SecureAnyBox / SafeBox Presentation

Public Channel / SecureAnyBox

Explore the Basics of Secure AnyBox and SafeBoxes

Share on Social Networks

Share Link

Use permanent link to share in social media

Share with a friend

Please login to send this presentation by email!

Embed in your website

Select page to start with


7. In our example, Martin Smith has no access rights, he see no Safe Boxes in the list.

11. Because Martin Smith is his friend and they are sharing betting costs, he has access to stored account details as well.

19. Aaaah, the Football Account is back and our friends, Joe and Martin, can check how successful they are in betting.



10. Joe Doe is a big Football fan and he is going to bet on some matches in Brasil. Thus he created an account at bestbetonline and kept all the information in his Safe Box.

14. Other people within the Joe's department are watching the Football World Cup too, thus Joe decided to move the account to the department's Safe Box to let them bet with him too.


46. Q&A

47. Thank You!

18. The SecureWinBox admin can restore deleted Safe Box or account and he restored it because Joe is his friend and he also likes Football and betting ...

12. When Martin enters his Access Code, the complete way to the Safe Box account is opened and he see the password. It's the password saved by Joe and he doesn't need to know Joe's Access Code.

13. Football betting is very serious, sometimes a question about life or death. Thus Joe is changing the password periodically, like we used to do in our IT environments. All changes are tracked and Joe can see all previous passwords.

15. But when he moved the account into the department's Safe Box, their colleague Kate Middleton got the access to it as well. She is the only clerk at this department, who is not happy with Football and online betting.

16. It's clear for her – Football World Cup betting has nothing with their primary job. She is going to delete the account...

17. When she deleted the betting account, Joe and Martin were close to death. They called admin of SecureWinBox for help. Luckily, he has access to all “working” shared Safe Boxes incl. this department's Safe Box.

35. When you need to authenticate to the WorkStation locally, you have to authenticate to the SecureWinBox server, be the workstations admin and fill the form.

9. Martin Smith has access to the Joe's Safe Box immediately. He see it now in the list together with the information about it's owner – Joe Doe.

43. Ticket QR code and the link below makes it really easy. You get the web client and you can ask for passwords repeatedly, with authorization by the ticket.

36. Then you get the password of the day for the specific workstation. We support all time zones for correct determination what is the day. If you plan a business trip, you can get any future password.

1. Václav Šamša CEO TDP.CZ

24. Once you have your private RSA key, you can get access (decrypt) to the AES key for the specific Safe Box. Of course, during the process described, nothing is traveling to your device or to the server. Everything is happening at the server, you just enter your Access Code and you get the stored password for example at the end.

31. Agent daily: NETBIOS name Current date Smart seed Username

37. Server: NETBIOS name Requested date Smart seed Username

3. Each user can create shared or non - shared Safe Box or Safe Box Group. This check box controls, if access rights from above level are filtered or not. With active filter, you have to assign or remove all users manually. With active inheritance, you can do it only once, on top level.

5. When we check the inherited access rights, we have two users – two SecureWinBox admins for example. It works same from a Group – users with access rights to the group will automatically get same access rights to it's safes.

23. When you want to access the secured data, you need your private RSA key first. It's encrypted and you need your access code - AES PB key to decrypt it. It's why the User's Access Codes are so important – the private key must be protected.

2. While SSO allows you to authenticate only once a day inside the organization, number of user names and passwords handled by all users is growing fast. There are so many B2B and B2C systems, government portals, banks and financial systems, network devices, any devices, alarm systems, email, social and messaging systems .... We are addressing the need to keep, manage, share, audit, transport and generate passwords within organizations. We support also certificates and generic files as well as simple notes.

29. When you enter your Secret Seed, SecureWinBox generates a hash called “agent configuration”. This is the initialization information for all agents. It includes the complete agent configuration because there is no communication nor connection in between the agent and the server . Here admins can download agent setup and the configuration.

