SecureLine^TM: Email Encryption

About SecureLine

A lot can happen on the digital path from sender to recipient. Attackers are finding more ways to intercept and scan emails for sensitive or confidential information, so it's important to take precautions. To ensure your emails are always private, especially those holding confidential information, you want to protect your cyber presence with an advanced end-to-end secure email encryption. LuxSci's SecureLine^TM provides an encrypted and secure solution for emails to be sent from any customer to any recipient. SecureLine^TM has been around since 2005 providing a comprehensive, easy-to-use email security solution for mobile devices, desktop applications, and LuxSci's WebMail. SecureLine^TM is also HIPAA (Health Insurance Portability and Accountability) compliant, making it the perfect solution for medical and health care professionals sending ePHI in email messages.

How SecureLine Email Encryption Works

HIPAA compliance requires that the transfer of any sensitive or confidential patient health information (ePHI) over the Internet is done securely. Our SecureLine^TM email encryption system is designed to do just that. SecureLine seamlessly and dynamically integrates the following modes of secure email transmission to ensure that you can securely communicate with anyone, no matter what email system they have.

• SMTP TLS - SMTP TLS enables mail servers to transfer email between themselves in a secure manner, even if the messages themselves are not internally encrypted. TLS provides secure email delivery to recipients whose email servers support a sufficint level of TLS (which includes about 85% of recipients). LuxSci fully supports TLS and uses only FIPS/NIST-recommended security protocols and ciphers.
• SecureLine Escrow - SecureLine Escrow requires that a recipient actively verify his or her identity before s/he can access a message via a secure web portal. Escrow provides secure email delivery, authentication, storage, transmission, and auditing for messages to anyone with an email address. Which is better: TLS or Escrow?
• SecureLine PKI - SecureLine^TM PKI uses public key certificates (PGP and/or S/MIME) to internally encrypt email messages before sending them to the recipients. The recipients must also be using PKI for this method to be useful.

Extremely Flexible Encryption

HIPAA requirements are extremely vague and decisions on risk, security, usability and applicability are generally in the hands of each individual organization. As such, LuxSci's email security system is uniquely flexible, allowing you to "dial in" where you need to be on the spectrum from high usability to high security.

For those who wish to leverage of the easy of use offered by SMTP TLS as much as possible, LuxSci offers some very unique features:

• Dynamic TLS: LuxSci determines dynamically, at the time of message delivery, which of your recipients support TLS and which do not. For those that do not, LuxSci automatically falls back to Escrow or PKI for secure message delivery. You do not have to pre-configure anything to use TLS to the maximum degree possible. You also do not have to worry about messages being delivered insecurely to people who do not support TLS.
• Exclusive TLS: When the ease of opening email messages is more important than email delivery (e.g., for email marketing), TLS Exclusive is appropriate. With this technology, Dynamic TLS is used to determine which recipients will get your messages securely over TLS. Messages to everyone else will be automatically dropped. This is ideal for securing all your email using TLS, while not annoying the 10-15% of recipients using poor email systems with portal-pickup email messages.
• Upgrading Encryption: Use a button in WebMail, options in our API, or content triggers in SMTP to upgrade individual messages from TLS-only delivery to stronger levels of encryption, such as Escrow, on demand.

There are many, many other flexible options in Secureline, including:

• Selective TLS: Instead of using TLS everywhere possible, you can instead choose to use TLS only with specific recipients and/or domains.
• Opt Out: On a per-message basis, you can permit users to disable the need for any special encryption.

SecureLine Meets Your Compliance Needs

When you sign up for HIPAA-compliant email, SecureLine ensures that all email messages sent via SMTP, API, or our WebMail interface are sent securely, while remaining flexible enough to allow exceptions where appropriate for usability. The chart below shows how SecureLine can be adjusted to fit the scope of your compliance.