Guest

Cisco Email Encryption

Cisco Business Class Email 1.0 User Guide for iPhone Devices

Configuring and Using Cisco Business Class Email for iOS

Configuring and Using Cisco Business Class Email for iOS

 
-
Overview

Overview

The Cisco Business Class Email (BCE) mobile application provides you the ability to receive and send encrypted email messages directly from your Apple iOS smartphone devices. Depending on the configuration mode of the Cisco BCE mobile application, the following tasks can be performed:

Licensing Versions and Configuration Modes

The Cisco Business Class Email application is deployed in three separate licensing versions that determine the configuration mode for the application. The default configuration mode for the Cisco BCE application is Decrypt Only and can be downloaded from the Apple App Store.

In order to enable the other versions and configuration modes, the smartphone device is configured by an updated attachment file received from the administrator.

The three licensing versions and configuration modes are:

 
-
Decrypt Only. Allows decrypting of secure email messages received.
 
-
Decrypt and Flag. Allows decrypting and flagging of secure emails messages. The flag option allows you to flag the email for encryption, and the email is encrypted by the Cisco IronPort Encryption appliance or Email Security appliance before the email is sent out of the network. The server must be configured to detect the flagged messages and encrypt them at the server.
 
-
Decrypt and Encrypt. Allows encrypting and decrypting of secure email messages.

Supported Operating Systems

The Cisco Encryption Compatibility Matrix lists the supported operating systems for Cisco BCE and can be accessed from the following URL:

http://www.cisco.com/en/US/docs/security/iea/Compatibility_Matrix/IEA_Compatibility_Matrix.pdf

Downloading and Installing the Cisco Business Class Email Application

To install the Cisco BCE application, go to the Apple App Store from your Apple iOS device and search for the Cisco BCE application. Download the application and start the installation on the device. See Licensing Versions and Configuration Modes.

Opening Cisco Business Class Email for iOS

After the Cisco BCE application is successfully installed on the iOS, you will see a new
Cisco BCE application icon. To open the application, tap the Cisco BCE icon from the iOS home screen. Starting the application adds the necessary menus to the device that allow you to send and receive encrypted emails.

Application Landing Screen

Tap the Cisco BCE icon to open the application landing screen. Depending on the configuration mode, some of the icons on this screen are dimmed, indicating unavailable. See Licensing Versions and Configuration Modes.

The following table describes the application landing screen options:

Option

Description

Inbox

Lists email accounts for which encrypted emails were opened on the device. Tap the individual email account or All Email Accounts to display a list of decrypted emails opened for the selected account.

The list of email accounts is not shown if encrypted messages have been opened for a single email address.

Sent Items

Lists email accounts from which encrypted emails were sent from the device. Tap the individual email account or All Email Accounts to display a list of emails encrypted and sent from the selected account.

The list of email accounts is not shown if encrypted messages have been sent from a single email address.

Secure Compose

Launches screen to compose a secure message. See Sending an Encrypted Email.

Settings

Launches the configuration screen for general settings for the application. See Configuring Settings for Cisco Business Class Email.

About

View the About information for the Cisco BCE application.

Launching the Cisco Business Class Email Configuration File

The Cisco BCE application must be open and running prior to opening the securedoc.html attachment from your email account.

To enable and configure the BCE application:

Step 2
Open the securedoc.html file attachment from your email on your iPhone device.This automatically configures the Cisco BCE application installed on your device.
 
-
Complete the New User Registration form and click Register. Then check your inbox for the account activation email.
 
-
From the account activation email, click the Click here to activate this account link. A message indicates that the account activation is confirmed and you can now view encrypted emails sent to the registered email address.
 
-
Return to the original email with the HTML attachment. Tap and hold the attachment. Depending on the screen display, you will tap either Open in Cisco BCE or tap Open In...> Open in Cisco BCE.

 

Configuring Settings for Cisco Business Class Email

General email security options can be configured from the Settings screen. To access these settings, tap Cisco BCE > Settings. Depending on your configuration mode, some of the options are not available for configuration. See Licensing Versions and Configuration Modes.

