NMA ZSentry Director

Provides physical control of plaintext information and first encryption layer, ensuring an end-to-end secure tunnel from sender to recipient. Online servers cannot read any message. Meets financial services, ITAR, FISMA, and HIPAA regulations. ZSentry Director is installed and certified by ZSentry in systems that can be owned, controlled, and hosted by the customer. Securely interoperates with the online public ZSentry services.

Upgrade/Downgrade: At any time, customers can move users or even their entire solution from ZSentry Premium to ZSentry Director, and vice-versa.

Options & Pricing: ZSentry Director is a custom installation with the following options:
  1. Superencryption: Uses customer-based Pre-Encryption and Post-Decryption with keys known only by the customer, so that plaintext messages never enter or exit an online public ZSentry service and ZSentry itself cannot decrypt the customer-encrypted messages (see footnote [1]). All ZSentry functions are securely provided online, including user authentication, digital and timestamp signatures, Secure Forms, Secure Vault, and self-destruct (see footnote [2]).
  2. Stand-Alone: Superencryption and all ZSentry functions are physically controlled by the customer.
  3. Custom: All ZSentry functions are provided according to customer specifications. For example, as a combination of the two options above.
Get Quote
Choose an option above and click to get a quote.

Purpose: NMA ZSentry Director allows customers to (1) have full physical control of all plaintext information; (2) control the first encryption layer and keys; and (3) ensure an end-to-end secure tunnel from sender to recipient.

Often, organizations need to assure third-parties (including regulatory agencies) of external compliance with nontransfer and confidentiality rules, even in the presence of passive and active adversaries. ZSentry Director provides for a secure, usable, quick, auditable, and seamless exchange of high-value and/or critical information when such external assurances are required, for example in regard to health & financial service regulations, public election laws, US ITAR (International Traffic in Arms Regulations) and EAR (Export Administration Regulations), and no-foreign requirements, in special-purpose and mixed-use networks. ZSentry Director can, as defined by the customer, send and read messages also in interoperation with regular Basic and Premium users of the public online ZSentry service, fully supporting a multi-party regulatory environment where customers have varying needs to actively protect and control the release of private and sensitive information.

ZSentry Identity Verification: ZSentry Director can be part of a program when specific personnel or contractors may be required to use third-party verified, strong and secure authentication mechanisms for accessing information systems. This may include PoP (Proof-of-Possession) of a physical token or mobile device, a fresh second-channel challenge that changes for every authentication, identity verification by a notary, Dun & Bradstreet D-U-N-S Number verification, Credit Card and address validation, or as mutually defined. For more information, click ZSentry Identity Verification >>

Platform and Application Support: The Superencryption option does not require dedicated hardware and can be used locally in a desktop or mobile device, for Mail clients, Web browsers, and Cloud apps. All options can be used with applications in diverse platforms, including Mail clients (Outlook, Thunderbird), Cloud apps (Google Apps, Gmail, Yahoo Mail), Web browsers (Internet Explorer, Firefox, Safari), and Mobile (iPad, iPhone, SMS).

Appliance: A dedicated appliance is required only for the Stand-Alone and Custom options. To allay origin and trust concerns, and provide flexibility in meeting specific regulatory requirements for each customer, for these options we suggest that ZSentry Director be installed in hardware and firmware that is both chosen and physically provided by the customer.

IBM Business PartnerWe can suggest hardware provided by our partner IBM. The appliance can be hosted by the customer or as desired. ZSentry Director can run in one or more appliances, under customer fail-safe provisions.

ZSentry Inside: ZSentry Director may include ZSentry App and ZSentry Zero with Secure Mail, Secure Forms, and Secure Vault modules, and ZAuthority (see footnote [3]). May also include specialized ZSentry and custom modules in Microsoft .NET, Java, PHP and other languages. Web support is available online 24/7 over SSL SMTP and HTTPS.

Please request a Support Ticket >> for more information on purchasing and using the ZSentry Director.


[1] Superencryption (also called cascade encryption, or multiple encryption) is a technical term used in cryptography to describe encrypting already encrypted information. It also refers to the outer-layer encryption of a multiple encryption. Theoretically, it is well-known that the first encryption (which encrypts plaintext) is of higher importance for security. This is exactly the layer that ZSentry Director leaves for the customer process, where the message plaintext is handled. In short, encryption and keys are controlled by ZSentry in the outer-layer (the superencryption layer), whereas the customer controls them in the inner-layer. Of course, adding the independent use of the inner key is better for security. It is harder to break both inner and outer keys at the same time, and helps prevent unauthorized access in case of collusion or internal faults at the customer side. However, the major purpose of adding the inner-layer encryption in ZSentry Director is to allow the customer to singly deny information access by others, through the use of keys that only the customer knows and can change at will.

[2] In operation, upon receiving a ZSentry Director customer-encrypted message for delivery, an online public ZSentry service provides functions including plaintext header authentication and parsing, two-factor ZSentry user registration & authentication, per-user ZSentry encryption/decryption at the outer-layer, as well as message control, delivery, tracking, and routing, using the Premium User level. Online servers cannot read any message.

[3] ZAuthority is the administration authority for ZSentry Credentials. ZAuthority is included online in the Superencryption option, and in the appliance in the Stand-Alone or Custom options. ZAuthority supports multiple-authority models, including federated authority, with centralized user administration and control delegation, and common authentication architectures, such as RADIUS (Remote Authentication Dial In User Service), LDAP (Lightweight Directory Access Protocol) and Active Directory, as well as X.509/PKI (Public Key Infrastructure) and PGP (Pretty Good Privacy). ZAuthority includes the ZSentry registration service (ZS Registration) and the ZSentry Issuer (ZS Issuer), with capabilities to register users and issue, reset, recover, upgrade, downgrade, suspend, and revoke ZSentry Credentials. More information at ZSentry Authority [PDF].

Main Technical Notes
Overview   Key Features   ZSentry App   ZSentry Client   API   Smart IT   SAML & SSO
  Security   Usability   HIPAA & HITECH   Experience   Why ZSentry?   Red Flags   SUMMARY

Development and © by NMA

Trademarks and Copyrights as described in our Legal Statement. We protect Your Privacy.