CERBERUS

Vulnerabilities Threats Countermeasures

Document Security

FIPS PUB 140-1
DOD 5220.22-M
NCSC TG-25
FIPS PUB 81
FIPS PUB 180-1
DOD 5200.28-STD

INFOSEC
Cryptosystems
Passphrases
Windows® Leaks
System Settings

QUESTIONS?

Our INFOSEC products are purpose-designed for the security-hostile environment
of Windows® PCs, and incorporate specific forensic software countermeasures. They incorporate the Cerberus library of 168-bit Triple-DES ciphers, ANSI X9.17 key generation, SHA-1 hashing, and DOD 5220.22-M disk overwriting functions that meet the data Purging requirements of NAVSO P5239-26, AFSSI-5020 and AR380-19. Their implementation is designed to meet or exceed (and to pass the DERIVED TESTS for) level 1 of FIPS PUB 140-1, SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES.

Our products automatically check their own integrity, per FIPS PUB 140-1. However, they also analyze your system configuration for potential security leaks, and provide system re-configuration options to maximize the effectiveness of their automatic DOD 5220.22-M data remanence countermeasures. These countermeasures are designed to defeat encryption-bypassing attacks with the kinds of forensic software that was developed for evidence recovery from hard drives, but is used in industrial espionage.

These standards-compliant, high-grade cryptosystems are not only designed to protect the confidentiality and integrity of the sensitive data which you use them to encrypt, but they also

• will not interfere with backup software that protects its availability;
• will not trash your files if power fails in mid-encryption; and
• will not crash or delay the shut-down of your PC or laptop.

AVAILABILITY

We do not sell weak encryption products. Consequently, all versions of our software are only available subject to United States export controls. To assist in ensuring compliance, each copy is cryptographically "branded" with the Licensee's name.

NOTE: Our individually licensed software cryptosystems incorporate high-grade ciphers (specifically, CBC-mode triple-DES with 168-bit keys). They do not incorporate either overt Law Enforcement Access Fields or covert channels to leak keying information. They are thus considered "encryption items" - Category EI in the Commerce Control List, 15 CFR 774, subject to the Export Administration Act, 50 USC 2401. The penalty for their export from the United States without a BXA license, except to Canada is a fine, not to exceed $1,000,000 and/or a prison term, not to exceed 10 years, for each offense.

Demonstration versions of our products are available as downloads for both Win4.x platforms (Win4.0/Windows 95, Win4.1/Windows 98) and for Windows NT platforms (NT4.0, NT5.0/Windows 2000 and NT5.1/Windows XP). We also make available this 32-bit version in an installer for Windows 3.1/3.11 and Windows for Workgroups 3.11 users who've installed Microsoft's free Win32s package, as well as a separate 16-bit version. These three InstallShield® installers range between 0.75MB and 1MB in size.

To comply with US law, demonstrators are compiled without the private masterkey generating function. They include all other cryptographic functions of the full products, but files which they triple-DES encrypt can be unconditionally decrypted by anyone else with a demonstrator. This not only allows you to examine the "look and feel" of their user interfaces, but to test their encryption execution speed on your system.

An e-mailable, self-extracting zip-archive of less than 100KB (16-bit or 32-bit versions) upgrades a demonstrator to a fully-functional, individually licensed cryptosystem. The Change your passphrase function quickly secures all the files you encrypted with a demonstrator, by replacing their prepended session keys encrypted with the zeroized masterkey by copies encrypted with the masterkey generated from your passphrase.

TERMS and CONDITIONS

Each software cryptosystem is Individually Licensed to the user for whom it is customized by cryptographic branding (to aid in tracing export controls violations).

That Licensee may install as many copies on as many machines as s/he wishes, assuming that the machines' owner(s) agree.

The purchaser is not necessarily the Licensee, such as the case of organizations availing themselves of our step-pricing discounts on copies Licensed to additional individuals for whom they are incrementally purchasing Licensed copies.

The cryptographic branding is intended to keep export controls compliance liability with the user/Licensee, regardless of who the purchaser is. Consequently, neither the purchaser nor the Licensee may transfer the License to anyone else.

The full text of the End User License Agreement is here:

Unless or until we can obtain advice of counsel to the contrary, we must receive the warranty of export controls compliance on our Order Form, signed by the Licensee, before shipping a Licensed Updater for that Licensee.

However, credit card purchasers may submit the signed order form by facsimile transmission (Group II) to: 978-454-4600. Other purchasers may submit the signed order form and check or money order by U.S. Mail to the above-mentioned address.

In any case, Licensed Updaters are shipped immediately upon verification of US or Canadian address and domain specified for e-mail delivery - usually the same day.

NOTE: Organizations which are purchasing multiple copies and are willing to assume responsibility for export compliance by their users should order Corporate versions, which are transferably Licensed to the purchasing organization, rather than to the end-user. Each copy is cryptographically branded with the name of the organization and a number, rather than the end-user's name, and is Licensed on a per-machine basis, rather than a per-user basis, under the terms of our Corporate End-User License Agreement.

PRICING

Every cryptographically branded copy of a product we customize for a Licensee (not user backup copies) requires payment of a US$10 Registration Fee, which includes electronic delivery of the Licensed Updater that overwrites the file-set previously installed by the InstallShield® demonstrator package(s) for the user's platform(s).

This is in addition to the Basic License Fee, which is paid only once per individual end-user (Licensee), but differs for different products, versions and quantities.

A licensed 16-bit user can obtain a 32-bit upgrade for the same product by only paying the US$10 Registration Fee, and downloading a 32-bit demonstrator for his platform (either the one for Win3x with Win32s, or the one for Win95/98 and WinNT4.0/SP3+).

NOTE: Upgrading from the Personal version of Document Security Manager to the Professional version also requires payment of the difference in Basic License Fees.

Volume discounts on the Basic License Fee are offered by means of cumulative step-pricing for each additional customized copy that is invoiced to the same customer, regardless of end-user/Licensee: (click on product name for description)

BASIC LICENSE FEES INVOICED TO THE SAME CUSTOMER (US$)

PAID-FOR END-USER NUMBER:	1	2-24	25-99	100-249	250-499	500+
Document Security Manager™ Professional version	69	62	56	50	45	40
Document Security Manager™ Personal version	39	35	32	29	27	25

If you're an individual purchaser, go down the column for 1 user to the row for the desired product to obtain the Basic License Fee and add the $10 Registration Fee.

Delivery by First Class U.S. Mail on physical media (1.44MB diskettes) requires payment of an additional Media Fee of US$10 per copy. (This does not include any user manual or other printed suppliment to the online documentation.)

Cerberus Systems, Inc. reserves the right to change the above pricing without notice, but it applies to any qualified purchaser, whether such purchaser is a corporation on behalf of its employees, a reseller or an individual. Buyer qualification, terms and conditions are at the sole discretion of Cerberus Systems, Inc. Inquiries are welcomed by e-mail to INFOSEC@CerberusSystems.com (subject: SALES), or by writing to:

TO ORDER
(Credit Card or Check)