ADSS Secure eMail Server  For General Document Security and Invoice Signing   Saving Time & Money, Avoiding Risk & Fraud
Agenda <ul><li>Secure Email Server </li></ul><ul><li>ADSS Server </li></ul><ul><li>Trust Services </li></ul><ul><li>Outbou...
ADSS Secure eMail Server <ul><li>Built on Apache James </li></ul><ul><ul><li>A Java MTA mail server </li></ul></ul><ul><ul...
Basic Architecture ADSS Server + sign/verify + encrypt*/decrypt* + archive*/recover* HSM DB Request  (Sign / Verify Encryp...
ADSS Server <ul><li>A multi-function security server </li></ul><ul><ul><li>Server-side signing, Server based verification,...
Ascertia ADSS Server Trust Services Note: You only need license and use what is needed today PDF Documents   - Basic signa...
Secure Email Server - Future Options <ul><li>Archiving the email </li></ul><ul><ul><li>With Archive management, review, re...
Signing Outbound Emails Architecture Internet 1) Alice sends  email Alice Bob Ascertia Secure eMail  Server Ascertia ADSS ...
ERP Email System Architecture Internet 1) ERP system sends email ERP  System Recipient Ascertia Secure eMail  Server Ascer...
Signing Outbound Emails  <ul><li>Secure Email Server sends request to ADSS Server </li></ul><ul><li>ADSS Server Signs </li...
Verifying Incoming Emails Architecture Internet Recipient ADSS Server 2) Request signature verification 3) Signature verif...
Verifying incoming signed emails <ul><li>Secure Email Server  </li></ul><ul><ul><li>Checks received emails .v. Matcher rul...
Verification processing  <ul><li>Verification Result delivery options </li></ul><ul><ul><li>Allow email to be delivered no...
Secure eMail Server – Archiving (Q408) <ul><li>“ mailet” based policy for archiving emails  </li></ul><ul><ul><li>For outb...
Signed Webmail Architecture (future) Internet 1) Alice creates and  sends webmail Alice Bob Secure eMail Server ADSS Serve...
Summary <ul><li>Meets business needs for an easy to deploy  document signing and secure email solution </li></ul><ul><ul><...
Questions: Rod Crook Clive Flatau +44 1256 895416 +44 7789 991686  [email_address] [email_address]
Upcoming SlideShare
Loading in …5
×

Ascertia Secure E Mail Server (Jul08)

1,097 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,097
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Ascertia Secure E Mail Server (Jul08)

  1. 1. ADSS Secure eMail Server For General Document Security and Invoice Signing Saving Time & Money, Avoiding Risk & Fraud
  2. 2. Agenda <ul><li>Secure Email Server </li></ul><ul><li>ADSS Server </li></ul><ul><li>Trust Services </li></ul><ul><li>Outbound emails </li></ul><ul><li>Incoming emails </li></ul><ul><li>Archiving </li></ul>
  3. 3. ADSS Secure eMail Server <ul><li>Built on Apache James </li></ul><ul><ul><li>A Java MTA mail server </li></ul></ul><ul><ul><li>Selects emails using one or more “matchers” </li></ul></ul><ul><ul><li>Interacts with ADSS Server using one or more “mailets” </li></ul></ul><ul><li>James matchers – for filtering emails </li></ul><ul><ul><li>“ Subject” field, “To” field, “From” field, </li></ul></ul><ul><ul><li>“ has attachment”, “attachment file name is” </li></ul></ul><ul><ul><li>Other options available (e.g. based on key words) </li></ul></ul><ul><li>James mailets – to process filtered emails </li></ul><ul><ul><li>Sign attachment using ADSS Server (e.g. PDF, XML, File) </li></ul></ul><ul><ul><li>Verify signed attachments using ADSS Server </li></ul></ul><ul><ul><li>Sign and verify emails </li></ul></ul>
  4. 4. Basic Architecture ADSS Server + sign/verify + encrypt*/decrypt* + archive*/recover* HSM DB Request (Sign / Verify Encrypt / Decrypt) Response <ul><li>Future Options </li></ul>Policy Management for signing and verification and archiving. Customer console for recovery and other management. ADSS Secure eMail Server (MTA Server)
