Content Chapters
Appendix: Definitions
- Account Provisioning Process
- Application Host
- Asymmetric Key Encryption
- Combined Application Database Host
- DynamicKey™ Encryption
- Dynamic Row Secrets
- Distinguished Encoding Rules
- Email Database Host
- Key Signing Authority
- Key Signing Certificate
- Key Signing Key
- Key Signing Request
- Mail Retrieval Process
- Mail Storage Process
- Message Digest
- Paired Key Store
- Privacy Enhanced Mail
- Private Decryption Key
- Public Encryption Key
- RSAEncryption Algorithm
- Symmetric Key Encryption
- User Key Secret
The MyMail Secure Email Solution (cont'd)
Appendix: Definitions
Account Provisioning Process (APP)
Outlines the steps involved when a new account is created.
Application Host (AH)
Servers that provide one or more of the services, HTTPS Webmail, POP3-SSL, SMTP-SSL and SMTP.
Asymmetric Key Encryption
Asymmetric Key Encryption(also known as "public key encryption”) is defined as that form of encryption where a minimum of two unique keys (a “public key” and a “private key” pair) are used to encrypt and decrypt a message. When two sets of “public” and “private” keys are used (where one set of keys belongs to the message sender and the other set of keys belongs to the message recipient) a message can be encrypted then decrypted, and the identities of the sender and recipient can be established.
That is, using asymmetric key encryption not only secures the message but ensures the identities of the sender and recipient by using the senders private key to encrypt the message and then taking that encrypted message and encrypting it again using the recipient’s public key, which ensures that only the recipient can open the message by using his private key and then using the sender’s public key to confirm that the message was in fact sent by the sender.
Combined Application Database Host (CADH)
Servers configured to perform both Database Host and Application Host functions.
DynamicKey™ Encryption
DynamicKey™ Encryption is a method of dynamically generating a single use symmetric key for each message and encrypting those keys with a set of unique dynamic asymmetric keys that only a message sender’s credentials can send and only the message recipient credentials can open. DynamicKey Encryption was developed by MyMail’s SES using its patented and patent pending technologies.
Dynamic Row Secrets (DRS)
A Server function that encrypts/decrypts the contents of one or more fields in a database row. Each row has its own unique DRS, which are encrypted using the Public Encryption Key (PEK) and decrypted using the Private Decryption Key (PDK), defined below.
Distinguished Encoding Rules (DER)
A method for encoding a data object to be digitally signed or to have its signature verified. The output of which is referred to as DER format.
Email Database Host (EDH)
Servers that store email messages.
Key Signing Authority (KSA)
Servers that generate a Private Decryption Key (PDK) for each subscriber using a Key Signing Key (KSK) and Key Signing Certificate (KSC).
Key Signing Certificate (KSC)
The Key Signing Authority’s (KSA) master certificate. The KSC is derived from the KSK and describes the mail provider.
Key Signing Key (KSK)
The KSA’s master key. This key is not used for encryption but to sign other keys.
Key Signing Request (KSR)
A request generated by the Paired Key Store (PKS) at time of key pair creation, it is passed to the Key Signing Authority (KSA) to request a signed Private Decryption Key (PDK).
Mail Retrieval Process (MRP)
Outlines the steps involved to properly decrypt, and display a message.
Mail Storage Process (MSP)
Outlines the steps involved to properly process, encrypt, and store a message.
Message Digest
Message Digest is a method by which a message, such as an email message, is passed through an algorithm to generate a unique sequence of characters (usually around 128 of them). This unique sequence of characters is analogous to a "fingerprint" in that only the message used to generate it can reproduce it. Thus, a Message Digest is one way of verifying that a message sent has not been altered before it was received. This verification is accomplished by comparing the Message Digest of the message received with the Message Digest of the message sent. If the two Message Digests match, then the message is unaltered and therefore valid.
Paired Key Store (PKS)
Servers that store and manage access to each subscriber’s Public Encryption Key (PEK) and Private Decryption Key (PDK) pairs. When new e-mail messages arrive and/or when a subscriber initiates a request to read or retrieve their e-mail, an Application Host (AH) requests the appropriate subscriber’s key for encrypting or decrypting the messages.
Privacy Enhanced Mail (PEM)
A base64 encoding of the DER format.
Private Decryption Key (PDK)
The “private key” of the Asymmetric key pair. It is generated automatically for each subscriber and is used to decrypt Dynamic Row Secrets (DSR). The PDK is a 2048-bit RSA style private key, which itself is encrypted using the subscriber’s User Key Secret (UKS). The PDK is stored in a Paired Key Store (PKS) and there is one PDK generated for each subscriber. Thus each subscriber has one PEK and one PDK pair, which makeup the asymmetrical key pair.
Public Encryption Key (PEK)
The “public key” of the Asymmetric key pair, generated automatically for each subscriber. It is used to encrypt Dynamic Row Secrets (DRS). The PEK is a 2048-bit RSA style public key, which is stored in a Paired Key Store (PKS). There is one PEK generated for each subscriber.
RSA Encryption Algorithm
A public-key encryption algorithm developed by Ron Rivest, Adi Shamir and Leonard Adleman while at the Massachusetts Institute of Technology. It was the first algorithm developed that was suitable for both signing and encrypting messages. RSA was one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocols and is very secure when used in dynamic implementations such as MyMail’s SES’s DynamicKey environment.
Symmetric Key Encryption
Symmetric Key Encryption is defined as the form of encryption where the "secret" key used to encrypt a message into "CypherText" (gibberish) is also used to decrypt (restore) the message back to its original form. Symmetric key encryption significantly reduces eavesdropping, makes message modification nearly impossible, and given the right key it is extremely difficult thwart.
The problem with symmetric key encryption is that both the sender and recipient share the same secret key, which means that they have had to meet privately in order to share the secret key with one another. Because of this, symmetric key encryption is often not practical for an initial key exchange as the sender and recipient may be thousands of miles from one other. In general, symmetric key encryption is more secure than asymmetric key encryption (discussed below), but lacks the practicality of the initial key exchange mechanism provided by asymmetric key encryption.
User Key Secret (UKS)
A key that is generated from the user’s password. It encrypts the user’s PDK and is the most important secret.
Copyright © 2008. All Rights Reserved.
Terms of Service · Privacy Policy · Resellers Program