MissionStrategyAbout UsExperienceTechnologyInvestor Relations

ZSentry™ is a technology owned and developed by NMA Inc., a California corporation. This web site and services are a property of NMA, Inc.

Mission

Strategy

Our Strategy can be applied to any organization and anyone, irrespectively of payment or registration. With no cost or effort larger than a mouse click, even without registration, anyone can read a secure email Zmail (ZSentry Mail) and reply securily. With free registration for personal use, sending a Zmail is also free. Paid subscribers have access to broader use limits and value-added services.

We implement our Strategy by developing and deploying ZSentry as a middleware between existing infrastructure and a customer's existing applications and desktop systems, enhancing functionality and security while eliminating a need for any plugins or installation.

Examples of applications and desktop systems that can use ZSentry as a middleware include AOL, Apple (Apple Mail, Safari), Google (Google Apps and Gmail), Linux (Ubuntu and other distributions, in Mail clients and Web Browsers), Microsoft (IE, Hotmail, Live, Outlook, Word), Mozilla (Firefox and Thunderbird), and Yahoo Mail.

We want to reduce user frustration in having to use a different tool if one needs security and regulation compliance.

Our approach also helps reduce the focus on security, so that people can long at last focus on what they want to do, not how they have to do it.

NMA ZSentry is at the same time affordable, secure, and usable, by your organization as well as by your employees, customers, partners, and visitors.

NMA ZSentry enables an open platform for secure productivity solutions, that you can readily extend, and provides proven solutions with "instant-on" service modules such as Mail and Payments that work with the software adn services that you already have. There are no plugins or installation.

NMA ZSentry differential includes being easy to use, eliminating online data theft targets for our customers and their users, and in providing enhanced functionality with existing investments.

We are at your disposal to help you identify new ways to enable your organization to spend less and communicate better, while minimizing the risk of exposure. Please Contact Us.

About Us

We have a unique combination of top technical skills, experience, creativity and the ability to communicate on a personal level. This allows us to apply our talents in a fresh approach and simplify information to be more user-friendly. As a result, the NMA Team is leading in a new generation of usable and secure Internet technologies, exemplified by ZSentry and Zmail.

Ed Gerck, PhD, NMA CEO

As used online, "secure" is a property of machines and "usability" is a property of humans. This understanding and work division is critical to treat them in adequately different manners, so that online security (a property of machines) can become usable (a property of humans). Thus, we see that online security is evolving to satisfy human needs, and the way ZSentry has been developed is functional with respect to these needs rather than arbitrary.

Vernon M Neppe MD, PhD, FRSSAf

The conventional thinking is that usability and security are like a seesaw; if usability goes up, security must go down, and vice-versa. We see this apparent antinomy as a synergy: With more usability in a secure system, security increases. With less usability in a secure system, security decreases. A secure system that is not usable will be left aside by users.

ZSentry is represented in patent-pending technology and software used by services at this site, provided online and offline. Zmail™ (ZSentry Mail™) was the first ZSentry application developed by NMA.

Experience

Since 2004, Zmail has been trusted worldwide with millions of secure messages.

Read About Our Experience >>

About Our Technology

Why yet another secure email technology?

Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL), developed ca. 1996, are well-known cryptographic protocols that support secure communications on the Internet, usually by means of Public-Key Infrastructure (PKI, X.509 standard) server certificates. SSL/TLS is very successful in ecommerce today. Because of its simplicity, SSL/TLS is used by some secure email providers including Gmail™ and Postini™. However, SSL/TLS falls short of basic email security requirements. For example, because SSL/TLS messages are only encrypted in-between end-points, third parties can compromise message security and integrity at the security-gaps created at each SSL/TLS end-point (i.e., not only at Gmail or Postini but also at the recipient's ISP), and at the recipient's machine.

Password-based email encryption is cumbersome to use, has no first-contact capability, and is trivially open to exploits by spoofing and phishing attacks. In addition, because users are likely to choose a weak password (even though it may look strong) and not periodically expire them, password-encrypted email may be rather easy to crack by the same automatic dictionary attack tools already in use to crack password files effectively.

Regarding security technologies that have been developed specifically for the needs of email security, lack of a usable and secure solution for managing cryptographic keys has been a major failure point.

For example, with PKI and Pretty Good Privacy (PGP, as used by PGP™ and Hushmail™), a user's private-key is embedded in a password-protected file that can be attacked and cracked.

PKI/X.509 end-user certificates provided for example by VeriSign™ or Thawte™, which are required in order to use PKI for email security, have a number of well-known problems (including cost, lack of revocation status assurance, spoofing, and lack of first-contact capability).

PGP, even though it can be used without any cost, lacks a reliable facility for certificate revocation status, uses a web-of-trust certificate issuance method that does not scale beyond small groups, and lacks first-contact capability.

With Identity-Based Encryption (IBE, as used by Voltage™ and MessageGuard™), the private-keys of all users must be stored in the servers and may be available to third-parties without user authorization (this is called mandatory key-escrow).

Therefore, for the conventional email security solutions, when the key management solution is secure (PKI, PGP), it is not usable (complexity, counter-intuitive behavior when compared to postal mail, unreliable key certificate revocation, and other known issues). When it is usable (SSL/TLS, password-based, IBE, Voltage, MessageGuard), it is not secure (security-gaps, weak passwords, open to phishing and spoofing, mandatory key-escrow, no key revocation, and other known issues).

NMA developed ZSENTRY to allow any two parties, possibly with no previous contact, to establish a secure and private communication channel (e.g., a secure email message exchange using Zmail) without the usability and security shortcomings of conventional technologies such as passwords, PKI, PGP, IBE, and SSL/TLS.