Presentation is loading. Please wait.

Presentation is loading. Please wait.

Permission Keys in five easy steps Adrian McElligott

Published byEdwina Norman Modified over 9 years ago

Similar presentations

Presentation on theme: "Permission Keys in five easy steps Adrian McElligott"— Presentation transcript:

1 Email Permission Keys in five easy steps Adrian McElligott adrian+epk@geobytes.com

2 Resources The Key Custodian API Reference Email Permission Keys Paper Email Permission Keys FAQ Sample Outlook plug in source code Sample SMTP MTA source code

3 Email Permission Keys System Components Client Side Outbound Message Key Insertion Function Spam Folder Monitoring Module Server Side Key Issuing Facility –AJAX Web Service –UI for manual issuing –Key Custodian API GetKey IsValidKey InvalidateKey Access authentication Key Generation Key Storage & Retrieval Reporting

4 Overview The requirements of a GKC client are to provide the following facilities and functions: 1.Authentication - uses a token delivered via email. 2.Initialization - retrieving client preferences from the GKC. 3.Intercept all out going email and insert a permission key in to all instances of the protected user's email address. 4.Monitor the Spam folder, and recover any messages that contain a valid key. 5.Invalidate Compromised Keys Note: All communications must be secure (HTTPS / SSL). Implement the Key Custodian APIs should be in compliance with the Licensing Requirements as specified in the attached document.

5 The Key Custodian APIs Filters call Authenticate(...) GetKey(...) IsValidKey(...) InvalidateKey(...) GetUserPreferences(...) Anonymous Browsers call GetMailToKey(...) Note: Unless specified otherwise, the term "email address" refers to an email address as defined by "RFC 2822 3.4. Address Specification" and should preferably be provided as it would typically appear in the message headers and therefore include the dispaly name, if available. In accordance with RFC 2822, to avoid confusion the term "addr- spec address" is used to refer to the bare SMTP form of the address. ie. localpart@domain.tld

6 Spam Folder Monitoring Function For each message that is placed in to the Spam folder: Check that the message has not been previously processed. Retrieve the Originator's Email Address. Retrieve any keyed instances of the protected user's email address, and check the validity of the key via the GKC IsValidKey() API. (continued): If the Key is valid, then move the message to the inbox – bump a counter. Optionally, record that the message has been processes, and that it has been recovered. If operating in free mode, then alert the user via a message box or dialog.

7 Outbound Message Key Insertion Function For each outgoing message: Obtain the Recipient's Email Address Obtain a 'Permission Key' from the global key custodian, via the GetKey API. Insert the envelop key into the message envelop by replacing instances of the protected users email address with the provided "envelop " keyed version. For each outgoing message (continued): Insert the headers key into the message headers by replacing instances of the protected users email address with the provided "headers" keyed version. If opperating in free mode, then insert GKC promotional footer.

8 On Compromised Key Function For each message that is placed in to the Spam folder that has been previously recovered, or where the user has specifically indicated that the key should be invalidated: Retrieve the Originator's Email Address. Retrieve any keyed instances of the protected user's email address, and call the GKC InvalidateKey() API for each.

9 Authentication What to use it for: New Account Instance Authentication Account Instance Re- authentication To acknowledge the receipt of GKC Tokens Description Called to initiate the dispatching of, and to acknowledge the receipt of GKC Tokens. When to use it: Upon new installation / activation of Email Permission Key facility In the event that the current GKC token is rejected by the GKC Upon the receipt of a GKC token during the filter authentication process Note: Please see "New User Instance Account Initialization" for a description of the authentication process.

