Guest

Cisco Email Encryption

Cisco Business Class Email 1.0 User Guide - For Android Devices

Configuring and Using Cisco Business Class Email for Android

Configuring and Using Cisco Business Class Email for Android

 
-
Overview

Overview

The Cisco Business Class Email (BCE) mobile application provides you the ability to receive and send encrypted email messages directly from your Google Android smartphone devices. Depending on the configuration mode of the Cisco BCE mobile application, the following tasks can be performed:

Licensing Versions and Configuration Modes

The Cisco Business Class Email application is deployed in three separate licensing versions that determine the configuration mode for the application. The default configuration mode for the Cisco BCE application is Decrypt Only and can be downloaded from Google Play.

In order to enable the other versions and configuration modes, the smartphone device is configured by an updated attachment file received from the administrator.

The three licensing versions and configuration modes are:

 
-
Decrypt Only. Allows decrypting of secure email messages received.
 
-
Decrypt and Flag. Allows decrypting and flagging of secure emails messages. The flag option allows you to flag the email for encryption, and the email is encrypted by the Cisco IronPort Encryption appliance or Email Security appliance before the email is sent out of the network. The server must be configured to detect the flagged messages and encrypt them at the server.
 
-
Decrypt and Encrypt. Allows encrypting and decrypting of secure email messages.

Supported Operating Systems

The Cisco Encryption Compatibility Matrix lists the supported operating systems for Cisco BCE and can be accessed from the following URL:

http://www.cisco.com/en/US/docs/security/iea/Compatibility_Matrix/IEA_Compatibility_Matrix.pdf

Downloading and Installing the Cisco Business Class Email Application

To install the Cisco BCE application, go to Google Play from your Android device and search for the Cisco BCE application. Download the application and start the installation on the device. See Licensing Versions and Configuration Modes.

Opening Cisco Business Class Email for Android Application

After the Cisco BCE application is successfully installed on your Android device, you will see a new Cisco BCE application icon. To open the application, tap the Cisco BCE icon from the Android home screen. Starting the application adds the necessary menus to the device that allow you to send and receive encrypted emails.

Application Landing Screen

Tap the Cisco BCE icon to open the application landing screen. Depending on the configuration mode, some of the icons on this screen are dimmed, indicating unavailable. See Licensing Versions and Configuration Modes.

The following table describes the application landing screen options:

Option

Description

Inbox

Lists email accounts for which encrypted emails were opened on the device. Tap the individual email account or All Email Accounts to display a list of decrypted emails opened for the selected account.

The list of email accounts is not shown if encrypted messages have been opened for a single email address.

Sent Items

Lists email accounts from which encrypted emails were sent from the device. Tap the individual email account or All Email Accounts to display a list of emails encrypted and sent from the selected account.

The list of email accounts is not shown if encrypted messages have been sent from a single email address.

Secure Compose

Launches screen to compose a secure message. See Sending an Encrypted Email.

Settings

Launches the configuration screen for general settings for the application. See Configuring Settings for Cisco Business Class Email.

About

View the About information for the Cisco BCE application.

Launching the Cisco Business Class Email Configuration File

The Cisco BCE application must be open and running prior to opening the securedoc.html attachment from your email account.

To enable and configure the BCE application:

Step 2
Open the securedoc.html file attachment from your email on your Android device.This automatically configures the Cisco BCE application installed on your device.
 
-
Complete the New User Registration form and click Register. Then check your inbox for the account activation email.
 
-
From the account activation email, click the Click here to activate this account link. A message indicates that the account activation is confirmed and you can now view encrypted emails sent to the registered email address.
 
-
Return to the original email with the HTML attachment. Tap Open on the securedoc.html file attachment. Then tap Cisco BCE.

 

Configuring Settings for Cisco Business Class Email

General email security options can be configured from the Settings screen. To access these settings, tap Cisco BCE > Settings. Depending on your configuration mode, some of the options are not available for configuration. See Licensing Versions and Configuration Modes.

The following email security options are available from the Settings screen:

Option

Description

Cache Password

By default, this option is enabled to ensure that the encryption password is cached. If you clear the cache, you need to re-enter the password at the next login.

