Home>MeSign Email Digital Signature Service

MeSign Email Digital Signature ServiceLet every email have an identity to eliminate email fraud completely!

1. Email fraud is a persistent security problem

Due to "defect" in the design of the email system, the email sender’s name and email address can be forged or can be written arbitrarily, which leads to the flooding of a large number of spoofing emails, and makes all types of fraud and phishing emails be disguised as real-identity emails. These emails have made users impossible to defend them effectively and many users have been impacted negatively in various ways. Different types of the “Email Gate” incidents happen frequently, resulting in the loss of property, reputation and even endangering the society security. Email fraud has become one of the major public security issues of the global Internet, but there has been no good solution for this.

As shown in the figure below, this left screenshot is a fake HSBC Bank email, the sender email address is a correct HSBC Bank domain. The right screenshot is a fake Bank of America email, and the sender email address is also a correct domain. Therefore, normally most of users cannot recognize that this is a spoofing email. The URL of the bank website displayed in the email is correct as well, but once the user clicks the link in that email, the user will be redirected to the website of the counterfeit bank. Of course, the website of the counterfeit bank looks same to the website of the real bank, and another way to recognize the website of the counterfeit bank is to check the URL of the website and to find whether the website deployed an SSL certificate. However, some counterfeit websites have SSL certificates as well, and some browsers display the counterfeit websites are secure, which is very dangerous.

2. MeSign Solution

The problem of fraudulent emails had harmed many email users worldwide, and it is continuing every day. This Internet security hazard must be resolved as soon as possible! In fact, this problem can be completely solved by digital signature technology. It is to use S/MIME standard to digitally sign each email with an email certificate, so that each email is accompanied by a digital ID, which not only guarantees the content of the email will not be tampered with illegally, and it can ensure that the email address of the sender cannot be forged, and can clearly display the authentic identity information of the email sender, so that the user can identify whether it is a fake identity email at a glance, thereby completely solving counterfeiting email fraud problem.

But why has such a good technology not been widely used to solve the problem of email fraud? Because the threshold for using S/MIME technology is too high, not only the user's email client software is required to support S/MIME standards, but also the user is required to apply for a S/MIME email certificate from a CA, and the user is required to install the email certificate to all devices, and the email certificate can be configured correctly, and know how to send digitally signed email. That is to say, to realize the use of email digital signature technology to solve the problem of email fraud is definitely a time-consuming, laborious and costly hard work that ordinary users cannot complete.

MeSign R&D team start to research on how to make S/MIME signature and encryption easy to be used as early as 2015. In order to ensure that users can send signature emails just like sending cleartext emails, but also to facilitate users to use any device to send signature emails anytime, anywhere, without having to spend time and effort to apply for email certificates or import already-applied email certificates. The problem of automatic certificate application and automatic configuration must be solved.

MeSign’s solution is to split the one S/MIME email certificate into two certificates (one signing certificate and one encrypting certificate). The encrypting certificate private key is generated, securely encrypted, and hosted in MeSign Cryptography Infrastructure (MCI). After the user has been validated the email account, the encrypting certificate key can be auto-retrieved from the cloud MCI and used for decrypting the emails automatically, so that the user does not need to applying for the certificate and importing the certificate manually, which perfectly realize the email encryption and decryption automatically. The signing certificate has the user's identity information, so the user's signing behavior has legal effect. Therefore, the signing certificate key is generated on user’s local device and securely stores the key on the local device only. This is why the serial numbers of the user’s signing certificates from the different devices are different.

MeSign Technology splits a traditional email certificate into two certificates and adopts different key management methods according to the two different key usage of signature and encryption, which perfectly solves the ease of use of the S/MIME email encryption. At the same time, it inherits the characteristics of non-counterfeiting, non-forgery and non-repudiation of S/MIME email signatures, which makes S/MIME email signature technology truly seamless and can be used without any cryptography knowledge. Users do not need to care about how to apply for an email certificate and how to use the certificate, just write the email as usual and click send that it will be automatically sent as a signature email, automatically bind a digital identity to each email, and effectively solve the problem of email fraud.

