfoSecurity trade show in New York for the U.S. public debut of the Enterprise Edition of its secure messaging product line. The product line, which already includes a home, professional, and corporate version, combines strong encryption technologies with easy-to-use features such as integration with Microsoft Outlook. But a key differentiator is Secured eMail's licensing approach.
Secured eMail is taking an Adobe-like approach to encryption. "When someone sends out a pdf file, recipients use Adobe Reader," said Peter Davin, Secured eMail's CEO. "It's the same concept here. The recipient doesn't have to buy software, they can download a free reader." In Secured eMail's case, the "reader" is available from a number of websites, including Microsoft's Office Marketplace (here).
The software uses 256-bit Advanced Encryption Standard (AES) encryption algorithm. It combines this with a Secured eMail technology called System SKG, which generates one-time dynamic keys using the SHA1 (secure hash algorithm 1).
A person wishing to send an encrypted message must install one of the versions of the Secured eMail software. This places a new "Send Secured" button below Outlook's normal "Send" button.
Once the software is installed, a message is composed in exactly the same manner whether it is to be secured or not. If the message needs to be encrypted, the only thing the sender has to do is hit the Send Secured button instead of the traditional Send button.
The first time a person sends an encrypted message to another person, a dialog box pops up and the sender is asked to enter a phrase (a shared secret) that he and the recipient have agreed to in advance.
When the first encrypted message arrives in a recipient's mail box, he or she is notified that it is encrypted and is prompted to download the free Secured eMail Reader. Once that software is installed, the recipient enters the agreed to secret phrase and the message is automatically decrypted and displayed in a normal manner.
The recipient has the choice of sending an encrypted or non-encrypted reply. The Secured eMail Reader software allows the reply to be encrypted. If a recipient wants to send an encrypted message to someone else, he or she will need to buy the software. (However, the reader software allows a person to send 10 encrypted messages to other people for free.)
If the recipient does not use Outlook, the reader will display the incoming message in a browser.
Currently, the software is tightly integrated with Outlook, but there are plans to extend the software to other major e-mail systems. For example, Secured eMail has partnered with IBM and Novell to develop integrated versions for, respectively, Lotus Notes and Groupwise. Additionally, the company has partnered with HP because "in Europe, they handle many large Microsoft Exchange accounts," said Davin.