Cache Duration (mins)

Enter the cache duration in minutes.The default is 1440 minutes.

Clear Cache

Tap to immediately clear the cache. The cache is automatically cleared when the device is shut down or restarted.

Set Expiration

Check this option to specify how long the encrypted email message remains valid. See Set an Email Expiration Time.

Default Expiration (mins)

Enter the default expiration time in minutes. This option specifies how long the encrypted email message remains valid. After the number of expiry minutes is met, the message expires, and it cannot be opened by the recipient after this period.

Request Read Receipt

By default, this option is enabled to request a default read-receipt notification to the sender when the recipient opens the encrypted message. See Receive a Read-Receipt.

Allow Reply

By default, this option is enabled to specify that an encrypted message that is replied to is automatically encrypted. See Reply/Reply All/Forward an Email.

Allow Reply All

By default, this option is enabled to specify that an encrypted message is automatically encrypted when you reply to all of the recipients.

Allow Forward

By default, this option is enabled to specify that an encrypted message that is forwarded is automatically encrypted.

Message Sensitivity

By default, the message sensitivity is set to High. The other options from the drop-down list are Medium and Low. See Message Sensitivity.

Diagnostic Log Level

Set the type of logs being maintained by the application by defining the log level. See Setting Log Levels.

Diagnostic Email

Define the email address that will receive the diagnostic emails for troubleshooting.

Diagnostic Subject

Define the text that appears in the subject line for diagnostic emails.

Cache Envelope Size (MB)

The downloaded secure envelopes are cached on the device after they are opened for the first time. By default, this number is
6 MB.

Email Encryption Options Available by Configuration Mode

The Cisco BCE application is deployed in three separate licensing versions that determine the email encryption options available and the configuration mode for the application. For more information about deploying the different configuration modes, see Licensing Versions and Configuration Modes. The option of opening an encrypted email is available in all three configuration modes.

The following sections describe the email encryption options in each of the three configuration modes:

Note
There are numerous mail applications that can be used with the Android but currently Cisco BCE only integrates with the native mail application that is provided with the phone.

Options Available in Decrypt Only Mode

The default configuration mode for the Cisco BCE application is Decrypt Only and this version can be downloaded from Google Play. In Decrypt Only mode, you can receive and open encrypted messages, but you cannot send them.

Opening an Encrypted Email - New Message

The Cisco BCE application enables you to open an encrypted email message directly from your Android email client.

 
-
Cisco BCE detects that the message is encrypted and requests that you enter the Cisco BCE registered account credentials to decrypt the message.

To open a new encrypted message:

Step 3
Browse to the HTML attachment in the email. Tap Open on the securedoc.html file attachment. Then tap Cisco BCE.
 
-
Complete the New User Registration form and click Register. Then check your inbox for the account activation email.
 
-
From the account activation email, click the Click here to activate this account link. A message indicates that the account activation is confirmed and you can now view encrypted emails sent to the registered email address.
 
-
Return to the original email with the HTML attachment. Tap Open on the securedoc.html file attachment. Then tap Cisco BCE.
 
-
From the drop-down list, select the applicable email address and tap Submit. Enter the password from your Cisco BCE registered account and tap Open.
 
-
If the email address and password were entered earlier to open encrypted email, then this information is cached and the Login screen is not displayed.

The secure email is decrypted and the message is displayed.

 

Opening an Encrypted Email - Previously Opened Message

After a message has been opened, the email will be in the inbox of the Cisco BCE application, and can be opened again from the Cisco BCE inbox.

To reopen an encrypted message:

Step 1
Tap Cisco BCE > Inbox to open the inbox email accounts screen.
Step 2
Tap All Email Accounts or a specific email address. A list of the decrypted emails for the selected account displays.
 
-
If the email address and password are not cached, the Login screen displays. Select the email address and tap Submit. Enter the password from the Cisco BCE registered account, and tap Open.

The decrypted message is displayed.

 

Options Available in Decrypt and Flag Mode

The Decrypt and Flag mode allows decrypting and flagging of secure email messages. The flag option allows you to flag the email for encryption, and the email is encrypted by the Cisco IronPort Encryption appliance or Email Security appliance before the email is sent out of the network. The server must be configured to detect the flagged messages and encrypt them at the server.

