Solutions by Technology
/ e-Mail Signing, Verification & Archiving
Similarly any legitimate emails or attachments can easily be modified by attackers impacting your important business brand as well as reputation! Digitally signing emails and even better signing of attachments is the answer, however deploying signing keys to all your end-users and making it easy for them to use has been difficult so far.
Even more difficult has been the process of verifying signed emails (and attachments) by end-users. Local trust anchors are not always up to date and the verification results windows are confusing for normal end-users on whether the email can be trusted or not.
Ascertia believes it’s much better to do signing and verification operations automatically on the server and handle any errors automatically (e.g. block emails whose digital signatures are not trusted, or send to administrator etc.). Furthermore this greatly simplifies key management and security with a centralised security server, as well as centralised logging, management and control.
Overall in our opinion email is a universal transport but it is a poor choice for sending important data. Email body text should be used for setting a context for the human or automated application. Real trustworthy information should always be sent as an attachment with an appropriate digital signature applied.
Using signatures and timestamps, documents can be shown to have existed, been processed, been accepted, been notarised by a particular individual, system or organisation at a proven date and time.
ADSS Secure Email Server provides simple and effective signing of emails and/or attachments. It is a server-side solution so there is no need to deploy software or encryption keys to end-users. In addition there is no need to re-configure existing mail clients or educate end-users about how to manage and use local security features. Secure Email Server is an MTA server that quite literally drops-in to your existing mail infrastructure to seamlessly and automatically sign emails and attachments by utilising ADSS Enterprise Server.
ADSS Secure Email Server enables organisations to simply and effectively verify signed emails and/or their attachments as they come into an organisation. It is a drop-in server-based product that removes the need to deploy security software to end-users. It also removes the need to re-configure existing mail clients or educate end-users about how to manage and use local security features.
This last point must not be under-estimated as it is hard for end-users to determine whether a signed email or document should be trusted. This trust decision depends on the configuration of their local applications and requires the user to make sense of complex technical messages.
This last point must not be under-estimated as it is hard for end-users to determine whether a signed email or document should be trusted. This trust decision depends on the configuration of their local applications and requires the user to make sense of complex technical messages.
Secure Email Server is a full MTA server that quite literally drops-in to your existing mail infrastructure to seamlessly and automatically verify incoming signed emails and attachments. Signature verification is carried out by making calls to ADSS Server. Policy rules are set up to govern how to route emails that fail to verify or fail to be trusted. Trusted emails are sent on to the intended recipient.
ADSS Secure Email Server enables organisations to archive emails and/or their attachments using either basic archiving to an administrator mailbox or an advanced digitally signed ADSS Archive Server.
Secure Email Server is a full MTA server that quite literally drops-in to your existing mail infrastructure to automatically archive incoming and/or outgoing emails and attachments.
Filtering profiles can be set up based on keywords or types of attachments so that only specific emails are archived. Archive processing can be tailored to suit the business needs:
Ascertia provided a server-side solution with no changes required within end-user’s email clients. ADSS Secure Email Server (SES) is a drop in MTA Server capable of filtering emails based on configured “matcher” policy, and then processing the filtered emails based on configrued “mailet”. Emails and or attachments can be automatically signed, verified and/or archived.
Ascertia’s products offer the widest support for digital signature formats and standards and the greatest flexibility in how to implement these. The products support PDF, XML, PKCS#7, CMS, S/MIME and PKCS#1 signatures as required to sign business documents. German and other country qualified certificates can be used to provide advanced electronic signatures.
Ascertia has the widest support for verification of digital signature formats as mentioned above. It also provides enhanced OASIS DSS-X Verification Reports and PEPPOL based quality ratings for signatures and associated certificates. All of this evidential information can be stored as meta data with the data objects being archived for later use.
Ascertia is a clear leader in creating long-term signatures – these can be verified many years in the future, an essential requirement for most government related data. ADSS Server supports all the ETSI XAdES and CAdES as well as latest PAdES (PDF format) profiles.
ADSS Server can be run in load-balanced configuration to sign millions of documents in automated manner. All signature operations can be conducted in a secure Hardware Security Module (HSM) and multiple HSMs can be connected for performance and resilience purposes. All signing operations are securely logged in ADSS Server database.
Digital signature creation is only one part of the solution – there are also requirements for signature verification, trust anchor management, key management, certification, real-time certificate validation, time-stamping and secure long-term archiving. ADSS Server is unique in being able to address all these requirements in one multi-function server. All these services are based on leading industry standards including OASIS DSS & DSS/X (singing, verification and encryption), RFC 3161 (timestamping), IETF LTANS (archiving), RFC 6960 (OCSP validation), RFC 5055 (SCVP validation), W3C XKMS (validation), etc.