Solutions by Technology
/ e-Mail Signing, Verification & Archiving
Emails are an essential business tool these days. However with online identity theft, phishing attacks and a range of other threats end-users are often misled into trusting bogus emails from reputable firms.
Similarly any legitimate emails or attachments can easily be modified by attackers impacting your important business brand as well as reputation! Digitally signing emails and even better signing of attachments is the answer, however deploying signing keys to all your end-users and making it easy for them to use has been difficult so far.
Even more difficult has been the process of verifying signed emails (and attachments) by end-users. Local trust anchors are not always up to date and the verification results windows are confusing for normal end-users on whether the email can be trusted or not.
Ascertia believes it’s much better to do signing and verification operations automatically on the server and handle any errors automatically (e.g. block emails whose digital signatures are not trusted, or send to administrator etc.). Furthermore this greatly simplifies key management and security with a centralised security server, as well as centralised logging, management and control.
Overall in our opinion email is a universal transport but it is a poor choice for sending important data. Email body text should be used for setting a context for the human or automated application. Real trustworthy information should always be sent as an attachment with an appropriate digital signature applied.
SOLUTION DESCRIPTION
There is an undeniable need to bind and protect the corporate brand to business documents. However organisations find it hard sometimes to retrofit advanced security systems.
This solution ensures that emails can be scanned, filtered and processed:
Having a digital signature applied to the attached PDF, XML or File
Having a digital signature verified on the attached PDF, XML or File
Having the email itself signed or verified and trusted
Having the email archived
Using signatures and timestamps, documents can be shown to have existed, been processed, been accepted, been notarised by a particular individual, system or organisation at a proven date and time.
Signing emails and/or attachments
ADSS Secure Email Server provides simple and effective signing of emails and/or attachments. It is a server-side solution so there is no need to deploy software or encryption keys to end-users. In addition there is no need to re-configure existing mail clients or educate end-users about how to manage and use local security features. Secure Email Server is an MTA server that quite literally drops-in to your existing mail infrastructure to seamlessly and automatically sign emails and attachments by utilising ADSS Enterprise Server.
Verifying signed emails and/or attachments
ADSS Secure Email Server enables organisations to simply and effectively verify signed emails and/or their attachments as they come into an organisation. It is a drop-in server-based product that removes the need to deploy security software to end-users. It also removes the need to re-configure existing mail clients or educate end-users about how to manage and use local security features.
This last point must not be under-estimated as it is hard for end-users to determine whether a signed email or document should be trusted. This trust decision depends on the configuration of their local applications and requires the user to make sense of complex technical messages.
This last point must not be under-estimated as it is hard for end-users to determine whether a signed email or document should be trusted. This trust decision depends on the configuration of their local applications and requires the user to make sense of complex technical messages.
Secure Email Server is a full MTA server that quite literally drops-in to your existing mail infrastructure to seamlessly and automatically verify incoming signed emails and attachments. Signature verification is carried out by making calls to ADSS Server. Policy rules are set up to govern how to route emails that fail to verify or fail to be trusted. Trusted emails are sent on to the intended recipient.
Archiving emails and/or attachments
ADSS Secure Email Server enables organisations to archive emails and/or their attachments using either basic archiving to an administrator mailbox or an advanced digitally signed ADSS Archive Server.
Secure Email Server is a full MTA server that quite literally drops-in to your existing mail infrastructure to automatically archive incoming and/or outgoing emails and attachments.
Filtering profiles can be set up based on keywords or types of attachments so that only specific emails are archived. Archive processing can be tailored to suit the business needs:
Archiving of emails by sending a copy to an archive authority mailbox
Archiving of emails within a local database with the ability to search these using common email fields using a web-based management interface
Time stamping and notary signing of archived emails to prove their authenticity and time of receipt or delivery into the trusted archive
Using a secure long-term archive that follows the IETF LTAN specifications. These provide strong digital signature protection and document retention policies plus the automatic refreshing of timestamp evidence over many years.
WHY ASCERTIA?
There are very good reasons for choosing Ascertia digital signature products for email security projects and these include:
Drop in MTA Server
Ascertia provided a server-side solution with no changes required within end-user’s email clients. ADSS Secure Email Server (SES) is a drop in MTA Server capable of filtering emails based on configured “matcher” policy, and then processing the filtered emails based on configrued “mailet”. Emails and or attachments can be automatically signed, verified and/or archived.
Apply electronic (digital) signatures to any type of document
Ascertia’s products offer the widest support for digital signature formats and standards and the greatest flexibility in how to implement these. The products support PDF, XML, PKCS#7, CMS, S/MIME and PKCS#1 signatures as required to sign business documents. German and other country qualified certificates can be used to provide advanced electronic signatures.
Verify existing electronic (digital) signatures to any type of document
Ascertia has the widest support for verification of digital signature formats as mentioned above. It also provides enhanced OASIS DSS-X Verification Reports and PEPPOL based quality ratings for signatures and associated certificates. All of this evidential information can be stored as meta data with the data objects being archived for later use.
Long-term signatures
Ascertia is a clear leader in creating long-term signatures – these can be verified many years in the future, an essential requirement for most government related data. ADSS Server supports all the ETSI XAdES and CAdES as well as latest PAdES (PDF format) profiles.
High Performance, Scalability & Security
ADSS Server can be run in load-balanced configuration to sign millions of documents in automated manner. All signature operations can be conducted in a secure Hardware Security Module (HSM) and multiple HSMs can be connected for performance and resilience purposes. All signing operations are securely logged in ADSS Server database.
More than just digital or electronic signatures
Digital signature creation is only one part of the solution – there are also requirements for signature verification, trust anchor management, key management, certification, real-time certificate validation, time-stamping and secure long-term archiving. ADSS Server is unique in being able to address all these requirements in one multi-function server. All these services are based on leading industry standards including OASIS DSS & DSS/X (singing, verification and encryption), RFC 3161 (timestamping), IETF LTANS (archiving), RFC 6960 (OCSP validation), RFC 5055 (SCVP validation), W3C XKMS (validation), etc.