32. Agent daily: NETBIOS name Current date Smart seed Username Expression evaluation

38. Server: NETBIOS name Requested date Smart seed Username Expression evaluation

8. But our user Joe Doe can assign Access Rights manually. He is the owner of the Safe Boxes and he got full Access Rights when he created the safe. Please not, that he can't remove his own Access Rights – attributes are grayed out. Martin Smith just got Read - only access rights and Joe is going to add their colleague Kate Middleton

33. Agent daily: NETBIOS name Current date Smart seed Username Expression evaluation Pattern transformation

39. Server: NETBIOS name Requested date Smart seed Username Expression evaluation Pattern transformation

20. Audit is the key point – you always need to know, who did what. Plus – when laying - off, just check what the employee saw and change it - not all 2000, but just 50 records ...

34. Agent daily: NETBIOS name Current date Smart seed Username Expression evaluation Pattern transformation Password set

40. Server: NETBIOS name Requested date Smart seed Username Expression evaluation Pattern transformation Password presentation

41. When each workstation has it's own unique password of the day, we can't use Administrator's name and password in a script any more. But we can use swbauth utility for all workstations connected to the network. With the SWB ticket, this utility is able to start the installation (or whatever you need) with Administrator rights. The ticket is also very useful for anybody who is not admin but we need to give him/her time limited access to workstations passwords.

21. Now the question is, how it works inside. Let's reveal some secrets. All accounts – passwords/certificates/files are secured in so called SafeBoxes . Each SafeBox is encrypted, each account separately, by AES 128 bit with a very strong key .

44. Ticket: 1 - Ticket 2 - Password 1 - Ticket 2 - Password

4. This is private safe, the one with filtered access rights from above. If you lose your access code (the principle will be shown later), you will lose access to the Safe Box content irreversibly. The advantage is, that nobody can access your sensitive data. If you need to share the content with other users, you can give them or remove access rights. This is shared safe, with automatic inheritance of access rights. Because we have no Safe Box Group above, only SecureWinBox admins will get Access Rights to this Safe Box automatically. If you need a secure store for all switches passwords within the organization, it's recommended to use shared Safe Box in order to have access if the user forget the Access Code.

30. Workstation securization 1) Smart seed key → Registry 2) SecureWinBox system service installation (NSIS) 3) First run → Process & Removing key 4) Password(s) set Then set the password (s)at midnight or during workstation boot - up 1) Any workstation can be protected any time. It's also possible to make the agent a part of the image. 2) The necessary steps are:

28. Before we start, it's critical to make your installation of SecureWinBox world wide unique . You have to enter an unique secret seed, the long and complicated one . You don't need to remember it but you have to protect the system configuration by password . As it's an encryption key, it has to be also long and secure one . You just need to remember it ...

22. Each user, who has access to the SafeBox, has own instance of the AES Key of the specific Safe Box . The instance is encrypted with RSA – public key of the user (green) is used . This allows to share – when you share your safe box with somebody, you just give him his own instance of the AES key and encrypt it with his public key .

25. The last step is to open the Safe Box . Each stored item is encrypted separately – you unlock only what you need . Thus even you have an access to a SafeBox with 1000 accounts you can see just one and when you leave the company, they have to change just one password not all 1000 . We audit each access and we can believe that the audit data are accurate .

27. SecureWinBox can sound strange and you probably rather expected SecureSafeBox as the product name . But, there is another strong feature, the first one implemented . This feature gave the name to the product, almost 14 years ago . SecureWinBox protects your image deployed Windows boxes against local user accounts based attacks . It's not uncommon to find the same password on many thousands of workstations for a very long time . Regardless such workstations are or aren't registered within a domain, connected to the organization network or not . Our agent is generating network wide unique password of the day for each workstation, laptop, notebook etc .


  • 453 Total Views
  • 401 Website Views
  • 52 Embeded Views


  • 0 Social Shares
  • 0 Dislikes

Share count

  • 0 Facebook
  • 0 Twitter
  • 0 LinkedIn
  • 0 Google+

Embeds 1

  • 8
    No presentation available.