The following email security options are available from the Settings screen:

Option

Description

Name

Name submitted for Cisco BCE registered account.

Email

Email submitted for Cisco BCE registered account.

Cache Password

By default, this option is enabled to ensure that the encryption password is cached. If you clear the cache, you need to re-enter the password at the next login.

Cache Duration (mins)

Enter the cache duration in minutes.The default is 1440 minutes.

Clear Cache

Tap to immediately clear the cache. The cache is automatically cleared when the device is shut down or restarted.

Default Expiration (mins)

Enter the default expiration time in minutes. This option specifies how long the encrypted email message remains valid. After the number of expiry minutes is met, the message expires, and it cannot be opened by the recipient after this period. See Set an Email Expiration Time.

Request Read Receipt

By default, this option is enabled to request a default read-receipt notification to the sender when the recipient opens the encrypted message. See Receive a Read-Receipt.

Allow Reply

By default, this option is enabled to specify that an encrypted message that is replied to is automatically encrypted. See Reply/Reply All/Forward an Email.

Allow Reply All

By default, this option is enabled to specify that an encrypted message is automatically encrypted when you reply to all of the recipients.

Allow Forward

By default, this option is enabled to specify that an encrypted message that is forwarded is automatically encrypted.

Message Sensitivity

By default, the message sensitivity is set to High. The other options from the drop-down list are Medium and Low. See Message Sensitivity.

Diagnostic Log Level

Set the type of logs being maintained by the application by defining the log level. See Setting Log Levels.

Cache Envelope Size (MB)

The downloaded secure envelopes are cached on the device after they are opened for the first time. By default, this number is 6 MB.

Save Draft

By default, this option is disabled. Enabling Save Draft preserves data entered in secure compose until you send the message. The data is stored in the clear and may be recoverable if your device is lost or stolen.

Email Encryption Options Available by Configuration Mode

The Cisco BCE application is deployed in three separate licensing versions that determine the email encryption options available and the configuration mode for the application. For more information about deploying the different configuration modes, see Licensing Versions and Configuration Modes. The option of opening an encrypted email is available in all three configuration modes.

The following sections describe the email encryption options in each of the three configuration modes:

Note
There are numerous mail applications that can be used with the iPhone, such as the Google Gmail mail application but currently Cisco BCE only integrates with the native mail application that is provided with the phone.

Options Available in Decrypt Only Mode

The default configuration mode for the Cisco BCE application is Decrypt Only and this version can be downloaded from the Apple App Store. In Decrypt Only mode, you can receive and open encrypted messages, but you cannot send them.

Opening an Encrypted Email - New Message

The Cisco BCE application enables you to open an encrypted email message directly from your iOS email client.

 
-
Cisco BCE detects that the message is encrypted and requests that you enter the Cisco BCE registered account credentials to decrypt the message.

To open a new encrypted message:

Step 4
Depending on the screen display, tap either Open in Cisco BCE or tap Open In...> Open in Cisco BCE. The Login screen displays.
 
-
Complete the New User Registration form and click Register. Then check your inbox for the account activation email.
 
-
From the account activation email, click the Click here to activate this account link. A message indicates that the account activation is confirmed and you can now view encrypted emails sent to the registered email address.
 
-
Return to the original email with the HTML attachment. Tap and hold the attachment. Depending on the screen display, tap either Open in Cisco BCE or tap Open In...> Open in Cisco BCE.
 
-
If the email address and password were entered earlier to open encrypted email, then this information is cached and the Login screen is not displayed.
Step 5
Tap Login. The secure email is decrypted and the message is displayed.

 

Opening an Encrypted Email - Previously Opened Message

After a message has been opened, the email will be in the inbox of the Cisco BCE application, and can be opened again from the Cisco BCE inbox.

To reopen an encrypted message:

Step 1
Tap Cisco BCE > Inbox to open the inbox email accounts screen.
Step 2
Tap All Email Accounts or a specific email address. A list of the decrypted emails for the selected account displays.
 
-
If the email address and password are not cached, the Login screen displays. Select the email address, enter the password from the Cisco BCE registered account, and tap Login.