In order to enable the Decrypt and Flag mode, the smartphone device is configured by an updated attachment file received from the administrator. These options are available after you receive and launch the updated attachment file from your smartphone email account.

Opening an Encrypted Email - New Message

The Cisco BCE application enables you to open an encrypted email message directly from your Android email client.

 
-
Cisco BCE detects that the message is encrypted and requests that you enter the Cisco BCE registered account credentials to decrypt the message.

To open a new encrypted message:

Step 3
Browse to the HTML attachment in the email. Tap Open on the securedoc.html file attachment. Then tap Cisco BCE.
 
-
Complete the New User Registration form and click Register. Then check your inbox for the account activation email.
 
-
From the account activation email, click the Click here to activate this account link. A message indicates that the account activation is confirmed and you can now view encrypted emails sent to the registered email address.
 
-
Return to the original email with the HTML attachment. Tap Open on the securedoc.html file attachment. Then tap Cisco BCE.
 
-
From the drop-down list, select the applicable email address and tap Submit. Enter the password from your Cisco BCE registered account and tap Open.
 
-
If the email address and password were entered earlier to open encrypted email, then this information is cached and the Login screen is not displayed.

The secure email is decrypted and the message is displayed.

 

Opening an Encrypted Email - Previously Opened Message

After a message has been opened, the email will be in the inbox of the Cisco BCE application, and can be opened again from the Cisco BCE inbox.

To reopen an encrypted message:

Step 1
Tap Cisco BCE > Inbox to open the inbox email accounts screen.
Step 2
Tap All Email Accounts or a specific email address. A list of the decrypted emails for the selected account displays.
 
-
If the email address and password are not cached, the Login screen displays. Select the email address and tap Submit. Enter the password from the Cisco BCE registered account, and tap Open.

The decrypted message is displayed.

 

Flagging an Email for Encryption

The Flag Encryption option allows you to flag the email for encryption, and the email is encrypted by the Cisco IronPort Encryption appliance (IEA) or Email Security appliance (ESA) before the email is sent out of the network.

To flag an email for encryption:

Step 1
Tap Cisco BCE > Secure Compose to open the Secure Compose screen.

Complete the appropriate fields:

 
-
Subject
Step 4
Optionally, when composing the secure message, the message settings for the outgoing message can be changed from the Envelope Settings screen. To access Envelope Settings, tap the Android Menu key. then tap Envelope Settings.
Step 5
When the message is complete, tap Send Secure. From the menu options, select option to complete the action. For example, select Android email.
Step 6
Tap Send. The message is encrypted, attached as an HTML file to the outgoing email, and sent.

 

Options Available in Decrypt and Encrypt Mode

The Decrypt and Encrypt mode allows encrypting and decrypting of secure email messages. In order to enable the Decrypt and Encrypt mode, the smartphone device is configured by an updated attachment file received from the administrator. These options are available after you receive and launch the updated attachment file from your smartphone email account.

Opening an Encrypted Email - New Message

The Cisco BCE application enables you to open an encrypted email message directly from your Android email client.

 
-
Cisco BCE detects that the message is encrypted and requests that you enter the Cisco BCE registered account credentials to decrypt the message.

To open a new encrypted message:

Step 3
Browse to the HTML attachment in the email. Tap Open on the securedoc.html file attachment. Then tap Cisco BCE.
 
-
Complete the New User Registration form and click Register. Then check your inbox for the account activation email.
 
-
From the account activation email, click the Click here to activate this account link. A message indicates that the account activation is confirmed and you can now view encrypted emails sent to the registered email address.
 
-
Return to the original email with the HTML attachment. Tap Open on the securedoc.html file attachment. Then tap Cisco BCE.
 
-
From the drop-down list, select the applicable email address and tap Submit. Enter the password from your Cisco BCE registered account and tap Open.
 
-
If the email address and password were entered earlier to open encrypted email, then this information is cached and the Login screen is not displayed.

The secure email is decrypted and the message is displayed.

 

Opening an Encrypted Email - Previously Opened Message

After a message has been opened, the email will be in the inbox of the Cisco BCE application, and can be opened again from the Cisco BCE inbox.

