Thursday, April 30, 2015

Tabula Rosa Systems Blog Of 4/20/2015 - Compatible Security with Secure Message Pickup


======================================================
Compatible Security with Secure Message Pickup
======================================================
 ================================================
Secure Message Pickup Encryption uses a trusted “encryption middleman” to give you the almost same level of security offered by asymmetric key encryption, but with universal compatibility. Here is how it works:
The sender connects to the middleman’s SMTP or WebMail portal on a secure TLS connection
The middleman validates the sender.
The sender creates a message.
The message sender chooses some method for the recipient’s identity to be verified (e.g. via a password, a question an answer, a login to a portal, etc.)
The middleman encrypts the message (e.g. using AES256) and stores it on his server.
The middleman sends a plain text message to the recipient that contains only a secure link to the middleman’s web portal, and a unique message password that is part of the encryption key. The middleman then ‘forgets’ this password so that he cannot decrypt the message until he gets the password back from the recipient.
The recipient connects to the middleman’s web portal over a secure TLS connection and logs in (the message password coming along for the ride).
The middleman decrypts the message and presents it to the recipient.
The encryption middleman handles all the encryption dirty work; it doesn’t matter if the sender uses PGP and the recipient uses S/MIME. In fact, it doesn’t matter if either uses encryption at all! All that the sender and recipient need is a web browser and regular email service. The middleman takes care of everything else.
How does it solve the security problems we mentioned earlier?
Eavesdropping: No one can eavesdrop on the message because the sender and recipient connect to the middleman on a secure TLS connection.
Identity Theft: No one can steal the sender’s login information or the recipient’s verification information because both the sender and the recipient use TLS connections.
Invasion of Privacy: The recipient knows nothing about the sender’s computer, email client, or location. She only knows that he used the middleman.
Message Modification: No one can modify the message because it never leaves the middleman’s server and is encrypted and signed while residing there.
False Messages: The message is only accessed on the middleman’s server, so no one else can pretend to send it.
Message Replay: No one can re-send the message because it never leaves the middleman’s server.
Unprotected Backups: The message is encrypted when it is stored, so it is secure even in backups.
Repudiation: The recipient knows that the sender really did send the message because he was validated by the middleman and because digital signatures are used.
In addition, the middleman can keep a log of who accesses the message and at what times. Thus the sender can audit the message to see who has viewed it.
Notice that the message is secure and anonymous: the message is encrypted and stored on the middleman’s servers, so it is not subject to the security of intermediate relaying servers. Only the middleman can encrypt and decrypt the message, and only authorized recipients can access the message. The recipient knows nothing about the sender’s computer, only that he used the middleman. As long as the middleman is trustworthy, the message is completely secure, completely anonymous, and completely compatible.
LuxSci’s SecureLine service provides complete provides “Escrow” encryption as a form of “Secure Message Pickup” … along with options for PGP, S/MIME, and TLS.
=================================================== 
Have you ever wondered how it would be if your email suddenly came to life? You are about to find out.
====================================================
https://www.youtube.com/watch?v=HTgYHHKs0Zw
===========================================================
**Important note** - contact our sister company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================

No comments:

Post a Comment