10 New User Instance Account Initialization Process is always initiated by the filter. The filter calls Authenticate() passing in a filter generated random 10 digit alpha-numeric "filter token", which the filter stores for further reference. The GKC sends two email messages to the protected user's email address: 1.a probe message to test for the existence of plus addressing support within the protected user's email system, and 2.a message containing the GKC authentication token. Continued…

11 New User Account Initialization con't. The filter monitors incoming messages for two responses from the GKC. Responses are identified by the originators email address (gkc@keycustodian.com) and authenticated by the presence of the original "filter token" in the subject of the message. The structure of the subject field is: "... Token is: : " The filter recovers the GKC's token from the subject field of each GKC message, and 1.calls Authenticate() for each recovered GKC token - this time including the GKC's token in the request. 2.permanently records the first 10 digits of the GKC's token for inclusion in all further calls to the GKC. Continued…

12 New User Account Initialization con't. The first 10 digits of the GKC's token will be the same for each response message. The Eleventh digit of the GKC's token is used to identify tagged addressing probes. GKC messages may be optionally deleted by the filter. All messages from the GKC contain both the original "filter token" and a GKC token. Filters only need to monitor for and respond to GKC messages during the account authentication process. Notes

13 The Key Custodian API Reference

14 The Key Custodian APIs Filters call Authenticate(...) GetKey(...) IsValidKey(...) InvalidateKey(...) GetUserPreferences(...) Anonymous Browsers call GetMailToKey(...) Note: Unless specified otherwise, the term "email address" refers to an email address as defined by "RFC 2822 3.4. Address Specification" and should preferably be provided as it would typically appear in the message headers and therefore include the display name, if available. In accordance with RFC 2822, to avoid confusion the term "addr- spec address" is used to refer to the bare SMTP form of the address. ie. localpart@domain.tld

15 GetKey() Parameters Email o The protected user's email address Recipients o Coma delimited list of the recipient email addresses. Filter Statistics (optional) o MsgsReceived o MsgsRecovered o TotalSpam GKC Token Format o Either xml or json Returns A keyed instance of the protected user's email address in either xml or json Example: { "key": { "addrspec": "joHN.SmiTH+12345@eXamPLE.Com", "email": "\"John Smith 12345\" " },"success":true} Description Called by the filter for each outgoing message to obtain a key

16 IsValidKey() Parameters Email o The protected user's email address Key o A key encoded email address retrieved from any part of the message Senders (optional) o Coma delimited list of Email address of the message's senders. GKC Token Format o Either xml or json Returns Key properties in either xml or json Example: { "key": { "isvalidkey": "true", "issuedto": "\"Joe\" ", "issueddate":"20080827232220", "expires":"20080903232220", "issuedby":"SMTP Outgoing Insertion" },"success":true} Description Called by the filter for each "spam" message that contains a key

17 InvalidateKey() Parameters Email o The protected user's email address Key o A key encoded email address retrieved from any part of the message Originator o Email address of the message's sender. GKC Token Format o Either xml or json Description Called by the filter when the user clicks "Is Spam" on a message that contains a key. Returns Key's post invalidation properties in either xml or json Example: { "key": { "isvalidkey": "false", "issuedto": "\"Joe\" ", "issueddate":"2008-10-30 16:11:22", "expires":"2999-12-31 23:59:59", "issuedby":"SMTP Outgoing Insertion" },"success":true}

18 Authenticate() Parameters Email Address o The protected user's email address Client Token o 10 digit alpha-numeric GKC Token o 10 digit alpha-numeric Provider ID o 32 digit alpha-numeric Format o Either xml or json Description Called by the filter to authenticate access to the protected user's GKC account. Returns True or False in either xml or json format {"success": true} First called by the filter to initiate the filter authentication process. Then called to confirm the receipt of each GKC token.

19 GetUserPreferences() Parameters Email Address o The protected user's email address GKC Token Format o Either xml or json Returns Account status and user preferances (xml or json) Description: Called by the filter at the start of each session. Example: { "user": { "isauthenticated": "true", "email":"joE+123@eXamplE.Com", "subexpires":"20090903232220", "uniquekeysissued": "123", "recovered": "12", "received": "12345", "spam": "12345", "established":"20080827232220", "lastaccessed":"20080827232220", "lastaccessedip":"0.0.0.0", "provider":"Example, inc.", "messagefooter":"Replies to this..." },"success":true}

20 The GKC Authentication Token Description The GKC Authentication Token is A alpha-numeric ASCII string of a maximum of 11 characters in length Requested via the authenticate API Delivered to the filter via email Obtained by extracting from the subject field of the confirmation email The structure of the subject field is: "... Token is: : " Note: Once acquired via the authenticate API, then every call from the filter to the GKC must include the GKC Authentication Token.