To reopen an encrypted message:

Step 1
Tap Cisco BCE > Inbox to open the inbox email accounts screen.
Step 2
Tap All Email Accounts or a specific email address. A list of the decrypted emails for the selected account displays.
 
-
If the email address and password are not cached, the Login screen displays. Select the email address and tap Submit. Enter the password from the Cisco BCE registered account, and tap Open.

The decrypted message is displayed.

 

Sending an Encrypted Email

When sending an encrypted message, the message will be encrypted for all recipients.

To send an encrypted email:

Step 1
Tap Cisco BCE > Secure Compose to open the Secure Compose screen.

Complete the appropriate fields:

 
-
Subject
Step 4
Optionally, when composing the secure message, the message settings for the outgoing message can be changed from the Envelope Settings screen. To access Envelope Settings, tap the Android Menu key. then tap Envelope Settings.
Step 5
When the message is complete, tap Send Secure. From the menu options, select option to complete the action. For example, select Android email.
Step 6
Tap Send. The message is encrypted, attached as an HTML file to the outgoing email, and sent.

 

Reply/Reply All/Forward an Email

An encrypted email that is replied or forwarded is automatically encrypted by default. The secure message will allow zero or more of the following:

Based on the permissions defined in the Settings screen for the encrypted email, applicable menu options are added to the smartphone device. For example, if the encrypted email has permissions to Forward only, then only the Forward menu option would be available. See Configuring Settings for Cisco Business Class Email.

Note
To respond with a secure reply/reply all/forward, the smartphone device has to be able to send an encrypted message. These options are not available in the Decrypt Only mode.

Replying to or forwarding an encrypted email:

Step 2
Tap the Android Menu key. Tap Secure Reply or Secure Reply All, or Secure Forward.

The original message is added to a new message compose screen. Add a response and delete or modify the content from the original message.

Step 3
When the message is complete, tap Send Secure. From the menu options, select option to complete the action. For example, select Android email.
Step 4
Tap Send. The message is encrypted, attached as an HTML file to the outgoing email, and sent.

 

Lock or Unlock an Encrypted Email

After sending an encrypted email, the email can be locked to prevent the recipient from opening the email. This option can be used if the email was sent to the wrong recipient or if there is updated information since the email was sent.

To lock an encrypted email:

Step 1
Tap Cisco BCE > Sent Items. The Cisco BCE Mailbox screen displays a list of email accounts from which encrypted emails were sent from the device. This screen is not displayed if encrypted emails have been sent from one email account.
Step 2
Tap All Email Accounts or a specific email address. A list of the decrypted emails sent from the selected account is displayed.
Step 4
Tap Lock. The login screen is displayed if the cache duration has expired.
Step 5
Optionally, enter a reason for locking the message. The lock reason is displayed to recipients when they view the envelope. You may be asked to enter your Cisco BCE registered account email address and password.
Step 6
Tap Lock. Successful locking of the email message is confirmed. Locked emails are displayed with an icon of an envelope with a lock.

 

To unlock an encrypted email:

Step 1
Tap Cisco BCE > Sent Items. The Cisco BCE Mailbox screen displays a list of email accounts from which encrypted emails were sent from the device. This screen is not displayed if encrypted emails have been sent from one email account.
Step 2
Tap All Email Accounts or a specific email address. A list of the decrypted emails sent from the selected account is displayed.
Step 4
Tap Unlock. Successful unlocking of the email message is confirmed.

 

Set an Email Expiration Time

An expiration time can be set for encrypted email. You can specify how long the encrypted email remains valid. After the expiration time is met, the message expires, and cannot be opened by the recipient. When setting an expiration time, the following options are available:

Default Setting

To set the default expiration interval:

Step 1
Tap Cisco BCE > Settings to open the Settings screen.
Step 2
Select Set Expiration and in Default Expiration (mins), specify the number of minutes after which the email will expire.
Step 3
Tap Apply to exit and save the changes.

 

Per Message Setting

To set expiration time for a specific email:

Step 1
Tap Cisco BCE > Secure Compose to open the Secure Compose screen.

