© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted email that contains data specific to that recipient the data.

Slides:



Advertisements
Similar presentations
Public Key Infrastructure and Applications
Advertisements

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide
Digital Certificate Installation & User Guide For Class-2 Certificates.
Digital Certificate Installation & User Guide For Class-2 Certificates.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Behavior Report Setting Up Your Account. Logging in to the Software URL makingitbettercms.intercedeservices.com.
Cryptographic Technologies
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.
Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Cryptography 101 Frank Hecker
CSCI 6962: Server-side Design and Programming
Chapter 31 Network Security
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Electronic Mail Security
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
Public-key Cryptography Strengths and Weaknesses Matt Blumenthal.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
Session 11: Security with ASP.NET
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Masud Hasan Secue VS Hushmail Project 2.
Network Security. Cryptography Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy:
Copyright Protection Allowing for Fair Use Team 9 David Dobbs William Greenwell Jennifer Kahng Virginia Volk.
Encryption Cisco Ironport using Click here to begin Press the ‘F5’ Key to Begin.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Types of Electronic Infection
Chapter 21 Distributed System Security Copyright © 2008.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.
Security in Skype Prepared by Prithula Dhungel. Security in Skype2 The Skype Service P2P based VoIP software Founded by the founders of Kazaa Can be downloaded.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Public Key Encryption.
Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
CertifiedMail …when privacy matters ™. What CertifiedMail empowers you to achieve Secure …simplified. End-to-end secure messaging From any sender.
DIGITAL SIGNATURE.
Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .
PHP Secure Communications Web Technologies Computing Science Thompson Rivers University.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Copyright © 2006, Infinite Campus, Inc. All rights reserved. User Security Administration.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
1 6 Chapter 6 Implementing Security for Electronic Commerce.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.
Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.
2013Prof. Reuven Aviv, Mail Security1 Pretty Good Privacy (PGP) Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.
Unit 3 Section 6.4: Internet Security
e-Health Platform End 2 End encryption
Chapter 8 Building the Transaction Database
Using SSL – Secure Socket Layer
Electronic Payment Security Technologies
Presentation transcript:

© Copyright 2009 SSLPost 01

© Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data sent is automatically set to trigger tracking and reporting for the sender an encrypted and/or unencrypted message as well as any other attached digital content can be sent to the recipient within a single if the correct password is entered by the recipient the content is immediately displayed to the recipient

© Copyright 2009 SSLPost when the user signs up for an account, they are asked them to provide their name, address and depending upon the security level demanded by the client the user maybe asked to provide their mobile phone number. Once the user submits this information they are then sent an &/or a SMS text message with a reset code In order to authenticate the user, a link within the launches a secure https page on a web browser where the user can enter their reset code and which then allows the user to creates their own password which is known only to that user 03

© Copyright 2009 SSLPost 05 to send a secure the SSLPost software does the following:  looks up an existing recipient's assigned public key on the senders SSLPost server, (if the recipient is new the SSLPost software creates a new 1024 or 2048 bit RSA public key pair and sends a message to the recipient allowing the recipient to set up their own unique pass phrase).  generates a secure random 128 bit session key to encrypt the content of the SSLPost (using the Advanced Encryption Standard (AES) algorithm)  uses the recipients assigned public key to encrypt the 128 bit session key so that only the recipients assigned private key will decrypt it  creates a random “seal key” and stores this in a table of sent messages along with the senders description of the message  uses the seal key to encrypt the result of the RSA encryption to make sure access to the message can be tracked  creates a Secure Hash Algorithm (SHA1) hash value of the content of the message which is signed with the senders private key and included along with the message. This SHA 1 value will later identify if there has been any alteration of the content and provides the recipient with confirmation of the sender

© Copyright 2009 SSLPost 06 message data is encrypted with a 128 bit AES session key b message data and recipient details are combined a session key is encrypted with the recipient’s public RSA key c a hash value of the message is calculated and signed with the sender's private RSA key e the result is encrypted with a seal key used to track access to the data d a standard internet is created with an HTML form containing the recipients details, encrypted message data, encrypted session key, SHA 1 hash value of the message and the signature f

© Copyright 2009 SSLPost 07 the SSLPost is sent to the recipient with the:  signed SHA1 hash value  encrypted content  encrypted session key  neither the or any of its content is stored on the SSLPost servers

© Copyright 2009 SSLPost the signed Secure Hash Algorithm (SHA1) value is used to check the message has not changed and that the identity of the sender is correct the identity of the sender is displayed to the recipient and they are asked for their pass phrase the seal key is looked up in the database and the open attempt is logged the seal key is used to decrypt the outer layer of encryption used on the session key the pass phrase provided is compared against the value stored in the database. If the pass phrase does not match then the attempt is rejected and recipient is re-prompted for the correct pass phrase. The keys needed to decrypt the message are only stored on the server so an offline brute force attack is impossible and because every attempt to open is logged in the SSLPost audit trail an online brute force attack on the server can be easily detected if the pass phrase matches then the session key is further decrypted using the recipients private key the unencrypted session key is used to decrypt the original content (AES 128 bit) if all of the above are successful then the opening is logged and the decrypted content is presented to the recipient over a secure SSL link 09

© Copyright 2009 SSLPost recipient opens the html form with the decrypt button recipient is then seamlessly returned to the sender’s SSLPost server SSLPost server presents a new page to the recipient that asks the recipient for their password 08

© Copyright 2009 SSLPost 10 a the recipient receives the which contains the HTML form b they click the decode button and the information in the message is sent to the sender’s server for decoding d the server verifies the password, breaks the seal and decrypts the session key e the session key is used to decrypt the message data and the result is returned to the user’s web browser over an SSL link c The sender’s server checks the signature and sends back a secure page prompting the recipient to enter their password

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.