Home>Retrieving public key for sending encrypted email automatically for FREE

Retrieving public key for sending encrypted email automatically for FREECall Mail API for free to encrypt all outgoing email automatically.

1.The clear text notification emails cause many security issues

At present, various types of business management systems, such as e-government, public service industry, enterprises and institutions have already built the system to generate and send the notifications by emails to the end users which is easy for access. There are various types of the notifications, including e-government notifications, bank statements, water, electricity, gas bill statements, phone bill statements, insurance statement, tax certification, traffic fine notifications, any types of renewal notifications, etc.

However, these important emails containing many kinds of private and confidential information are all clear text messages, which are sent to the user's mailbox and stored in the user's cloud mail server both in clear text. It cannot guarantee the private and confidential information in the emails are secure in email transit, rest in the email servers and even processing the email when receiving it. Therefore, the confidential information are very easy to be stolen and be tampered illegally, which leads to the leakage of the user's personal private information and the company's business confidential information, and even leads to the loss of personal property and endangers their lives.

At the same time, due to the email sender's name and email address can be forged, this has already caused the proliferation of counterfeit emails from various counterfeit banks, telecommunications, governments and other institutions. Lots of users lost their property and reputation because they cannot recognize these fraud emails. This has become an incurable disease in email security.

2.MeSign solution – open the CerDB to public for free

MeSign Technologies is committed to achieve the application of fully automatic email encryption, and MeSign App make it possible to send encrypted emails automatically. However, in the global internet, there are billions emails automatically sent by various business systems in clear text every day, this is a very insecure traffic. In order to ensure the security of these emails contains lots of confidential information sent by business management system, MeSign Technology decided to open the MeSign CerDB to global users for free, as shown in following diagram on the left.

Government agencies, public service agencies, financial institutions, and enterprises have many systems for management, these systems can call Mail API to retrieve the public keys of all email users for free, helping the business system to automatically send encrypted email to all recipients. This ensures the confidential information in the emails sent by the business system are kept safe, and the user’s personal private information and the business confidential information are effectively be protected.

The reason why MeSign App can realize fully automatic email encryption without exchanging the public key of the encrypting certificate manually by users in advance is that MeSign has built a public key database called CerDB for all email users. MeSign App collects the public keys of the users automatically when anyone send the encrypted emails from MeSign App, which will be added to MeSign CerDB, for MeSign App to retrieve it automatically. The user has automatically obtained the public key of the recipient's encrypting certificate when writing the message using the MeSign App, so that the user does not need to worry about the cumbersome process of exchanging the public key, or whether the recipient has the encrypting certificate in hand or not. MeSign makes sending encrypted email automatically as easy as sending a clear text email.

As shown in screenshot on the above right, when using the MeSign App to write an email, after entering the recipient's email address, once the mouse leaves the recipient's address bar, and then clicking on this email address will pop up a message showing the recipient certificate information, including the user's identity validation information, and the public keys of encrypting certificate and signing certificate. In other words, as long as the user enters the email address and the mouse leaves the address bar, the MeSign App will automatically call the Mail API to retrieve the recipient's public key of the encrypting certificate. Then click "View Certificate" to display a list of all encrypting certificate public keys of this user.

We open MeSign CerDB to the public for free makes various types of business systems to send encrypted emails automatically, instead of sending clear text emails to their users. Once the business system calls the Mail API to retrieve the recipient's public key, the MeSign CerDB system will automatically determine whether it need to automatically send a notification email to this recipient to inform him/her to download MeSign App to decrypt the encrypted emails. Therefore, the organizations do not need to worry whether the recipient has the public key and whether they can decrypt the encrypted message or not. Of course, it is recommended that organizations can inform all their users before enabling to auto-send the encrypted emails, so that their users will know why you start to implement the security mechanism for sending encrypted emails and how to decrypt the encrypted emails after receiving it. Please note that encrypting the email that have private information is one of the requested technical measures from the GDPR.