21 GetMailToKey() Parameters UserGUID o 128 bit GUID String Description - Called by the web browers to dynamically insert keyed email addresses in to web pages. Returns Encoded mailto: tag including key encoded email address Example: mailt o:john .smit h+1234 5@exa mple. com

Download ppt "Permission Keys in five easy steps Adrian McElligott"

Similar presentations

JavaScript and AJAX Jonathan Foss University of Warwick

JavaScript and AJAX Jonathan Foss University of Warwick
Outlook 2010 Quick Guide Table of Contents: Overview of client, Sending/Receiving e-mail, Using the address book………..………..............2-7 Sent Items……………………………………………………………………………………………..…..8.

Outlook 2010 Quick Guide Table of Contents: Overview of client, Sending/Receiving , Using the address book………..……… Sent Items……………………………………………………………………………………………..…..8.
6 C H A P T E R © 2001 The McGraw-Hill Companies, Inc. All Rights Reserved1 Electronic Mail Electronic mail has revolutionized the way people communicate.

6 C H A P T E R © 2001 The McGraw-Hill Companies, Inc. All Rights Reserved1 Electronic Mail Electronic mail has revolutionized the way people communicate.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
JavaScript Forms Form Validation Cookies CGI Programs.

JavaScript Forms Form Validation Cookies CGI Programs.
Browser and E-mail Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.

Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.
0 EMAIL 5000 Series DATA MANAGEMENT. 1 Why Email? Alarm/Status Notification –Remote unattended sites »Pumping stations –Pharmaceutical/Plant maintenance.

Series DATA MANAGEMENT. 1 Why ? Alarm/Status Notification –Remote unattended sites »Pumping stations –Pharmaceutical/Plant maintenance.
Architecture of Email SMTP, POP, IMAP, MIME.

Architecture of SMTP, POP, IMAP, MIME.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.
Mail Server Fitri Setyorini. Content SMTP POP3 How mail server works IMAP.

Mail Server Fitri Setyorini. Content SMTP POP3 How mail server works IMAP.
Microsoft Office Word 2013 Expert Microsoft Office Word 2013 Expert Courseware # 3251 Lesson 4: Working with Forms.

Microsoft Office Word 2013 Expert Microsoft Office Word 2013 Expert Courseware # 3251 Lesson 4: Working with Forms.
» Explain the way that electronic mail (e-mail) works » Configure an e-mail client » Identify e-mail message components » Create and send e-mail messages.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.
1. 2 LXU800 User’s Manual 1.Installation – Windows XP ------------------ 5 2.UI Features Introduction -------------------- 12 3.Data Connection & Disconnection.

1. 2 LXU800 User’s Manual 1.Installation – Windows XP UI Features Introduction Data Connection & Disconnection.
What’s New in WatchGuard XCS v9.1 Update 2. WatchGuard XCS v9.1 Update 2  Introduce New Features WatchGuard XCS Outlook Add-in SecureMail Email Encryption.

What’s New in WatchGuard XCS v9.1 Update 2. WatchGuard XCS v9.1 Update 2  Introduce New Features WatchGuard XCS Outlook Add-in Secur Encryption.
Web forms in PHP Forms Recap  Way of allowing user interaction  Allows users to input data that can then be processed by a program / stored in a back-end.

Web forms in PHP Forms Recap  Way of allowing user interaction  Allows users to input data that can then be processed by a program / stored in a back-end.
Department of Information Technology e-Michigan Web Development 0 HTML Form Creation in the Vignette Content Management Application.

Department of Information Technology e-Michigan Web Development 0 HTML Form Creation in the Vignette Content Management Application.
Electronic Mail Security

Electronic Mail Security

Similar presentations

Ads by Google