Professional Documents
Culture Documents
Contents
Introduction ................................................................................2
Conclusion ................................................................................ 11
Introduction
There is no doubt that e-mail has become a priceless and universal tool for
businesses and individuals. You can instantly send a message to any number of
people at virtually no cost. You have a permanent record of electronic
correspondence. These benefits have quickly made e-mail an effective tool for
people to communicate.
The solution is secure e-mail. A secure e-mail system provides two important
things: 1) The messages you send through e-mail are encrypted, and 2) the
identities of users who send and receive messages are authenticated, or
verified. Secure e-mail also ensures that the contents of your messages are
genuine and have not been modified in transit. Since the users are
authenticated, someone cannot forge an e-mail message by pretending to be
someone he or she is not. Finally, secure e-mail makes sure that only the
people you send a message to can open that message.
Many people believe that secure e-mail is complex and expensive. While the
amount of information available regarding secure e-mail can be daunting, it
can be quite simple and very cost-effective to implement. This whitepaper will
describe the various ways to protect e-mail messages and how to simplify and
improve the process.
security breaches since 20051. These security breaches are embarrassing to the
organizations involved and cause an unnecessary financial liability.
This is because ordinary e-mails are sent “clear-text,” meaning that the
contents are transmitted over the Internet without being hidden or scrambled,
or encrypted, in any way. Think of being in a room with several conversations
happening at the same time. It is easy for someone to listen in on a
conversation if everyone is talking in plain English.
This also leads to the fact that anyone gaining access to your computer or e-
mail inbox can read your messages. Again, the inability of users to prove who
they are makes ordinary e-mail unsecure and less useful, potentially putting
sensitive information at risk.
1
http://www.privacyrights.org/ar/ChronDataBreaches.htm, Accessed March 6, 2008
Although these systems can be set up and deployed with relative ease, they
still lack high security. Users are not authenticated individually, thus
unauthorized users could gain access to the confidential information in your
inbox and sent messages folders. Also, the messages do not remain encrypted
all the way from the sender’s desktop to the receiver’s, leaving them
vulnerable to interception or network eavesdropping.
2
http://www.microsoft.com/presspass/press/2007/oct07/10-25SecureCollaborationPR.mspx,
Accessed March 6, 2008
There are three basic classes, or factors, of user authentication: something you
have, something you know, and something you are. The secure e-mail systems
mentioned above use only the two lowest factors of security: something you
have (usually a digital certificate) and something you know (such as a
The third and most secure factor for authentication (something you are) is
biometrics. The word “biometrics” literally means “the measurement of life.”
When applied to identifying or authenticating a person, biometrics means
measuring some physical or biological attribute that is unique to each human
being.
The core of the SendItSecure system is the central authentication server. This
secure web server is responsible for positively identifying each user by his or
her fingerprint before any e-mail
transaction can take place. It also
manages the encryption keys for each
message.
When a receiving user opens the message, he or she must also provide a live
fingerprint scan. This scan is verified using the central authentication server in
the same fashion as previously described. If the receiver is successfully
authenticated and authorized, the message can be decrypted on his or her
computer (Figure 1, steps 5-6). As soon as the receiver closes the message, the
unencrypted contents are completely erased, making it impossible for someone
to read the e-mail at a later date without re-authenticating.
Using SendItSecure takes little effort on part of the user and the benefits of
truly securing your confidential
information far outweigh the small
amount of time needed to scan a
fingerprint. Installing the software
takes only a few moments and
enrolling the fingerprints is a simple
task that can be performed by the
users, usually without the help of IT Figure 2 - User Being Prompted for Fingerprint Scan
staff.
“How can I securely communicate with those who do not have fingerprint
readers or are not in the SendItSecure system?” This is easily done using
Secure Message Pickup. When a SendItSecure user sends a secure message to
someone who is not in the system, the message is stored on the secure server
in its encrypted state and using industry-standard SSL connections. The non-
SendItSecure recipient is then notified via a standard e-mail that there is a
secure message waiting for him or her, along with a link to it. When the user
clicks the link, he or she is brought to the secure message pickup site where
the user can view the message, download any attachments, and reply.
To authenticate these “message pickup” users, the sender can choose a secret
question that the recipient must answer correctly to gain access. These
questions are determined by each organization’s administrator and the
expected answers should be something that only the sender and recipient will
know. For a healthcare clinic, one question could be something like “What are
the last six digits of your health insurance policy number?” Other institutions
may have a completely different set of questions.
Once a message pickup user authenticates for the first time, he or she creates
a password that is used for receiving future secure messages. This password
can be changed at any time and is now only known by that user.
Traditional e-mail systems do not handle large files easily. Many e-mail
providers limit the size of file attachments to 20 MB, 10 MB, or even down to 1
or 2 MB. SendItSecure provides an alternate method to deliver large files by
transmitting the encrypted large file data through the SendItSecure server,
instead of through standard e-mail. To the users, it looks and acts just like a
regular e-mail attachment except that they can attach files of any size, even
into the gigabytes.
Conclusion