How it Works
PGP Universal works like this: Alice wants to send an email containing sensitive business information to Bob. Alice works for Company A, which runs PGP Universal, while Bob works for Company B, which does not run PGP Universal. Alice sends an email to Bob, which is routed through the PGP Universal server on Company A's network.
The server sees that Alice is sending an email to a user from Company B, a company that people from Company A have done business with in the past, and proceeds to locate Bob's public key to encrypt the email with on a public keyserver that the server knows about. The server then encrypts the outgoing email with Bob's public key, and Bob decrypts the message with his private key upon receipt.
Figure 3: PGP Universal in action
(Click image for more detail)
The product even allows users without PGP keys to send and receive mail. Continuing with the previous example, if Bob wants to receive encrypted mail from Alice, but does not have a PGP key or other encryption mechanism at his disposal, Alice can send him a message with Universal's WebMessenger. This informs Bob that a message is waiting for him on the WebMessenger server (securing the exchange with SSL) and allows him to register a username and password to receive the message and send future messages to Alice or anyone else.
As an added measure of security, Alice can create a passphrase or code to make sure that Bob is who he says he is when signing up for the WebMessenger service. This is given to Bob independent of email - over the phone, in person, written in invisible ink on a slip of paper inside of a briefcase that is handcuffed to an operative sent to Bob's workplace via submarine, etc.
PGP Universal relies mainly on the OpenPGP standard of encryption (outlined in RFC 2440 and 3156). But it also has built-in functionality for the other encryption standard recognized by the National Institute of Standards and Technology - Secure Multipurpose Internet Mail Extensions, or S/MIME.
S/MIME is similar to PGP in that it makes use of the public key / private key system of encryption. However, it is an incompatible standard - so someone using a PGP key cannot communicate with someone who has an S/MIME key. PGP Universal includes the capacity to automatically generate S/MIME keys and X.509 certificates for users, so that organizations using Universal are not automatically excluded from communicating with organizations that only use S/MIME as their encryption standard.