Tumbleweed Communications Corp. says later this month it will ship technology that makes it easier for corporations to send secure and encrypted e-mail from their existing messaging systems and messaging-enabled applications.

With Secure Guardian 5.5, a gateway product that installs on a corporate network, the company is introducing the ability to send an encrypted e-mail across the Internet without requiring software to be installed on the recipient's desktop.

The feature, called Secure Envelope, is desired by organizations, such as those in financial services and healthcare, that would like to use e-mail for customer service but face federal confidentiality regulations in using electronic communications.

Secure Envelope is a one-way channel unless both parties have Secure Guardian. A recipient without the software would have to use an alternative means to securely respond, such as through a Web-based portal.

"We see a lot of companies asking about CRM and customer service," says Jonathan Penn, an analyst with Giga Information Group Inc. "Some industries want to communicate with customers using e-mail but they have been hampered by regulations."

Penn says the Tumbleweed software fits well with companies that are concerned about the privacy of the e-mail they send and that don't need the nonrepudiation and other high-level features of a secure messaging infrastructure based on public-key infrastructure (PKI).

Security has become a top priority in corporations, but secure e-mail has not taken off mainly because the complexities and costs of setting up a PKI to support Secure Multi-purpose Internet Mail Extensions (S/MIME). Organizations that want cost-effective secure e-mail, however, have turned to products that don't require PKI, such as those from Tumbleweed, PostX, Sagaba and Authentica.

Tumbleweed is stepping up Secure Guardian to fend off the competition.

Secure Envelope uses 128-bit encryption. It creates an encrypted HTML attachment to an e-mail message, and when recipients open the message, they click on the attachment and are asked to enter a prearranged password. The password opens the attachment into a Web browser.

Tumbleweed also is introducing its Dynamic Digital Certificate Lookup, which caters to users of S/MIME. The software eliminates the need for a sender of a message to manually locate a recipient's public key. The key, which is contained within a digital certificate, is used to encrypt a message, which recipients decrypt using their private key.

The software can perform a dynamic query into any directory based on Lightweight Directory Access Protocol to find available public keys. The Tumbleweed gateway also can check to see if the key has been revoked.

Secure Guardian 5.5's response feature, Secure Response, converts Web-based e-mail into messages based on Simple Mail Transfer Protocol (SMTP).

"The message here is that all your internal systems can talk SMTP so that is the way to deliver messages," says Ken Beer, product line manager for Tumbleweed. "Doing it this way means you don't have to create programmatic interfaces."

Tumbleweed's Secure Guardian 5.5 runs on Windows 2000 and Sun Solaris. It supports Oracle and Microsoft SQL Server databases. The software is priced per CPU with the average large corporation installation starting at US$300,000.

Tumbleweed: www.tumbleweed.com