Complete the appropriate fields:

 
-
Subject
Step 4
Tap the Android Menu key, then tap Envelope Settings.
Step 5
Tap Set Expiration > Set Expiry. The New Expiry Date screen displays.
Step 7
Tap Set Expiry to save the changes.
Step 8
Tap Apply to exit the Envelope Settings screen and return to the secure email.
Step 9
When the message is complete, tap Send Secure. From the menu options, select option to complete the action. For example, select Android email.
Step 10
Tap Send. The message is encrypted, attached as an HTML file to the outgoing email, and sent.

 

After Sending Message

To set expiration time after sending an email:

Step 1
Tap Cisco BCE > Sent Items. The Cisco BCE Mailbox screen displays a list of email accounts from which encrypted emails were sent from the device. This screen is not displayed if encrypted emails have been sent from one email account.
Step 2
Tap All Email Accounts or a specific email address. A list of the decrypted emails sent from the selected account is displayed.
Step 4
Tap Set Expiry. The New Expiry Date screen displays. If the message is already set to expire, the current expiry date is displayed.
Step 6
Tap Apply to save the changes. A message displays confirming the date and time that the message will expire.

 

Clear Expiration Date and Time

To clear the expiration date and time after sending an email:

Step 1
Tap Cisco BCE > Sent Items. The Cisco BCE Mailbox screen displays a list of email accounts from which encrypted emails were sent from the device. This screen is not displayed if encrypted emails have been sent from one email account.
Step 2
Tap All Email Accounts or a specific email address. A list of the decrypted emails sent from the selected account is displayed.
Step 4
Tap Set Expiry. The New Expiry Date screen displays and shows the current expiry date.
Step 5
Tap Clear Expiry.

 

Receive a Read-Receipt

A read-receipt can be requested directly on the smartphone when the sent email is opened by the recipient.

Default Setting

To request a read-receipt (default setting):

Step 1
Tap Cisco BCE > Settings to open the Settings screen.
Step 2
Tap Request Read Receipt. This is enabled by default.
Step 3
Tap Apply to exit and save the changes.

 

Per Message Setting

This option applies if the default setting is not enabled and you are requesting a read-receipt for an individual email.

To request a read-receipt for a specific email:

Step 1
Tap Cisco BCE > Secure Compose to open the Secure Compose screen.

Complete the appropriate fields:

 
-
Subject
Step 4
Tap the Android Menu key, then tap Envelope Settings.
Step 5
Tap Request Read Receipt to enable this option.
Step 6
Tap Apply.

 

Manage Sent Secure Messages

The Sent Items screen lists the encrypted emails sent from the smartphone.

To access, tap Cisco BCE > Sent Items. Select an email address and the email you want to modify or view from the list of sent encrypted emails. Tap the selected email to display the menu options.

From Cisco BCE Mailbox, the following can be performed on the sent encrypted emails:

 
-
Lock. After sending an encrypted email, the email can be locked to prevent the recipient from opening the email. After the email is locked, the Edit Lock Reason and Unlock options are available from this screen. See Lock or Unlock an Encrypted Email.
 
-
Set Expiry. An expiration time can be set for encrypted email. See Set an Email Expiration Time.
 
-
View Details. View details of the encrypted email sent from the device.

Sent Email Message Details

From the Cisco BCE Mailbox, details of the encrypted emails sent from the device can be viewed.
To access the Cisco BCE Mailbox, tap Cisco BCE > Sent Items. Select an email address and the email you want to view from the list of sent encrypted emails. Tap the selected email to display the menu options. Tap View Details.

The following information is displayed:

 
-
From. Email address of the sender.
 
-
Subject. Subject of the message.
 
-
Sent Date. Date and time message was sent.
 
-
To. Email addresses of the recipients.
 
-
Open Date. Date on which the secure message was opened by the respective recipient.
 
-
Expiration Date. Expiration date and time for the encrypted email.
 
-
Locked status. If the encrypted email has been locked a lock icon is displayed. Otherwise, an unlocked icon is displayed.
 
-
Locked Reason. Displays comments entered when locking the encrypted email.

Envelope Settings

When composing a secure email, the message settings for the email you are composing can be changed.

To change the envelope settings:

Step 1
Tap Cisco BCE > Secure Compose to open the Secure Compose screen.