MeSign Technology has finally overcome all the difficulties of email signature and email encryption taking for more than 4 years. We have built a secure and reliable cryptography infrastructure, and we share these facilities with all MeSign users worldwide, so that everyone can implement S/MIME email signature and encryption, meet all compliance requirements and solve the problem of email fraud without investing on these expensive facilities.

As shown on the below figure, MeSign Cryptographic Infrastructure consists of seven service systems: MeSign Certificate Authority (MCA), MeSign vCryptographic Key Management System (MKM), MeSign Encrypting Certificate Public Key Database (CerDB), MeSign Certificate Revocation Status System (MCRS), MeSign Identity Validation System (MVS), MeSign Timestamp Service System (MTS), MeSign e-Signing Service System (MSSS). These service systems in cloud work together with MeSign APP (email client APP) to constitute the "Cloud" and the "Client" collaboration system to provide the secure and reliable email encryption service, email signature service and e-document signature service automatically for worldwide users. In other words, MeSign APP is not a traditional independent email client software or an e-signature tool software, it is a user-oriented service agent which not only let users handle their own data locally to protect privacy, but also let users utilize the powerful cloud service for automatic email encryption, automatic email signature, automatic document e-signing and automatic Contract E-signature.

In other words, the reason why MeSign APP can fully automate email signature is that MeSign completely solve the cumbersome certificate application and usage issues. It makes users can obtain signing certificate for sending signature emails anytime, anywhere on any device. MeSign Technology completely make the S/MIME email signature and email encryption simple and easy, so that users can use MeSign APP to send encrypting emails and signing emails easily. MeSign APP has already been implemented successfully in 163 countries and regions around the world. MeSign Technology makes every email has a digital trusted identity, to avoid email fraud completely. At the same time, displaying the authentic identity validated information of the email sender is very important for the business email communications without face-to-face communications, which can effectively enhance the online trust and promote more business cooperation.

3. Email Digital Signature Implementation

The implementation principle of the email signature technology is shown in the figure below. The sender signs the email with the private key of the signing certificate (can encrypt this email at the same time). After receiving the signed email, the receiver will use the sender’s public key of the signing certificate to verify whether the signature is valid. If the signature is valid, which can effectively prove that the user's email is not a spoofing email address, and the identity information displayed on the signature is trusted.

MeSign APP not only realizes to digitally sign each email automatically, but also realize to timestamp each outgoing email to provide trusted time proofs for the email sending event automatically. This timestamp information can be used as law evidence that the sending time of the email cannot be tampered with and non-repudiation. Just as postal mail must be postmarked, sending e-mails should also be timestamped. MeSign provides free and reliable timestamping services for MeSign APP users worldwide.

As shown in the figure below, if the HSBC Bank use their own signing certificate to sign an email to all bank users, users can easily know that the email is indeed sent by HSBC Bank (Because the MeSign APP will show the identity is trusted). It is impossible for the counterfeit bank email to get a signing certificate bound to the HSBC Bank's domain email address, so the counterfeit bank email can only be sent without digital signatures. The bank only needs to tell their users that any email without a digital signature of the bank is a spoofing email, and the user will not be deceived. Therefore, the MeSign APP makes users identify the fraud emails easily and effectively!

4. Service Details

MeSign Technology provides free email encryption service and free email digital signature service basic edition for all MeSign APP users. MeSign APP auto-configure a V1 email signing certificate for free that only validate the email address control, to provide users with a basic level of email signature service to ensure that users' email content will not be tampered with illegally and to ensure that the user's email address is not spoofed, but the authentic identity of the owner of this email address has not been validated, MeSign APP display V1 signing certificate signed email as “V1 Email Validated, Identity Not validated”, see below screenshot figure 1.