The decrypted message is displayed.

 

Options Available in Decrypt and Flag Mode

The Decrypt and Flag mode allows decrypting and flagging of secure email messages. The flag option allows you to flag the email for encryption, and the email is encrypted by the Cisco IronPort Encryption appliance or Email Security appliance before the email is sent out of the network. The server must be configured to detect the flagged messages and encrypt them at the server.

In order to enable the Decrypt and Flag mode, the smartphone device is configured by an updated attachment file received from the administrator. These options are available after you receive and launch the updated attachment file from your smartphone email account.

Opening an Encrypted Email - New Message

The Cisco BCE application enables you to open an encrypted email message directly from your iOS email client.

 
-
Cisco BCE detects that the message is encrypted and requests that you enter the Cisco BCE registered account credentials to decrypt the message.

To open a new encrypted message:

Step 4
Depending on the screen display, tap either Open in Cisco BCE or tap Open In...> Open in Cisco BCE. The Login screen displays.
 
-
Complete the New User Registration form and click Register. Then check your inbox for the account activation email.
 
-
From the account activation email, click the Click here to activate this account link. A message indicates that the account activation is confirmed and you can now view encrypted emails sent to the registered email address.
 
-
Return to the original email with the HTML attachment. Tap and hold the attachment. Depending on the screen display, tap either Open in Cisco BCE or tap Open In...> Open in Cisco BCE.
 
-
If the email address and password were entered earlier to open encrypted email, then this information is cached and the Login screen is not displayed.
Step 5
Tap Login. The secure email is decrypted and the message is displayed.

 

Opening an Encrypted Email - Previously Opened Message

After a message has been opened, the email will be in the inbox of the Cisco BCE application, and can be opened again from the Cisco BCE inbox.

To reopen an encrypted message:

Step 1
Tap Cisco BCE > Inbox to open the inbox email accounts screen.
Step 2
Tap All Email Accounts or a specific email address. A list of the decrypted emails for the selected account displays.
 
-
If the email address and password are not cached, the Login screen displays. Select the email address, enter the password from the Cisco BCE registered account, and tap Login.

The decrypted message is displayed.

 

Flagging an Email for Encryption

The Flag Encryption option allows you to flag the email for encryption, and the email is encrypted by the Cisco IronPort Encryption appliance (IEA) or Email Security appliance (ESA) before the email is sent out of the network.

To flag an email for encryption:

Step 1
Tap Cisco BCE > Secure Compose to open the Secure Compose screen.

Complete the appropriate fields:

 
-
Subject
Step 4
Optionally, when composing the secure message, the message settings for the outgoing message can be changed from the Envelope Settings screen. To access Envelope Settings, tap the Options icon located at top right of screen, then tap Envelope Settings.
Step 5
When the message is complete, tap the Options icon in the upper-right corner and tap Send Secure.

 

Options Available in Decrypt and Encrypt Mode

The Decrypt and Encrypt mode allows encrypting and decrypting of secure email messages. In order to enable the Decrypt and Encrypt mode, the smartphone device is configured by an updated attachment file received from the administrator. These options are available after you receive and launch the updated attachment file from your smartphone email account.

Opening an Encrypted Email - New Message

The Cisco BCE application enables you to open an encrypted email message directly from your iOS email client.

 
-
Cisco BCE detects that the message is encrypted and requests that you enter the Cisco BCE registered account credentials to decrypt the message.

To open a new encrypted message:

Step 4
Depending on the screen display, tap either Open in Cisco BCE or tap Open In...> Open in Cisco BCE. The Login screen displays.
 
-
Complete the New User Registration form and click Register. Then check your inbox for the account activation email.
 
-
From the account activation email, click the Click here to activate this account link. A message indicates that the account activation is confirmed and you can now view encrypted emails sent to the registered email address.
 
-
Return to the original email with the HTML attachment. Tap and hold the attachment. Depending on the screen display, tap either Open in Cisco BCE or tap Open In...> Open in Cisco BCE.
 
-
If the email address and password were entered earlier to open encrypted email, then this information is cached and the Login screen is not displayed.
Step 5
Tap Login. The secure email is decrypted and the message is displayed.