Complete the appropriate fields:

 
-
Subject
Step 4
To access Envelope Settings, tap the Android Menu key, then tap Envelope Settings.
Step 6
Tap Apply to save the changes.

 

Message Sensitivity

The sender can specify the sensitivity for the encrypted email from the Cisco BCE > Settings screen or from the Envelope Settings screen.

The following message sensitivity options can be set:

 
-
High. A high sensitivity message requires a password for authentication every time an encrypted message is decrypted.
 
-
Medium. If the recipient password is cached, a medium sensitivity message does not require a password when an encrypted message is decrypted.
 
-
Low. A low sensitivity message is transmitted securely but does not require a password to decrypt an encrypted message.

A default sensitivity of high is set for all messages. The default can be overridden for a specific message by modifying the value in Envelope Settings. See Envelope Settings.

Note
The administrator can define the minimum message sensitivity in the configuration file using the sensitivity options of high, medium, or low. After this is defined, you cannot set the message sensitivity below the minimum defined message sensitivity.

Cache Management

Cache Passwords

The Cisco BCE registered account password is cached for a time period that is configurable from the Cisco BCE > Settings screen. Password caching is On by default and the default cache time is 1440 minutes (24 hours). Caching of the password can be turned off from the Settings screen. Tap Cache Password to turn on or off, then and tap Apply to save changes.

The password cache can be cleared from the Cisco BCE > Settings screen by tapping Clear Cache. The password cache is automatically cleared when the device is shut down or restarted.

Secure Envelope Caching

The downloaded secure envelopes are cached on the device after they are opened for the first time. This avoids re-downloading of a secure envelope when you open the same secure envelope for the second time.

The caching is based on a combination of time and size. The maximum size of cached envelopes is configurable by the administrator. By default, the cache envelope size is 6 MB. A task runs every 24 hours on the device and deletes any cached envelopes that are more than two weeks old.

Troubleshooting Using the Diagnostic Tool

The Cisco BCE application includes a diagnostic tool to help with troubleshooting problems. You can use the diagnostic tool if receiving errors or if there are issues with the Cisco BCE application.

The diagnostic tool attaches the data collected to an email. The diagnostic email contains data information that is generated on the device during your interaction with the encryption application.

Running the Diagnostic Tool

Note
In your email, it is important to include any errors you are receiving or an explanation of any issues with the Cisco BCE application. This information will help with troubleshooting and resolving issues.

To run the diagnostic tool and send a diagnostic email:

Step 1
Tap Cisco BCE > About to open the Cisco BCE About screen. If you are in Decrypt Only mode, you need to press and hold the About button in order to send diagnostic mail.
Step 2
Tap the Android Menu key and tap Diagnostic.
Step 3
Enter the message content and click OK to confirm.

The Email Compose screen displays with the diagnostic output attached. The diagnostic output includes the three files: device.txt, BCE.txt, and config.txt.

Step 6
Tap Send.

 

Setting Log Levels

You can set the type of logs being maintained in the application by defining the log level from the Advanced Settings screen. Tap Cisco BCE > Settings. From the Settings screen, tap Diagnostic Log Level to view or set log levels. Depending on your configuration mode, this option might not be available for configuration.

The following log levels can be set:

 
-
Error. Logs error messages generated by Cisco BCE. This is the default option.
 
-
Warning. Logs warning and error messages generated by the application.
 
-
Info. Logs errors, warnings, and information messages generated by the application. Logs content that can be used to observe the flow of the application. This option slows down the smartphone device.
 
-
Debug. Logs errors, warnings, information, and debug information generated by the application. This option slows down the smartphone device.

Upgrading the Cisco Business Class Email Application

Cisco BCE application upgrades are available from Google Play. If the application was originally installed using Google Play, you will automatically be notified when an updated version is available.

The previous configuration settings are retained after the upgrade.

Uninstalling the Cisco Business Class Email Application

To uninstall Cisco BCE on the Android:

Step 2
Tap the Android Menu key, then tap Settings.
Step 3
Tap Applications > Manage Applications.
Step 4
From the list, tap Cisco BCE > Uninstall, then tap OK.

The application is removed.

 

Customer Support

Please contact your system administrator to provide assistance with Cisco Business Class Email.