The focus of SINA is on two product categories: network encryption devices (SINA L3 Box, SINA L2 Box) and client devices (SINA Workstation, SINA Terminal, SINA Tablet). The former are network components that guarantee full encryption of all components connected to them, while the latter are workstation devices that can be used to process confidential data. The function of the components is explained below using three practical applications.

Scenario 1: connection of locations

The general purpose of the SINA Boxes is to enable a secure network of geographically separate locations via an insecure transmission network, such as the Internet. The SINA Boxes establish a cryptographically secured VPN tunnel together that is used for all data communication between the locations. In the case of the SINA L3 Box, this VPN tunnel is established on the basis of the IPsec standard on OSI layer 3. The SINA L2 Box has been designed for high-performance data throughput and uses Ethernet encryption at OSI layer 2.

Scenario 2: use of mobile workstations

The SINA Workstation, which is available as both a laptop and desktop PC, and the SINA Tablet´ can be used to implement secure workstations for mobile working or working from home. The client devices use any Internet connection (WLAN, LTE, etc.) to establish a cryptographically secured VPN tunnel based on the IPsec standard with a SINA L3 Box on the other side. This enables access to remote resources that require protection, such as internal company documents, via a transmission network that is not trustworthy. At the same time, all data stored on the SINA Workstation or SINA Tablet is saved exclusively in encrypted form on the local storage media. This prevents unauthorised parties from gaining knowledge of confidential information even if the client device is stolen.

An alternative to the SINA Workstation is the SINA Terminal, which can be operated in the same way as a SINA Workstation from the user perspective. However, from a technical perspective, the SINA Terminal is a Thin Client that is used only as an input and output interface for data processing on a remote terminal server in a protected area. For this reason, the SINA Terminal does not involve the use of locally saved data that need to be protected by encryption. Like the SINA Workstation, the SINA Terminal also encrypts its network communication via a VPN tunnel based on the IPsec standard with a SINA L3 Box on the other side.

Scenario 3: separation of workstation sessions

On a SINA Workstation, two or more different workstation sessions can be used in parallel. This enables, for example, confidential data to be processed in one session with restricted or deactivated Internet access, while full Internet access is permitted in another session. This is achieved by separating the operating systems used for the individual sessions (e.g. Windows or Linux) via virtualisation. The underlying platform is SINA Linux OS, a minimal, hardened Linux. From a user perspective, the virtualisation process is just as transparent as local data encryption and network encryption.

Configuration and administration

SINA Management is used for central configuration and administration of SINA infrastructures. This management software is used to define which communication relationships the individual SINA components can enter into. This is done on the basis of PKI (Public Key Infrastructure), in which personalised Smartcards are used as security anchors for the individual users or devices.

Other SINA components

In addition to the products introduced above, the SINA product family includes other products for special application scenarios.

For example, SINA One Way provides a data diode that ensures that any network communication can only pass through the diode in one direction. This may be useful if data retrieved from the Internet needs to be moved to a separate secure area for further processing.

SINA Workflow is still available as an electronic registry for end-to-end digital processing of classified information.