 

Opening an Encrypted Email - Previously Opened Message

After a message has been opened, the email will be in the inbox of the Cisco BCE application, and can be opened again from the Cisco BCE inbox.

To reopen an encrypted message:

Step 1
Tap Cisco BCE > Inbox to open the inbox email accounts screen.
Step 2
Tap All Email Accounts or a specific email address. A list of the decrypted emails for the selected account displays.
 
-
If the email address and password are not cached, the Login screen displays. Select the email address, enter the password from the Cisco BCE registered account, and tap Login.

The decrypted message is displayed.

 

Sending an Encrypted Email

When sending an encrypted message, the message will be encrypted for all recipients.

To send an encrypted email:

Step 1
Tap Cisco BCE > Secure Compose to open the Secure Compose screen.

Complete the appropriate fields:

 
-
Subject
Step 4
Optionally, when composing the secure message, the message settings for the outgoing message can be changed from the Envelope Settings screen. To access Envelope Settings, tap the Options icon located at top right of screen, then tap Envelope Settings.
Step 5
When the message is complete, tap the Options icon located at top right of screen, then tap Send Secure. The email is encrypted, attached as an HTML to the outgoing email, and sent.

 

Reply/Reply All/Forward an Email

An encrypted email that is replied or forwarded is automatically encrypted by default. The secure message will allow zero or more of the following:

Based on the permissions defined in the Settings screen for the encrypted email, applicable menu options are added to the smartphone device. For example, if the encrypted email has permissions to Forward only, then only the Forward menu option would be available. See Configuring Settings for Cisco Business Class Email.

Note
To respond with a secure reply/reply all/forward, the smartphone device has to be able to send an encrypted message. These options are not available in the Decrypt Only mode.

Replying to or forwarding an encrypted email:

Step 2
Tap the Options icon located at top right of screen. Tap Secure Reply or Secure Reply All, or Secure Forward.

The original message is added to a new message compose screen. Add a response and delete or modify the content from the original message.

Step 3
Tap Send.

 

Lock or Unlock an Encrypted Email

After sending an encrypted email, the email can be locked to prevent the recipient from opening the email. This option can be used if the email was sent to the wrong recipient or if there is updated information since the email was sent.

To lock an encrypted email:

Step 1
Tap Cisco BCE > Sent Items. The Cisco BCE Mailbox screen displays a list of email accounts from which encrypted emails were sent from the device. This screen is not displayed if encrypted emails have been sent from one email account.
Step 2
Tap All Email Accounts or a specific email address. A list of the decrypted emails sent from the selected account is displayed.
Step 4
Tap Lock. The login screen is displayed if the cache duration has expired.
Step 5
Optionally, enter a reason for locking the message. The lock reason is displayed to recipients when they view the envelope. You may be asked to enter your Cisco BCE registered account email address and password.
Step 6
Tap Lock. Successful locking of the email message is confirmed. Locked emails are displayed with an icon of an envelope with a lock.

 

To unlock an encrypted email:

Step 1
Tap Cisco BCE > Sent Items. The Cisco BCE Mailbox screen displays a list of email accounts from which encrypted emails were sent from the device. This screen is not displayed if encrypted emails have been sent from one email account.
Step 2
Tap All Email Accounts or a specific email address. A list of the decrypted emails sent from the selected account is displayed.
Step 4
Tap Unlock.

 

Set an Email Expiration Time

An expiration time can be set for encrypted email. You can specify how long the encrypted email remains valid. After the expiration time is met, the message expires, and cannot be opened by the recipient. When setting an expiration time, the following options are available:

Default Setting

To set the default expiration interval:

Step 1
Tap Cisco BCE > Settings to open the Settings screen.
Step 2
In Default expiration (mins), specify the number of minutes after which the email will expire.
Step 3
Tap Done to exit and save the changes.

