The Virtru system consists of four components: Virtru client libraries that sit on the content creator’s device (typically a browser extension or plug-in), the Virtru Access Control Management (ACM) Server that provides key management and mediates policies, object stores that hold encrypted content, and receiving clients.
When a user enables Virtru protection, all encryption activities occur on Virtru-enabled clients using client-generated AES-256 bit symmetric encryption keys. Separate object encryption keys, called Access Control Keys, are generated to encrypt each individual email or file. When encrypted content is sent or uploaded, the creating Virtru client uploads Access Control Keys and policies to the Virtru ACM via a Transport Layer Security (TLS) connection.
The Virtru ACM Server is a SaaS service that mediates access to protected content. The ACM distributes encryption keys to authorized parties, enforces access control policies, and communicates with federated identity services to authenticate users. The ACM also surfaces management interfaces to end users and administrators.