Secure messaging explained

Secure messaging is a server-based approach to protect sensitive data when sent beyond the corporate borders, and it provides compliance with industry regulations such as HIPAA, GLBA and SOX. Advantages over classical secure e-mail are that confidential and authenticated exchanges can be started immediately by any internet user worldwide since there is no requirement to install any software nor to obtain or to distribute cryptographic keys beforehand. Secure messages provide non-repudiation as the recipients (similar to online banking) are personally identified and transactions are logged by the secure email platform.[1]

Functionality

Secure messaging works as an online messaging service. Firstly, users enroll in a secure messaging platform. Then, the user logs into their account by typing in their username and password (or strong authentication) similar to a web-based email account. Out of a message center, the messages can be sent over a secure SSL-connection or via other equally protecting methods to any recipient. If the recipient is contacted for the first time, a message unlock code (see below MUC) is needed to authenticate the recipient. Alternatively, secure messaging can be used out of any standard email program without installing software.[2]

Secure delivery

Secure messaging possesses different types of delivery: secured web interface, S/MIME or PGP encrypted communication or TLS secured connections to email domains, or individual email clients. One single secure message can be sent to different recipients with different types of secure delivery that the sender does not have to worry about.

Trust management

Secure messaging relies on a web of trust. This method synthesizes the authentication approach of web of trust, known from PGP, with the advantages of hierarchical structures, known from centralized PKI systems.[3] Those combined with certificates provide a high quality of electronic identities. This approach focuses on the user and allows for immediate and personal bootstrapping of trust, respectively revocation.

Physical security

In a traditional client-server email, message data is downloaded to a local hard drive, and it is vulnerable if the computer is lost, stolen, or physically accessed by an unauthorized person. Secure messages are stored on a network or internet server which are typically more physically secure, and they are encrypted when data is inbound or outbound. However, an abundance of data still makes the server an attractive target for remote attacks. Methods that can be taken to protect physical security include ensuring environmental safety and hardware safety.[4] Of course, the intentions of the server operator may also come into question.

Application

Secure messaging is used in many business areas with company-wide and sensitive data exchanges. Financial institutions, insurance companies, public services, health organizations, and service providers rely on the protection from secure messaging. Secure messaging can be easily integrated into corporate email infrastructures.[5] According to Wolcott et al., secure messaging offers potential improvements in patient-provider relationships and outcomes.[6]

In the government context, secure messaging can offer electronic registered mail functions. For this to be binding, some countries, such as Switzerland,[7] require it to be accredited as a secure platform.

Technical requirements

There is no software required for using Secure messaging. Users only need a valid email address and a working internet connection with an up-to-date web browser.

User impact

With its use in business areas and one-on-one interaction secure messaging for recipients also includes their desire to share information with another party and negotiating the different rules across state borders. Even with the private misuse of some information data, some recipients continue to use the service. This may be referred to as a privacy paradox, where convenience of usage in apps such as secure messaging may be more important than the privacy concern in information systems.[8]

Similar technologies

History

See also

Notes and References

  1. Web site: MENAFN. Secure Messaging in Healthcare Market Innovations, Trends, Technology And Applications Market Report To 2020-2025. 2020-10-23. menafn.com.
  2. Web site: Outlook Add-in Secure Messaging. 2020-11-12. help.secure-messaging.com.
  3. Web site: 29 August 2023. secure-messaging..
  4. Web site: Beefing Up Your Physical Security Secure Messaging with Microsoft Exchange Server 2000. 2021-04-20. flylib.com.
  5. Gruber. Tom. Enterprise Collaboration Management with Intraspect. Intraspect Technical White Paper.
  6. Wolcott. Vickee. Agarwal. Ritu. Nelson. D. Alan. 2017-04-06. Is Provider Secure Messaging Associated With Patient Messaging Behavior? Evidence From the US Army. Journal of Medical Internet Research. 19. 4. e103. 10.2196/jmir.6804. 28385681. 5399218. 1438-8871. free.
  7. Web site: FSUIT - Electronic delivery platforms . www.isb.admin.ch . dead . https://web.archive.org/web/20110706221208/http://www.isb.admin.ch/themen/sicherheit/00530/01200/index.html?lang=en . 2011-07-06.
  8. Bélanger . France . Crossler . Robert E. . Privacy in the Digital Age: A Review of Information Privacy Research in Information Systems . MIS Quarterly . 2011 . 35 . 4 . 1017–41 . 10.2307/41409971 . 41409971 . 10919/81984 . free .