 

Per Message Setting

To set expiration time for a specific email:

Step 1
Tap Cisco BCE > Secure Compose to open the Secure Compose screen.
Step 3
When you have completed writing the message, tap the Options icon located at top right of screen, then tap Envelope Settings.
Step 4
Tap Set Expiry. The New Expiry Date screen displays.
Step 6
Tap Set Expiry to save the changes.
Step 7
Tap Done to exit the Envelope Settings screen and return to the secure email.
Step 8
Tap Send in the upper-right corner to display the menue options, then tap Send Secure.

 

After Sending Message

To set expiration time after sending an email:

Step 1
Tap Cisco BCE > Sent Items. The Cisco BCE Mailbox screen displays a list of email accounts from which encrypted emails were sent from the device. This screen is not displayed if encrypted emails have been sent from one email account.
Step 2
Tap All Email Accounts or a specific email address. A list of the decrypted emails sent from the selected account is displayed.
Step 3
Select the encrypted email that you want to set the expiration time from the email list. Tap the selected email to display the menu options. If the message is already set to expire, the current expiry date is displayed.
Step 4
Tap Set Expiry. The New Expiry Date screen displays.
Step 6
Tap Set Expiry to save the changes. A message displays confirming the date and time that the message will expire.

 

Clear Expiration Date and Time

To clear the expiration date and time after sending an email:

Step 1
Tap Cisco BCE > Sent Items. The Cisco BCE Mailbox screen displays a list of email accounts from which encrypted emails were sent from the device. This screen is not displayed if encrypted emails have been sent from one email account.
Step 2
Tap All Email Accounts or a specific email address. A list of the decrypted emails sent from the selected account is displayed.
Step 4
Tap Set Expiry. The New Expiry Date screen displays and shows the current expiry date.
Step 5
Tap Clear Expiry.

 

Receive a Read-Receipt

A read-receipt can be requested directly on the smartphone when the sent email is opened by the recipient.

Default Setting

To request a read-receipt (default setting):

Step 1
Tap Cisco BCE > Settings to open the Settings screen.
Step 2
Tap Request Read Receipt. This is enabled by default.
Step 3
Tap Done to exit and save the changes.

 

Per Message Setting

This option applies if the default setting is not enabled and you are requesting a read-receipt for an individual email.

To request a read-receipt for a specific email:

Step 1
Tap Cisco BCE > Secure Compose to open the Secure Compose screen.
Step 3
When you have completed writing the message, tap the Options icon located at top right of screen, then tap Envelope Settings.
Step 4
Tap Request Read Receipt to enable this option.
Step 5
Tap Done.

 

Manage Sent Secure Messages

The Sent Items screen lists the encrypted emails sent from the smartphone.

To access, tap Cisco BCE > Sent Items. Select an email address and the email you want to modify or view from the list of sent encrypted emails. Tap the selected email to display the menu options.

From Cisco BCE Mailbox, the following can be performed on the sent encrypted emails:

 
-
Lock. After sending an encrypted email, the email can be locked to prevent the recipient from opening the email. After the email is locked, the Edit Lock Reason and Unlock options are available from this screen. See Lock or Unlock an Encrypted Email.
 
-
Set Expiry. An expiration time can be set for encrypted email. See Set an Email Expiration Time.
 
-
View Details. View details of the encrypted email sent from the device.

Sent Email Message Details

From the Cisco BCE Mailbox, details of the encrypted emails sent from the device can be viewed. To access the Cisco BCE Mailbox, tap Cisco BCE > Sent Items. Select an email address and the email you want to view from the list of sent encrypted emails. Tap the selected email to display the menu options. Tap View Details.

The following information is displayed:

 
-
Subject. Subject of the message.
 
-
To. Email address of the recipient.
 
-
Open Date. Date on which the secure message was opened by the respective recipient.
 
-
Locked Status. If the encrypted email has been locked a lock icon is displayed. Otherwise, an unlocked icon is displayed.
 
-
Locked Reason. Displays comments entered when locking the encrypted email.
 
-
Expiration Date. Expiration date for the encrypted email.

Envelope Settings

When composing a secure email, the message settings for the email you are composing can be changed.

To change the envelope settings:

Step 1
Tap Cisco BCE > Secure Compose to open the Secure Compose screen.