  5. 5. ADSS Server <ul><li>A multi-function security server </li></ul><ul><ul><li>Server-side signing, Server based verification, Timestamping </li></ul></ul><ul><ul><li>CRL manager/archiver, OCSP Validation Authority </li></ul></ul><ul><ul><li>Time Stamp Authority (TSA) and Certificate Authority </li></ul></ul><ul><li>It powers the Secure eMail Server </li></ul><ul><ul><li>Secure eMail Server is a ‘business application’ for ADSS Server </li></ul></ul><ul><li>Supports signing and verification </li></ul><ul><ul><li>Of PDF, XML and other file attachments </li></ul></ul><ul><ul><li>Multiple options for PDF signing style (visible, invisible, certified, timestamped, long-term signatures) </li></ul></ul><ul><li>Key Management </li></ul><ul><ul><li>Supports organisation or organisation role signing </li></ul></ul><ul><ul><li>Supports end-user key signing (server-side) signing </li></ul></ul><ul><ul><li>Inbuilt Key Manager linked to internal or external CA </li></ul></ul><ul><ul><li>Can use FIPS compliant HSM for strong private key protection </li></ul></ul>
  6. 6. Ascertia ADSS Server Trust Services Note: You only need license and use what is needed today PDF Documents - Basic signature (visible / invisible) - Certify - Sign & timestamp - Long-term signatures XML Documents - XML DSig (XAdES ES) - Timestamps (XAdES ES-T) - Long-term signatures (XAdES X-Long) PKCS#7 / CMS / SMIME - Basic signature (CAdES ES) - Timestamps (CAdES ES-T) - Long-term signatures (CAdES X-Long) Historic Verification OCSP Validation (immediate verify & long term sign) Time Stamp Authority (TSA) Server Sign Verify                     -    [email_address]  
  7. 7. Secure Email Server - Future Options <ul><li>Archiving the email </li></ul><ul><ul><li>With Archive management, review, resend, retention policy management, logging etc </li></ul></ul><ul><li>WebMail support </li></ul><ul><ul><li>Allowing users to sign and verify emails and attachments and also handle encrypted emails </li></ul></ul><ul><li>Encrypt emails using ADSS Server </li></ul><ul><ul><li>using recipient certificate(s) </li></ul></ul><ul><li>Decrypt emails using ADSS Server </li></ul><ul><ul><li>using recipient private key </li></ul></ul><ul><li>Timestamp the receipt of inbound emails </li></ul><ul><ul><li>Option to also apply a Notary signature </li></ul></ul><ul><li>Apply an Electronic Post Mark (EPM) </li></ul><ul><li>Work with Trusted Archive Server </li></ul>Ascertia is always happy to discuss the commercial drivers and technical requirements and then set the dates for the delivery of the required options
  8. 8. Signing Outbound Emails Architecture Internet 1) Alice sends email Alice Bob Ascertia Secure eMail Server Ascertia ADSS Server 2) Request signature 3) Signature 4) Forward email 5) Bob receives Signed email
  9. 9. ERP Email System Architecture Internet 1) ERP system sends email ERP System Recipient Ascertia Secure eMail Server Ascertia ADSS Server 2) Request signature 3) Signature 4) Forward email 5) Recipient receives signed email
  10. 10. Signing Outbound Emails <ul><li>Secure Email Server sends request to ADSS Server </li></ul><ul><li>ADSS Server Signs </li></ul><ul><ul><li>using unique user keys (e.g. Alice) </li></ul></ul><ul><ul><li>Using corporate keys (e.g. Finance Dept for Company A) </li></ul></ul><ul><ul><li>Using software or keys in FIPS or Common Criteria HSM/Token </li></ul></ul><ul><li>Can sign attachments </li></ul><ul><ul><li>PDF attachments: using PDF signature standard </li></ul></ul><ul><ul><li>XML files: using XML DSig standard </li></ul></ul><ul><ul><li>Other file types: using wrapping PKCS#7/CMS signature </li></ul></ul><ul><ul><li>OR basic signatures plus timestamps (PDF/ETSI) </li></ul></ul><ul><ul><li>OR basic signatures plus timestamps and signer’s certificate status (usually OCSP) at time of signing (PDF/ETSI) </li></ul></ul><ul><li>Can sign emails using feature support in ADSS Server v3.4 </li></ul>
  11. 11. Verifying Incoming Emails Architecture Internet Recipient ADSS Server 2) Request signature verification 3) Signature verification response details 4) Recipient receives verified email Ascertia Secure eMail Server CA-1 CA-2 CA-N CRL CRL OCSP ERP System 1) ERP system sends email
