Download presentation
Presentation is loading. Please wait.
Published byHerbert Baldwin Modified over 9 years ago
1
© Copyright 2009 SSLPost 01
2
© Copyright 2009 SSLPost 02 a recipient is sent an encrypted email that contains data specific to that recipient the data sent is automatically set to trigger tracking and reporting for the sender an encrypted and/or unencrypted message as well as any other attached digital content can be sent to the recipient within a single email if the correct password is entered by the recipient the content is immediately displayed to the recipient
3
© Copyright 2009 SSLPost when the user signs up for an account, they are asked them to provide their name, email address and depending upon the security level demanded by the client the user maybe asked to provide their mobile phone number. Once the user submits this information they are then sent an email &/or a SMS text message with a reset code In order to authenticate the user, a link within the email launches a secure https page on a web browser where the user can enter their reset code and which then allows the user to creates their own password which is known only to that user 03
4
© Copyright 2009 SSLPost 05 to send a secure email the SSLPost software does the following: looks up an existing recipient's assigned public key on the senders SSLPost server, (if the recipient is new the SSLPost software creates a new 1024 or 2048 bit RSA public key pair and sends a message to the recipient allowing the recipient to set up their own unique pass phrase). generates a secure random 128 bit session key to encrypt the content of the SSLPost email (using the Advanced Encryption Standard (AES) algorithm) uses the recipients assigned public key to encrypt the 128 bit session key so that only the recipients assigned private key will decrypt it creates a random “seal key” and stores this in a table of sent messages along with the senders description of the message uses the seal key to encrypt the result of the RSA encryption to make sure access to the message can be tracked creates a Secure Hash Algorithm (SHA1) hash value of the content of the message which is signed with the senders private key and included along with the message. This SHA 1 value will later identify if there has been any alteration of the email content and provides the recipient with confirmation of the sender
5
© Copyright 2009 SSLPost 06 message data is encrypted with a 128 bit AES session key b message data and recipient details are combined a session key is encrypted with the recipient’s public RSA key c a hash value of the message is calculated and signed with the sender's private RSA key e the result is encrypted with a seal key used to track access to the data d a standard internet email is created with an HTML form containing the recipients details, encrypted message data, encrypted session key, SHA 1 hash value of the message and the signature f
6
© Copyright 2009 SSLPost 07 the SSLPost email is sent to the recipient with the: signed SHA1 hash value encrypted content encrypted session key neither the email or any of its content is stored on the SSLPost servers
7
© Copyright 2009 SSLPost the signed Secure Hash Algorithm (SHA1) value is used to check the message has not changed and that the identity of the sender is correct the identity of the sender is displayed to the recipient and they are asked for their pass phrase the seal key is looked up in the database and the open attempt is logged the seal key is used to decrypt the outer layer of encryption used on the session key the pass phrase provided is compared against the value stored in the database. If the pass phrase does not match then the attempt is rejected and recipient is re-prompted for the correct pass phrase. The keys needed to decrypt the message are only stored on the server so an offline brute force attack is impossible and because every attempt to open is logged in the SSLPost audit trail an online brute force attack on the server can be easily detected if the pass phrase matches then the session key is further decrypted using the recipients private key the unencrypted session key is used to decrypt the original content (AES 128 bit) if all of the above are successful then the email opening is logged and the decrypted content is presented to the recipient over a secure SSL link 09
8
© Copyright 2009 SSLPost recipient opens the html form with the decrypt button recipient is then seamlessly returned to the sender’s SSLPost server SSLPost server presents a new page to the recipient that asks the recipient for their password 08
9
© Copyright 2009 SSLPost 10 a the recipient receives the email which contains the HTML form b they click the decode button and the information in the message is sent to the sender’s server for decoding d the server verifies the password, breaks the seal and decrypts the session key e the session key is used to decrypt the message data and the result is returned to the user’s web browser over an SSL link c The sender’s server checks the signature and sends back a secure page prompting the recipient to enter their password
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.