Technology and Cloud-Based SaaS Overview

Secure Messaging Platform

Secure the line, not just the message. The Secure Messaging Platform takes email encryption and protected information exchange to a new level by giving professional services organizations ownership of a secure communication path from sender to recipient through their own, fully branded Secure Messaging Platform. Every message is secure, tracked and auditable which allows a User to prove who read their email and what they did with it.

The Secure Messaging Platform is a solution for organizations to gain control of information sent over email without adopting a whole new system of communication. It acts like a ‘gated email community’ available only to ‘Users’ who have been invited and completed the registration process.

Using the Secure Messaging Platform doesn’t mean replacing any technology or applications that are currently in place including email addresses and /or basic email programs. The Secure Messaging Platform acts as a secure message gateway by adding a more reliable protocol that sits on top of existing email infrastructure and introduces security, tracking, controls, large file transfers, and automated delivery features for secure messages – alongside basic email.

1. On ‘SEND’, the email program such as MS Outlook® configured with the MS Outlook® Toolbar intercepts the command and re-routes the message via HTTPS securely instead of sending the encrypted message via SMTP. At this stage, the transmission is encrypted. Once transferred securely to Secure Messaging Platform, the message content and attachments are encrypted ‘at rest’.
2. Recipients receive a message notification alerting them of a new secure message directly in their existing inbox. If the receiving Users are already enabled with the Toolbar using their email program (such as MS Outlook®), the process is seamless: the Toolbar recognizes the notification message and instantly sends a command to the Secure Messaging Platform to authenticate the User and decrypts the message and attachments. This data is then instantly transferred along with the secure message, using the same encrypted HTTPS route and the message is rendered inside the existing inbox.
3. For email programs that do not include a Secure Messaging Platform Toolbar or plug-in, a convenient link is provided within the notification message in the User’s existing inbox to access the web-enabled Secure Message Center that also supports mobile access where a secure message can be read and replied to. Users using the Chrome browser can install the Chrome Plug-in and view secure messages directly in Outlook® Web Access (OWA), Gmail, or any other webmail interfaces within the same familiar interface.

Most other encrypted email products work by encrypting the message being sent using local certificates and public/private key pairs. Aside from the impractical problems associated with setting up and maintaining these other encryption products – particularly for users outside the organization, the more critical issue is that once those secure messages leave the organization’s mail server, they are sent over an unsecured and unreliable SMTP network without any tracking or audit capabilities. Copies of email messages can be left on servers that neither the organization nor the recipients control. The messages can also easily get lost in cyberspace and never make it to their final destination.

The Secure Messaging Platform utilizes a closed-loop of secure and redundant servers for all secure communication and manages all secure messaging functions including message transport, encrypted database storage, archiving and tracking. When a User sends a secure message, a direct and secure connection is established between the sender’s email program (e.g. MS Outlook®) and the Secure Messaging Platform server. When a notification message is received, the sending or receiving User uses their existing email programs (such as. MS Outlook®, web & mobile enabled Secure Message Center, Blackberry) to directly and securely connect to the Secure Messaging Platform to decrypt and read the secure message, attachments and associated metadata contained in the patented ‘Delivery Slip’. Information exchanged securely can only be accessed by authenticated Users (email address and password, or more is required upon registration). Confidential information in secure messages can only be viewed by the Users that they are intended for.

Secure messages are stored decrypted by the local email program (such as MS Outlook®) into the traditional email server repository (e.g. MS Exchange®, Office 365®, Zimbra®) as with any other basic email messages. This means that all organizational data is stored behind the organization’s firewall and any existing archiving, indexing and e-discovery systems continue to work with secure messages, unlike with other email encryption products. Having a single, secure message repository enables the organization to facilitate email compliance standards. If at any point a User stops using the Secure Messaging Platform and uninstalls the MS Outlook® Toolbar, these decrypted secure messages will behave as any other basic email message, without the added functionality of the Secure Messaging Platform (e.g. Delivery Slip with tracking metadata, etc.). Organizational data is never lost.

Secure messages are stored encrypted using the patented Interchangeable Cryptographic Engine using AES 256-bit encryption for data-at-rest storage on the organization’s own branded Secure Messaging Platform – instead of over the internet on unprotected, public SMTP servers, such as with basic email (even if emails are encrypted). AES 256-bit is the only publicly available cipher certified for official government documents classified as ‘Top Secret’. It eliminates cross-contamination of data with our multi-tenant SaaS offering and ensures that the organization’s data is not tampered with or edited over time, and is automatically archived indefinitely.