3.Solution for bank system

Currently, all banks in the world are sending cleartext emails contains highly confidential information to their users, such as bank statements and bank notifications, which is very insecure. It is strongly recommended that all banks around the world take immediate action to upgrade the email sending system to send encrypted email automatically. The transformation process is very simple. Just add a technical process to call the MeSign Mail API to get the public keys of the recipients before sending emails, then it is very easy to send encrypting emails with S/MIME standard.

In banking industry, after obtaining the public key of their user’s encrypting certificate, the banks can not only start to send the credit card bills or bank statements to their customers by encrypted emails to protect the confidential information and bank account security of their clients, but also can use it to encrypt the bills in PDF file with the bank's digital signature information to ensure the credibility of the PDF bill and the security of the confidential information on the bill.

Banks and financial institutions can also make full use of the upgraded email encryption system to send the verification code in encrypted email to their customers, replacing the unsafe SMS verification code. It is because the method of using SMS verification code is not secure, which makes the information in the SMS easy to be stolen on air, makes the phone installed malicious software easy to steal the SMS message, that make the money loss illegally. The US National Institute of Standards and Technology (NIST) clearly point out this threat in SP 800-63B "Digital Identity Guidelines - Authentication and Lifecycle Management", "A malicious app on the endpoint reads an out-of-band secret sent via SMS and the attacker uses the secret to authenticate.", and this SP plan to make special restrict to use the SMS to send the verification code in the future. For example, if you need to send the verification code to the customer for online banking payment, you can send this verification code in an encrypted email, which is not only safe and reliable, but also saves the cost of sending SMS. Sending verification codes to customers by encrypted emails not only saves the SMS cost and enhance the security, but also completely solves the issue that users cannot receive text messages if the account bind mobile phone number is no longer used.

In addition, banks and financial institutions can also make full use of the upgraded email encryption system to send encrypted email for customer service. Users only need to send an encrypted email to the designated customer service email address, after that the customer service team can provide service for customers with encrypted emails. This innovative service method is secure and efficient, and can reduce the cost of customer service (high cost of telephone calls for customer service), but also solves the issues that the telephone-base customer service cannot allow users to upload screenshots or product pictures. The email sent by the user is digitally signed, encrypted, and timestamped, it can not only prove the true identity of the user and protect the privacy of the user, but also it can ensure that the evidence or commitment provided by the user has legal effect. The e-signature laws from different countries regulate that the digital signature has the same legal effect to the handwritten signatures. In fact, sending digital signed emails to users is an effective way to prevent counterfeit and fraudulent emails. A German bank has adopted email digital signing technology as early as 2006. Up to now, sending digital signing and encrypted emails to users is the most secure and efficient way for customer communications.

4.In Summary

MeSign Technology freely opens the public key database (CerDB) to global users, which can effectively solve the various security issues that arise when sending clear text emails from management system around the world. We strongly recommend that all business systems can change the clear text emails sending into sending encrypted emails, which not only protects the privacy and confidential information of users, but also protects the valuable user resources of all organizations.

And in order to prevent fake emails to damage the brands’ reputation or to harm their users, we strongly recommend that each service provider must digitally signing the emails to their users, which is convenient for MeSign App or other email clients that support S/MIME standards to display the true identity information of the sender to prevent the users from being deceived. MeSign will provide a V4 signing certificate for users who apply for MeSign Mail API service for sending digitally signed emails for free. If you have request to digitally sign the PDF bills, you need to purchase E-sign API to automatically implement digital signature and encryption of your billing files. Please refer to “Deploy MeSign e-Signature System to achieve document e-signature automatically” to learn more details.

The MeSign Email API is open to other email client software developers for free as well, so that their users can send encrypted emails without exchanging the public keys. MeSign hope all email software developers can work together to promote the automatic email encryption service and protect the email confidential information of all email users around the world.

The MeSign Email API is open to the public for free. Welcome to contact us. After completing identity validation within one working day, you can integrate the MeSign Email API into your management system to send encrypted emails automatically and to protect your users’ confidential information automatically.