Complete the appropriate fields:

 
-
Subject
Step 4
To access Envelope Settings, tap the Options icon located at top right of screen, then tap Envelope Settings.
 
-
Expiration
Step 6
Tap Done to save the changes.

 

Message Sensitivity

The sender can specify the sensitivity for the encrypted email from the Cisco BCE > Settings screen. The following message sensitivity options can be set:

 
-
High. A high sensitivity message requires a password for authentication every time an encrypted message is decrypted.
 
-
Medium. If the recipient password is cached, a medium sensitivity message does not require a password when an encrypted message is decrypted.
 
-
Low. A low sensitivity message is transmitted securely but does not require a password to decrypt an encrypted message.

A default sensitivity of high is set for all messages. The default can be overridden for a specific message by modifying the value in Envelope Settings.

Note
The administrator can define the minimum message sensitivity in the configuration file using the sensitivity options of high, medium, or low. After this is defined, you cannot set the message sensitivity below the minimum defined message sensitivity.

Cache Management

Cache Passwords

The Cisco BCE registered account password is cached for a time period that is configurable from the Cisco BCE > Settings screen. Password caching is On by default and the default cache time is 1440 minutes (24 hours). Caching of the password can be turned off from the Settings screen. Tap Cache Password to turn on or off, then and tap Done to save changes.

The password cache can be cleared from the Cisco BCE > Settings screen by tapping Clear Cache. The password cache is automatically cleared when the device is shut down or restarted.

Secure Envelope Caching

The downloaded secure envelopes are cached on the device after they are opened for the first time. This avoids re-downloading of a secure envelope when you open the same secure envelope for the second time.

The caching is based on a combination of time and size. The maximum size of cached envelopes is configurable by the administrator. The default is 6 MB. A task runs every 24 hours on the device and deletes any cached envelopes that are more than two weeks old.

Troubleshooting Using the Diagnostic Tool

The Cisco BCE application includes a diagnostic tool to help with troubleshooting problems. You can use the diagnostic tool if receiving errors or if there are issues with the Cisco BCE application.

The diagnostic tool attaches the data collected to an email. The diagnostic email contains data information that is generated on the device during your interaction with the encryption application.

Running the Diagnostic Tool

Note
In your email, it is important to include any errors you are receiving or an explanation of any issues with the Cisco BCE application. This information will help with troubleshooting and resolving issues.

To run the diagnostic tool and send a diagnostic email:

Step 1
Tap Cisco BCE > About to open the Cisco BCE About screen.
Step 2
Tap the Options icon located at top right of screen, and tap Diagnostic.

The Email Compose screen displays with the diagnostic output attached. The diagnostic output includes the three files: device.txt, BCE.txt, and config.txt.

Step 3
Enter the To address and complete the message content. The Subject and To address may be prefilled but editable, depending on the configuration of these fields by the administrator.
Step 4
Tap Send.

 

Setting Log Levels

You can set the type of logs being maintained in the application by defining the log level from the Advanced Settings screen. Tap Cisco BCE > Settings. From the Settings screen, tap Diagnostic Log Level to view or set log levels. Depending on your configuration mode, this option might not be available for configuration.

The following log levels can be set:

 
-
Error. Logs error messages generated by Cisco BCE. This is the default option.
 
-
Warning. Logs warning and error messages generated by the application.
 
-
Info. Logs errors, warnings, and information messages generated by the application. Logs content that can be used to observe the flow of the application. This option slows down the smartphone device.
 
-
Debug. Logs errors, warnings, information, and debug information generated by the application. This option slows down the smartphone device.

Upgrading the Cisco Business Class Email Application

Cisco BCE application upgrades are available from the Apple App Store. If the application was originally installed using the Apple App Store, you will automatically be notified when an updated version is available.

The previous configuration settings are retained after the upgrade.

Uninstalling the Cisco Business Class Email Application

To uninstall Cisco BCE on the iOS:

Step 2
Tap and hold the Cisco BCE icon until a delete (X) icon appears above it.
Step 3
Tap the delete (X) icon. The application is removed.

Customer Support

Please contact your system administrator to provide assistance with Cisco Business Class Email.