sayTRUST VPSC - ZeroTrust Client Access

sayTRUST VPSC (Virtual Protected Secure Communication) is a groundbreaking new technology for encrypted, internal and external access to corporate networks. sayTRUST VPSC enables highly secure communication and data exchange without backdoors and without any possibility of manipulation by unauthorized persons.

It ensures a highly secure working environment - in the home office or mobile. sayTRUST VPSC offers the highest level of communications security by detecting and eliminating vulnerabilities between the user and the network being protected.

Users can use the 8-stage “Defense in Depth” Technology both within your own network and from external locations,in the home office or mobile hotspots work safely.

Why sayTRUST VPSC

Users who work from home or on mobile devices need to access company data. This requires remote access to the company network. Companies and public authorities usually rely on commercially available VPN solutions for this purpose.

The biggest security gap is the access data, which is stored on the end devices with this technology, and the end devices become part of the network. In addition, data can be read out during the connection. Added to this is the administrative effort.

Administrators and users also complain about a number of problems: software that is difficult or impossible to integrate on clients, cumbersome hardware that is additionally required for some applications, or connections that are too slow are just a few of them. The sayTRUST VPSC technology offers an access solution without such disadvantages.

sayTRUST Access Mobile Device

The solution basically consists of a server and a client component, e.g. in the form of a USB access stick. The server can function as an appliance or as software. You can choose between USB sticks with two-factor authentication (2FA) or three-factor authentication (3FA).

VPSC instead of VPN – we thought ahead:

Lower costs
Easy handling
Communication within the application layer instead of network-networkcoupling
Eight levels of access security
Safety begins before the tunnel
No software and access data on the client PC
Personal identification of the user
Own forgery-proof and protected certificates
Reduction of administration effort by up to 80%

The difference between sayTRUST VPSC

and traditional VPN technologies

The sayTRUST Access USB client (1) is highly secure and highly flexible:

Immediately after plugging it into any PC, you will be asked for authentication (2).
After authentication has been completed, the sayTRUST menu (3) is started.
From the sayTRUST menu, the connection is established for each application directly from the encrypted RAM, so that no traces remain on the PC

Security must be simple. The user interface for sayTRUST VPSC was designed according to this principle. SAYTEC AG developed sayTRUST VPSC based on customer-specific requirements. The result is an effective tool that combines high security with ease of use.

The password manager for single sign-on ensures maximum security. Logins to various applications and/or platforms are carried out using the respective passwords via the user's encrypted database.

When any application is called up, the single sign-on module takes care of secure authentication in the background. The individual applications naturally remain protected with different passwords.

In companies, this implements the separation into sales, production and administration networks. In hospitals, for example, patient files are only made accessible to authorised persons from the medical and administrative departments.

In addition to generally accepted standards (SSL, TLS, X.509 certificate with 2048 bits, Diffie-Hellman Perfect Forward Secrecy depending on the personal user certificate), further unique selling points have been implemented in terms of security features. These include connection at the application level instead of in the tunnel (instead of the usual Layer 2 or Layer 3 VPN). This means that malware is detected and blocked at the entrance to the tunnel.

With our own CA (Certificate Authority), certificates are created ‘on demand’ and are not obtained from an external source.

All communication is established from the encrypted working memory (RAM) of the client computer. This means that no data residues remain on the computer or on the connection path that could later be evaluated. This protection also makes the ‘man-in-the-middle attack’ popular with hackers impossible.

No separate virtual network card or separate IP address from the network to be protected is required for encrypted communication. The network and associated information are invisible from the outside. The connection is also invisible on the client PC. The device has no network information from the remote network to be protected and is unaware of it.

A particularly convenient feature for users is that they always have their personal work environment with them. They can work with a high level of security from any PC.

The administrator centrally configures the permissions and thus the user's work environment and access to specific applications and directories. Once logged in, automatic access to all authorised applications is guaranteed without the hassle of repeatedly entering passwords.