- Secure messaging
Secure messaging is a server based approach to protect sensitive data when sent beyond the corporate borders and provides compliance with industry regulations such as
HIPAA ,GLBA and SOX. Advantages over classical secure e-Mail are that confidential and authenticated exchanges can be started immediately by any internet user world-wide since there is no requirement to install any software nor to obtain or to distribute cryptographic keys beforehand. Secure messages provide non-repudiation as the recipients (similar toonline banking ) are personally identified and transactions are logged by the secure email platform.Functionality
Secure messaging works as an online service. Users enroll to a secure messaging platform. The user logs into his account by typing in his username and password (or strong authentication) similar to a web based email account. Out of a message center messages can be sent over a secure SSL-connection or via other equally protecting methods to any recipient. If the recipient is contacted for the first time a message unlock code (see below MUC) is needed to authenticate the recipient. Alternatively, Secure Messaging can be used out of any standard email program without installing software.
Sending secure messages
# The sender writes an eMail online and sends it over a secure SSL-connection to the secure messaging server.
# The recipient is notified through a normal eMail that a secure message is waiting for delivery on the secure server. The recipient is invited to download the message through a link.
# The sender provides the recipient with a message unlock code. The code is required in order to access the pending message. If the recipient has already been in contact with the sender through secure messaging server and has registered, this step is not required.
# The secure message and confidential documents such as contracts, business plans, resumes or loan documents can then be accessed with the message unlock code and downloaded.MUC (Message Unlock Code)
A MUC is a message password and protects a message sent to a new communication partner from being seen by erroneous recipients and is used to initiate trust. If a message is sent to a new recipient, the system generates a random MUC. The sender communicates the MUC to the recipient by using another communication channel than email, e.g. personally, by phone or SMS for security reasons (
Out-of-band ). With the MUC the recipient gets access to the secure message and confidential documents and can download them. If the recipient has already been in contact with the sender through secure messaging and is enrolled, a MUC is no longer required.Secure delivery
Secure Messaging possesses different types of delivery: secured web interface,
S/MIME or PGP encrypted communication or TLS secured connections to email domains or individual eMail clients. One single secure message can be sent to different recipients with different types of secure delivery the sender does not have to worry about.Trust management
Secure Messaging relies on the method of the dynamic personal
web of trust . This method synthesizes the authentication approach of web of trust, known from PGP, with the advantages of hierarchical structures, known from centralized PKI systems. Those combined with certificates provide high quality of electronic identities. This approach focuses on the user and allows for immediate and personal bootstrapping of trust, respectively revocation.Difference between e-Mail and Secure Messaging
Secure Messaging is a
paradigm change to the well known email technology and [http://tools.ietf.org/html/rfc822 protocol] . Messages are provided the recipients encrypted and authenticated only.Application
Secure Messaging is used in many business areas with company-wide and sensitive data exchanges. Financial institutions, insurance companies, public services, health organizations and service providers rely on the protection by Secure Messaging. Secure messaging can be easily integrated into the corporate email infrastructures (
Microsoft Exchange Server ,Mozilla Thunderbird ,Lotus Notes , Groupwise,Microsoft Entourage , Postfix,Sendmail , etc.).Technical Requirements
There is no software required for using Secure Messaging. Users only need a valid email address and a working internet connection with an up-to-date
web browser .
= Similar technologies =
*PGP
*S/MIME
*Identity-Based Encryption History
*1965:
Mainframe computer users are able to exchange messages.
*1982: Standard for (D)ARPA internet text messages (RFC822) is adopted: different email systems can communicate with each other.
*1983: Development of theInternet Protocol
*1991:Phil Zimmermann creates PGP in 1991, a first generation for secure mail communication.
*1999: Launch of browser based internet banking atUBS AG (Union Bank of Switzerland) with the advent of strong cryptography in industry standard browsers.
*2001:Google indexes more than 1 Billion internet pages: highly complex information can be found easily
*2002: Introduction of strongauthentication in internet banking (UBS Switzerland) to prevent identity fraud.
*2005: More than 1 Billion internet users: most people in industrial countries can be reached via the internetSee also
*
E-mail privacy
*Secure E-mail
*Information security
*Email authentication
*Email
*Secure communication
*Transport Layer Security
*Cryptography
*Electronic signature External links
* [http://www.privasphere.com PrivaSphere AG]
* [http://www.epic.org Electronic Privacy Information Center]
* [http://vsn.voltage.com Voltage Security Network]
* [http://www.safelive.com SafeLive SendItSecure Biometric Authenticated E-mail]
* [http://www.smime.org SMIME.org provides help and references to products and standards of email encryption.]
* [http://www.proofpoint.com/id/wik_secure_messaging/ Proofpoint Research References - Secure Messaging]
Wikimedia Foundation. 2010.
