Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted email that contains data specific to that recipient the data.

Published byHerbert Baldwin Modified over 8 years ago

Similar presentations

Presentation on theme: "© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted email that contains data specific to that recipient the data."— Presentation transcript:

1 © Copyright 2009 SSLPost 01

2 © Copyright 2009 SSLPost 02 a recipient is sent an encrypted email that contains data specific to that recipient the data sent is automatically set to trigger tracking and reporting for the sender an encrypted and/or unencrypted message as well as any other attached digital content can be sent to the recipient within a single email if the correct password is entered by the recipient the content is immediately displayed to the recipient

3 © Copyright 2009 SSLPost when the user signs up for an account, they are asked them to provide their name, email address and depending upon the security level demanded by the client the user maybe asked to provide their mobile phone number. Once the user submits this information they are then sent an email &/or a SMS text message with a reset code In order to authenticate the user, a link within the email launches a secure https page on a web browser where the user can enter their reset code and which then allows the user to creates their own password which is known only to that user 03

4 © Copyright 2009 SSLPost 05 to send a secure email the SSLPost software does the following:  looks up an existing recipient's assigned public key on the senders SSLPost server, (if the recipient is new the SSLPost software creates a new 1024 or 2048 bit RSA public key pair and sends a message to the recipient allowing the recipient to set up their own unique pass phrase).  generates a secure random 128 bit session key to encrypt the content of the SSLPost email (using the Advanced Encryption Standard (AES) algorithm)  uses the recipients assigned public key to encrypt the 128 bit session key so that only the recipients assigned private key will decrypt it  creates a random “seal key” and stores this in a table of sent messages along with the senders description of the message  uses the seal key to encrypt the result of the RSA encryption to make sure access to the message can be tracked  creates a Secure Hash Algorithm (SHA1) hash value of the content of the message which is signed with the senders private key and included along with the message. This SHA 1 value will later identify if there has been any alteration of the email content and provides the recipient with confirmation of the sender

5 © Copyright 2009 SSLPost 06 message data is encrypted with a 128 bit AES session key b message data and recipient details are combined a session key is encrypted with the recipient’s public RSA key c a hash value of the message is calculated and signed with the sender's private RSA key e the result is encrypted with a seal key used to track access to the data d a standard internet email is created with an HTML form containing the recipients details, encrypted message data, encrypted session key, SHA 1 hash value of the message and the signature f

6 © Copyright 2009 SSLPost 07 the SSLPost email is sent to the recipient with the:  signed SHA1 hash value  encrypted content  encrypted session key  neither the email or any of its content is stored on the SSLPost servers

7 © Copyright 2009 SSLPost the signed Secure Hash Algorithm (SHA1) value is used to check the message has not changed and that the identity of the sender is correct the identity of the sender is displayed to the recipient and they are asked for their pass phrase the seal key is looked up in the database and the open attempt is logged the seal key is used to decrypt the outer layer of encryption used on the session key the pass phrase provided is compared against the value stored in the database. If the pass phrase does not match then the attempt is rejected and recipient is re-prompted for the correct pass phrase. The keys needed to decrypt the message are only stored on the server so an offline brute force attack is impossible and because every attempt to open is logged in the SSLPost audit trail an online brute force attack on the server can be easily detected if the pass phrase matches then the session key is further decrypted using the recipients private key the unencrypted session key is used to decrypt the original content (AES 128 bit) if all of the above are successful then the email opening is logged and the decrypted content is presented to the recipient over a secure SSL link 09

8 © Copyright 2009 SSLPost recipient opens the html form with the decrypt button recipient is then seamlessly returned to the sender’s SSLPost server SSLPost server presents a new page to the recipient that asks the recipient for their password 08

9 © Copyright 2009 SSLPost 10 a the recipient receives the email which contains the HTML form b they click the decode button and the information in the message is sent to the sender’s server for decoding d the server verifies the password, breaks the seal and decrypts the session key e the session key is used to decrypt the message data and the result is returned to the user’s web browser over an SSL link c The sender’s server checks the signature and sends back a secure page prompting the recipient to enter their password

Download ppt "© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted email that contains data specific to that recipient the data."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Behavior Report Setting Up Your Account. Logging in to the Software URL makingitbettercms.intercedeservices.com.

Behavior Report Setting Up Your Account. Logging in to the Software URL makingitbettercms.intercedeservices.com.
Cryptographic Technologies

Cryptographic Technologies
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.

Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
SMUCSE 5349/49 Email Security. SMUCSE 5349/7349 Threats Threats to the security of e-mail itself –Loss of confidentiality E-mails are sent in clear over.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Cryptography 101 Frank Hecker

Cryptography 101 Frank Hecker
CSCI 6962: Server-side Design and Programming

CSCI 6962: Server-side Design and Programming
Chapter 31 Network Security

Chapter 31 Network Security

Similar presentations

Ads by Google