If the user wants to display the full name or organization name on the sent email after the recipients open the email to enhance online trust, the user needs to purchase the Email Signature Service Pro Edition and complete the identity validation.

After the individual user passes the identity validation, the MeSign APP will display the V2 validation icon, the sender's full name and "Identity Validated and Trusted", as shown in the figure 2 below. After the organization user passes the identity validation, the MeSign APP will display the V3 validation icon, the sender’s organization name and "Identity Validated and Trusted", as shown in the figure 3 below, but it does not display the sender’s name since MeSign only validate the identity of the organization. After the organization passes the validation, if the organization apply for the organization employee validation for its employees, the MeSign APP will display the V4 validation icon, the organization employee full name, the organization name, the job title of the employee and the "Identity Validated and Trusted" after passing the validation, as shown in the figure 4 below.

Figure 1

Figure 2

Figure 3

Figure 4

In other words, if user purchases the Email Signature Service Pro Edition, not only can the user be automatically configured V2/V3/V4 signing certificates of the corresponding validation level for free, but also the user can also automatically sign and timestamp every email with the signing certificate. Therefore, with this service the email receiver can recognize the sender's trusted identity at a glance to avoid being deceived. It is very important for business email communications without face-to-face communications before, which can effectively enhance the online trust and get more business cooperation. If all email users can correctly identify the true identity of the email sender using MeSign APP, then it is impossible for the user to be fooled after receiving the email fraud, because fake email cannot be signed by the authentic identity’s signing certificate.

MeSign Email Signature Service Pro Edition provides the following 10 services and functions:

  1. (1) Auto-configure the Email Signing Certificate (V2/V3/V4) displaying the individual name (Personal Pro Edition) or the organizational name (Business Pro Edition).
  2. (2) For individual users, there is no limit on the number of the personal email address, so every personal email can bind the validated identity and will be auto-configured a V2 signing certificate containing the personal identity information for free.
  3. (3) For organization users, there is no limit on the number of the employees, all employees can be auto-configured a V3 signing certificate contains the organization’s name for free.
  4. (4) There is no limit on the times of using the MeSign APP to send signed and timestamped email to proof the sent time of the email is trusted.
  5. (5) When the recipients receive the email, MeSign APP will display the identity information of the sender, such as name, organization’s name and job title. In addition, the MeSign APP will show the indication “Identity Validated and Trusted”.
  6. (6) The email can be encrypted and be digitally signed by MeSign APP at the same time by default.
  7. (7) Provide free public key exchange service, so that users do not need to exchange the public keys by sending the signed emails.
  8. (8) Auto-issue a new V2/V3/V4 signing certificate for every device for free once new device used MeSign APP, no device quantity limit. It is because the signing certificate is bound to the user’s devices, and the key pairs of the signing certificate is generated and stored with encryption on the user’s devices.
  9. (9) Evert time the user receives the signed email, MeSign APP will validate the signature and show the trusted identity information of the signer automatically.
  10. (10) Provide free revoking services for the signing certificate for users.

MeSign Email Signature Service Business Pro Edition is charged annually, not by the number of employees. For Personal Pro Edition, it is also charged annually, not by the number of bound email address. For organization users who have purchased the Email Signature Service Pro Edition, as long as the validation of the organization email domain name is completed, all the organizational employees will automatically be configured the V3 signing certificates for free. Each email will display the organization's name, and there is no limit on the number of employees for obtaining the V3 signing certificates.

Let take some examples, if an organization has 100 employees, each employee can use the Email Signature Service Pro for one year by sharing US$1.29 only and each employee can have a V3 signing certificate as well. If the organization has 1,000 employees, each employee can enjoy 365 days of Email Signature Service Pro and have one V3 signing certificate by sharing only US$0.129, which is cost-efficient! Welcome to purchase MeSign Email Signature Service Pro Edition.