Digital Certificates
SAFe-mail is now able to issue all its members with a Digital Certificate.
SAFe-mail users can now take full advantage of the Public Key Infrastructure
technology. It has been known for many years that PKI is the foundation of the
most secure systems. Until now, however, PKI has been implemented at a painful
cost to all who work with it.
Some of the problems PKI creates:
- No mobility for the end-user. The user has to install and protect a
Private Key on his own PC. That machine is the only machine from which the user
can implement PKI. This negates one of the most important features of PKI which
is having the ability to prove your identity with your Digital Signature from
where ever you happen to be. The user can only use the machine on which the
Private Key is installed to Digitally Sign documents.
Typically, the Private Key and the Digital Certificate has to be renewed once
a year.
- Requires complex systems to publish, renew, revoke and otherwise handling the
Private Keys and the associated Certificates.
- Coherency problems
Just by counting up the number of sub-systems that have to work together in
harmony demonstrates that it's almost impossible for PKI to work efficiently and
securely. Consider:
Certificate Authority (CA), Register Authority (RA), Certificate
Server, Revocation Server, e-mail server that issues e-mail addresses, e-mail
clients and many more. All these parties/components have to cooperate and mesh
together to provide an efficient PKI system.
SAFe-mail is the only system that has all these components integrated into one
system. This assures integrity. The main part of this assurance is that the
e-mail address and the Digital Certificate are really connected to the same
person and the use of that e-mail address is subject to strict authentication;
this, plus the fact that the Certificate Authority, Certificate Server and
e-mail server are all connected together within SAFe-mail.
SAFe-mail Certificates should be more trustworthy than any other Certificate
from any known Certificate Authority (CA). This is especially true because
SAFe-mail manages BOTH the e-mail address and the Certificate associated with it.
With other systems, users get their e-mail addresses from one source and the
Certificate from another. Consequently, situations may arise where two
different users will have two different Certificates for the same e-mail
address. Anomalies such as this cause great difficulties when using Digital
Certificates.
Does it cost anything to get a Certificate from SAFe-mail?
No. A Digital Certificate Class 1 is created for any user that asks for it and
it is free of charge.
It is also free of any installation and maintenance overhead.
It is issued on a yearly basis and will be automatically renewed each year
providing you remain an active user on the system.
Can my Certificate be issued to any other person with the same e-mail
address?
No. Once we provide a Certificate, the e-mail address is reserved on the
SAFe-mail system for at least one year. Even if you cancel your e-mail account,
no other person will be able to get this e-mail address until the Certificate has
expired. This is not the custom of other CA's.
OK, now that I have a Certificate, how can it help me?
Possessing a SAFe-mail issued Certificate will be particularly useful when you
are dealing with an organization such as a bank, health care firm or law office
that will only communicate with you by e-mail if you are capable of receiving
and sending S/MIME messages. Receiving and sending S/MIME messages requires you
to have a Digital Certificate.
Note: communication with SAFe-mail users of the Public Site,
http://www.SAFe-mail.net, or any Private Site powered by SAFe-mail, is secure
and doesn't need or use S/MIME.
It's good for organizations too!
Being compatible with Certificates is particularly attractive for
organizations, especially those that are capable of batch producing S/MIME
messages where each message is unique. Such organizations now have two-way
communication with their SAFe-mail enabled customers with complete
security free of charge. The customers who are using a SAFe-mail account will
receive such messages seamlessly in the same way as they are receiving any
other secure message and they will be able to verify the sender's identity, the
content integrity and know that it is secure.
Here are a few examples:
- Universities will be able to distribute exams results with full
confidentiality to students. Students will be able to send confidential
information to the university.
- Medical labs will be able to distribute test results with full
confidentiality to patients, doctors and hospitals. Clients will be able to
send their health related details to their doctor.
- Banks will be able to easily and economically distribute statements etc to
customers periodically or whenever needed.
Clients will be able to send personal information, money related orders etc,
to their bank.
How could such a process be activated?
- The SAFe-mail user will ask for a Certificate from SAFe-mail. This process
takes almost no time and costs nothing.
- Once having his certificate, the user will send a digitally signed message
to the organization. This is
done from the normal Compose function with one extra click on the "Sign
this message" check-box. The user's Certificate will automatically be attached
to this signed message as indeed it will be with any other signed message.
- The organization receives the user's e-mail address plus the user's
Certificate and will be able to start secure communication with that customer.
As this request message is signed by the user the organization can trust the
authenticity and originality of the request.
Are there any other features that come with PKI compatibility which benefit
organizations?
Yes, there are two?
- Organizations can upgrade certificates: Organizations can have their own ability
to authenticate users' Certificates for their customers using a back office
facility supplied by SAFe-mail.
- Read
receipt: A back office will also enable organizations to verify when and if
customers have read their messages.
A back office from SAFe-mail will be supplied on a chargeable basis.
Digital Certificates are now available to all SAFe-mail users. To get yours,
login into you account and click on the PKI link to get it. If you do not have
an account yet, you are invited to register.