  12. 12. Verifying incoming signed emails <ul><li>Secure Email Server </li></ul><ul><ul><li>Checks received emails .v. Matcher rules </li></ul></ul><ul><ul><li>Sends document to be verified to ADSS Server </li></ul></ul><ul><li>ADSS Server </li></ul><ul><ul><li>Checks PDF or XML or File or S/MIME signature </li></ul></ul><ul><ul><li>Signature integrity check </li></ul></ul><ul><ul><li>Signer certificate validation check: </li></ul></ul><ul><ul><ul><li>Issued by a trusted CA </li></ul></ul></ul><ul><ul><ul><li>Certificate is not expired </li></ul></ul></ul><ul><ul><ul><li>Certificate is not revoked (using CRLs, or OCSP) </li></ul></ul></ul><ul><ul><ul><li>Certificate contains valid extensions </li></ul></ul></ul><ul><ul><ul><li>Certificate meets minimum certificate quality level (option) </li></ul></ul></ul><ul><li>Embedded signatures within attachments can be verified, e.g. PDFs, XML </li></ul><ul><li>Multiple trusted CAs can be registered </li></ul>
  13. 13. Verification processing <ul><li>Verification Result delivery options </li></ul><ul><ul><li>Allow email to be delivered normally </li></ul></ul><ul><ul><li>Send email on to recipient with results attached / appended </li></ul></ul><ul><ul><li>Only allow successfully verified emails to be sent to recipient </li></ul></ul><ul><ul><li>All untrusted emails sent to an administrator with results report </li></ul></ul><ul><ul><li>Other custom options </li></ul></ul><ul><li>Mailet processing options </li></ul><ul><ul><li>Can send ADSS Server the signed email hash + signature for privacy or speed/throughput purposes </li></ul></ul><ul><ul><li>Can send entire email + attachments for verification </li></ul></ul><ul><ul><li>Can also send entire email for archive (see later) </li></ul></ul><ul><li>ADSS Server records all sign/verify transactions </li></ul><ul><ul><li>Logs can be searched / filtered / reports produced </li></ul></ul><ul><ul><li>Logs can be exported in CSV format </li></ul></ul>
  14. 14. Secure eMail Server – Archiving (Q408) <ul><li>“ mailet” based policy for archiving emails </li></ul><ul><ul><li>For outbound emails </li></ul></ul><ul><ul><li>For incoming emails </li></ul></ul><ul><li>For simple short-medium term archiving </li></ul><ul><ul><li>Sends emails to local email archive management module </li></ul></ul><ul><ul><li>Keeps all email header, body, attachment data </li></ul></ul><ul><ul><li>Option to timestamp the archived data </li></ul></ul><ul><li>Archive Management </li></ul><ul><ul><li>Use Secure eMail Server Console (secure browser based) </li></ul></ul><ul><ul><li>Search & recover & resend emails </li></ul></ul><ul><ul><li>Database archive feature </li></ul></ul><ul><ul><li>Retention Policy auto-delete feature as a future option </li></ul></ul>
  15. 15. Signed Webmail Architecture (future) Internet 1) Alice creates and sends webmail Alice Bob Secure eMail Server ADSS Server 2) Sign 3) Verify / archive 4) Forward 5) Bob receives Signed email Simple Webmail Application Note: These servers could be co-located on a single system or arranged in separate or a high-availability mode Uses GoSign applet
  16. 16. Summary <ul><li>Meets business needs for an easy to deploy document signing and secure email solution </li></ul><ul><ul><li>Filters, processes, signs, verifies </li></ul></ul><ul><ul><li>Encryption, decryption options </li></ul></ul><ul><ul><li>archive, recovery, resend options </li></ul></ul><ul><li>Easy to integrate </li></ul><ul><ul><li>A separate drop-in secure email MTA Server using ADSS Server as a powerful high-security engine </li></ul></ul><ul><li>Multi-platform </li></ul><ul><ul><li>Windows 2003 Server today (others by request) </li></ul></ul><ul><li>Secure Storage </li></ul><ul><ul><li>Uses industry leading databases with secured content Oracle, SQL Server, PostgreSQL </li></ul></ul><ul><li>Secure Management </li></ul><ul><ul><li>A well proven multi-functional security services platform with full security management plus event and transaction logging </li></ul></ul>
  17. 17. Questions: Rod Crook Clive Flatau +44 1256 895416 +44 7789 991686 [email_address] [email_address]

×