Administration Services

ESP can be easily managed manually using it's built in web administration console. Common management tasks such as creating and deleting policies can also be performed using ESP's WEB (REST) API.

WEB Administration Application

All ESP's administrative tasks are performed using ESP's web based administration console.

The following tasks can be easily performed:-

• Create and Edit Policies
• Create and Edit Data Collectors
• Access Log files
• Job Management
• View System Status

WEB API

For customers that require a fully automated solution, ESP's WEB API exposes nearly all of the administration functions as comprehensive suite of methods via an HTTP (REST) API. For example all of the above tasks can be easily accessed from any application (e.g. CURL) or programming language that support the HTTP protocol.

XML Services

XML File Processing

ESP can be configured to apply PGP cryptographic processes to XML files and documents. For example if a file or document contains a specific element or attribute, ESP can automatically encrypt or decrypt the element or tag using pre-defined recipient keys.

XPATH Expressions

ESP uses simple XPATH query expressions to identify XML data for processing. XPATH matches can then be mapped to individual ESP processing policy policies. The following XML processing policy snippet illustrates how an XML element is mapped to an ESP cryptographic processing policy called "pgpencrypt-001". When the policy is applied to an XML document containing credit card information, the credit card and CVV numbers will be encrypted to the recipient keys defined within the "pgpencrypt-001" policy.

Encryption policies can easily be configured to use MAK's (Managed Asymmetric Key) and MEK's (Managed Encryption Key) stored on PGP Universal Servers.

             <xpathItem>
                <xpath>/customer/cc/number</xpath>
                <Policy id="pgpencrypt-001"/>
             </xpathItem>
             <xpathItem>
                <xpath>/customer/cc/cvv</xpath>
                <Policy id="pgpencrypt-001"/>
             </xpathItem>

Key Services

Provides Content Enrichment services

ESP policies can be configured to use keys that are stored in multiple locations. ESP currently supports its own local key repository, PGP keys servers and PGP Universal Services Protocol (USP).

Local Key Repository

When ESP is used in isolation, this is the most commonly used key repository. All keys are stored (encrypted) within ESP's database. Locally stored keys can be easily managed using ESP's Web based administration console, or programmatically using via HTTP/S using the keys API.

PGP Key Servers

Encryption policies can be configured to automatically retrieve keys from external locations using the more traditional LDAP protocol. This is especially useful if external trading partners have already implemented and are publishing their own key servers.

PGP Universal Services Protocol (USP)

For customers that have implemented PGP Universal 3.0 for full key life-cycle management, ESP can also use MAK's (Managed Asymmetric Key's) and MEK's (Managed Encryption Key's) stored on any PGP Universal Server. Using this configuration the responsibility for the management and secure storage of keys can be delegated to PGP's Keys Management Service (KMS)

Cryptographic Services

Like most of ESP's other services, the cryptographic services are implemented as several discreet components that can be configured to provide data transformation services for data passing through the pipe-line. In this case the transformation functions typically concern converting data from clear-text to cipher-text (encryption) and cipher-text to clear-text (decryption).

ESP currently supports the following commercial OpenPGP (RFC2440) providers:-

PGP SDK

For customers with fairly simplistic cryptographic requirements, ESP directly interfaces with PGP's cryptographic libraries. Therefore, providing the following benefits:-

• Provides basic PGP Cryptographic functions
• Quick and easy to deploy
• Web based policy builder
• Requires minimal knowledge of cryptography
• Minimal configuration

PGP Command Line

For customers with more complex cryptographic requirements, ESP directly interfaces with PGP's command line application. Therefore, providing the following benefits:-

Access to all PGP Command line functions - providing:-
• RFC822/2822 mail encryption/decryption
• Centralised Key Management (KMS)

Access to PGP Universal Services Protocol (USP) - providing:-
• MAK's (Managed Asymmetric Key's)
• MEK's (Managed Encryption Key's)
• MSD (Managed Secure Data)

Logging Services

ESP provides two independent logging mechanisms for auditing and analysing system pipeline events.

Job Progress Logging

Every component within the ESP pipeline implements its own progress logger. Whilst the components process data, they send high level status event messages to a dedicated progress queue. The progress queue automatically correlates these messages and stores them with the original job. Progress logs can be retrieved and viewed using the web administration console or REST API.

System Logging

ESP provides its own customisable logging engine which creates industry standard system log files. If required the logging engine can be configured to send log data to existing syslog servers or other logging systems.

Read more

Data Collector Services

ESP uses the term 'Data Collectors' to describe the components that are responsible for retrieving/collecting data and submitting it to the processing pipeline. ESP provides several Data Collector components out of the box. If required, this can also be extended to include additional protocols and API's.

• Cloud Storage Connector
• WebDav Connector
• Directory Pollers
• FTP/SFTP
• IMAP/POP3
• Messaging Connectors
• HTTP (REST) API

Delivery Component Services

ESP uses the term 'Delivery Services' to describe the components that are responsible for delivering or sending data that has been processed by ESP's pipeline to local or remote destinations. ESP provides several Data delivery components out of the box. If required, this can also be extended to include additional protocols and API's.

• Cloud Storage Connector
• WebDav Connector
• Local File Delivery
• FTP/SFTP Delivery
• SMTP Delivery
• Messaging Connectors

Data Pipeline

Information/Data Processing

ESP's unique information processing pipeline consists of the following processes:-

• Collection
• Enrichment
• Transformation
• Splitting
• Delivery
• Logging

REST API

ESP's data processing pipeline implements its own HTTP (REST) API. This API can be used as an alternative for introducing data into the processing pipeline. Therefore, any application or operating system that supports the HTTP protocol can be used to directly submit and retrieve data from ESP. For use cases that require the processed information to be delivered using email, the API provides its own RFC822/2822 encoder.

CURL Examples

CURL Examples

CURL Examples

CURL Examples

Policy Engine

Overview

Central to ESP's functionality is an XML based policy or rules engine. The policy engine is used to automatically map input data derived from ESP's data collectors (data collector examples) to one or more predefined data processors (data processors examples).

Once processed the data is then routed to ESP's data delivery manager. The delivery manager uses a predefined list of one or more endpoints(endpoint examples) to determine where to route the processed data.

Policies can be managed using the Web based administration console or the HTTP (REST) API.

Read more

Information/Data

Data/Information Processing

ESP implements a unique information processing pipeline that consists of the following processes:- • Collection
• Enrichment
• Transformation
• Splitting
• Delivery
• Logging