Secure Messaging
   HOME

TheInfoList



Click Here for Items Related To - Secure Messaging
OR:
Secure Messaging on:   [Wikipedia]   [Google]   [Amazon]

Secure messaging is a server-based approach to protect sensitive data when sent beyond the corporate borders, and it provides compliance with industry regulations such as
HIPAA The Health Insurance Portability and Accountability Act of 1996 (HIPAA or the Kennedy– Kassebaum Act) is a United States Act of Congress enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1 ...
, GLBA and
SOX Sox most often refers to: * Boston Red Sox, an MLB team * Chicago White Sox, an MLB team * An alternate spelling of socks Sox may also refer to: Places * SOX, Sogamoso Airport's IATA airport code, an airport in Colombia Computing and technolo ...
. Advantages over classical secure e-mail are that confidential and authenticated exchanges can be started immediately by any internet user worldwide since there is no requirement to install any
software Software is a set of computer programs and associated software documentation, documentation and data (computing), data. This is in contrast to Computer hardware, hardware, from which the system is built and which actually performs the work. ...
nor to obtain or to distribute
cryptographic keys A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key c ...
beforehand. Secure messages provide non-repudiation as the recipients (similar to
online banking Online banking, also known as internet banking, web banking or home banking, is an electronic payment system that enables customers of a bank or other financial institution to conduct a range of financial transactions through the financial ins ...
) are personally identified and transactions are logged by the secure email platform.


Functionality

Secure messaging works as an online messaging service. Firstly, users enroll in a secure messaging platform. Then, the user logs into their account by typing in their
username A user is a person who utilizes a computer or network service. A user often has a user account and is identified to the system by a username (or user name). Other terms for username include login name, screenname (or screen name), accoun ...
and
password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
(or strong authentication) similar to a web-based email account. Out of a message center messages can be sent over a secure SSL-connection or via other equally protecting methods to any recipient. If the recipient is contacted for the first time a message unlock code (see below MUC) is needed to authenticate the recipient. Alternatively, secure messaging can be used out of any standard email program without installing software.


Secure delivery

Secure messaging possesses different types of delivery: secured web interface,
S/MIME S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly . It was originally developed by R ...
or PGP encrypted communication or TLS secured connections to email domains, or individual email clients. One single secure message can be sent to different recipients with different types of secure delivery the sender does not have to worry about.


Trust management

Secure messaging relies on a
web of trust In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the ce ...
. This method synthesizes the authentication approach of web of trust, known from PGP, with the advantages of hierarchical structures, known from centralized PKI systems. Those combined with certificates provide a high quality of electronic identities. This approach focuses on the user and allows for immediate and personal bootstrapping of trust, respectively revocation.


Physical security

In a traditional client-server email, message data is downloaded to a local hard drive, and it is vulnerable if the computer is lost, stolen, or physically accessed by an unauthorized person. Secure messages are stored on a network or internet server which are typically more physically secure, and they are encrypted when data is inbound or outbound. However, an abundance of data still makes the server an attractive target for remote attacks. Methods that can be taken to protect physical security include ensuring environmental safety and hardware safety. Of course, the intentions of the server operator may also come into question.


Application

Secure messaging is used in many business areas with company-wide and sensitive data exchanges. Financial institutions, insurance companies, public services, health organizations, and service providers rely on the protection from secure messaging. Secure messaging can be easily integrated into corporate email infrastructures. According to Wolcott et al., secure messaging offers potential improvements in patient-provider relationships and outcomes. In the government context, secure messaging can offer electronic
registered mail Registered mail is a mail service offered by postal services in many countries which allows the sender proof of mailing via a mailing receipt and, upon request, electronic verification that an article was delivered or that a delivery attempt was ...
functions. For this to be binding, some countries, such as Switzerland, require it to be accredited as a secure platform.


Technical requirements

There is no software required for using Secure messaging. Users only need a valid email address and a working internet connection with an up-to-date
web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used o ...
.


User impact

With its use in business areas and one-on-one interaction secure messaging for recipients also includes their desire to share information with another party and negotiating the different rules across state borders. Even with the private misuse of some information data, some recipients continue to use the service. This may be referred to as a privacy paradox, where use convenience in apps such as secure messaging may be more important than the privacy concern in information systems.


Similar technologies

* PGP *
S/MIME S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly . It was originally developed by R ...
*
Identity-Based Encryption ID-based encryption, or identity-based encryption (IBE), is an important primitive of ID-based cryptography. As such it is a type of public-key encryption in which the public key of a user is some unique information about the identity of the user ( ...


History

*1965: Mainframe computer users are able to exchange messages. *1982: Standard for (D)ARPA internet text messages (RFC822) is adopted: different email systems can communicate with each other. *1983: Development of the
Internet Protocol The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet. ...
*1991:
Phil Zimmermann Philip R. Zimmermann (born 1954) is an American computer scientist and cryptographer. He is the creator of Pretty Good Privacy (PGP), the most widely used email encryption software in the world. He is also known for his work in VoIP encryption ...
creates PGP in 1991, a first-generation for secure mail communication. *1999: Launch of browser-based internet banking at
UBS AG UBS Group AG is a multinational investment bank and financial services company founded and based in Switzerland. Co-headquartered in the cities of Zürich and Basel, it maintains a presence in all major financial centres as the largest Swis ...
(Union Bank of Switzerland) with the advent of strong cryptography in industry standard browsers. *2001:
Google Google LLC () is an American Multinational corporation, multinational technology company focusing on Search Engine, search engine technology, online advertising, cloud computing, software, computer software, quantum computing, e-commerce, ar ...
search engine indexes more than 1 billion internet pages: cooperating web sites can be found easily *2002: Introduction of strong
authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicatin ...
in internet banking (UBS Switzerland) to prevent identity fraud. *2005: More than 1 billion internet users: most people in industrial countries can be reached via the internet


See also

*
Information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...
*
Email authentication Email authentication, or validation, is a collection of techniques aimed at providing verifiable information about the origin of email messages by validating the domain ownership of any message transfer agents (MTA) who participated in transferrin ...
*
Email encryption Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication. Email is prone to the disclosure of information. Most emails a ...
* Email privacy *
Secure communication Secure communication is when two entities are communicating and do not want a third party to listen in. For this to be the case, the entities need to communicate in a way that is unsusceptible to eavesdropping or interception. Secure communication ...
*
Secure instant messaging Secure instant messaging is a form of instant messaging. Both terms refer to an informal means for computer users to exchange messages commonly referred to as "chats". Instant messaging can be compared to texting as opposed to making a mobile pho ...
*
Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...
*
Cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
*
Electronic signature An electronic signature, or e-signature, is data that is logically associated with other data and which is used by the signatory to sign the associated data. This type of signature has the same legal standing as a handwritten signature as long as i ...
* Certified email


References

{{Reflist Email Privacy of telecommunications Internet privacy