Official document encrypted exchange and encrypted delivery solutionencrypted for exchange to ensure that the entire exchange process will not be leaked.Encrypted for delivery and digital signature confirmation to ensure the security and legal effect.

1. The risks of leakage in the official document exchange system and the official document delivery system

The official documents distributing is a work method that governments and large enterprises and institutions rely on for a long time. Traditional official document exchange methods mainly use postal and direct delivery methods to deliver, but they are slow and high cost, etc., so many government agencies and large enterprises and institutions have adopted an electronic official document exchange systems and delivery systems to realize the electronic and instant delivery of official documents, thus greatly Improve office efficiency.

However, the current electronic official document exchange system generally has the security risks of the leakage of confidential information, and the following problems are common:

1. First, the issue of transmission security. Many official document exchange systems do not enable https transmission encryption. Whether users use a browser to access the exchange system or use a dedicated client software to communicate with the file exchange server, they are all transmitted in cleartext, and the confidential documents are all leaked on the Internet channel. Even if some systems use the intranet, but they do not use https to encrypt the connection, they may be illegally accessed by packet interception software during the exchange and transmission and be intercepted and leaked.
2. Second, the file security issue. The files to be exchanged are not encrypted when the files are sent out and transmitted in the above http cleartext network is easy to be illegally stolen and illegally tampered with. Even more terrifying, some are transmitted and stored in the cloud (private cloud or public cloud) via the Internet. How to protect this confidential information is a problem that users cannot control.
3. Third, the investment and maintenance of self-built systems: government agencies or large enterprises invest in building their own official document exchange and delivery systems. Like other management information systems, there are issues like large investments, long construction periods, difficult user training, and high operating costs, difficulty in upgrading and maintenance. In addition, the exchange system under construction also has the transmission security issues and file security issues.
4. Fourth, the security issues of the exchange and delivery system based on the email system. Some organization official document exchange and delivery are realized based on the mail system, which is indeed low investment and can basically meet basic needs. However, these official documents are sent by clear text email, and many email servers do not use https encrypted transmission to ensure the security of the email account password. Once the cleartext account password is stolen, the stealer can receive all the email content, and there is no security or confidentiality. That said, not to mention that the content of the email itself is transmitted in cleartext and stored in cleartext on the mail server.
5. Fifth, the issue of the legal effect of the publication and acceptance of official documents. Most published official documents do not have digital signatures, and the true identity of the official document publisher cannot be guaranteed. If it is only a scanned copy of the paper official document, it is very easy to be counterfeit and fraudulent. At the same time, the recipient of the official document does not have a digital signature to prove that it has been received, so that the recipient can deny non-personal behavior. These are common problems in the current system that need to be resolved.

How to build and adopt a secure and reliable electronic official document exchange and delivery system with low investment, fast implementation, no training, and unlimited use of internal and external networks is indeed a technical and management problem for users. We believe that a system that does not solve the above five problems is not a good system. When choosing self-construction or upgrading, users must carefully evaluate the above security risks and choose the appropriate technical solution.

2. MeSign official document encrypted exchange and encrypted delivery solution

The core technology of MeSign Technology is to provide automatic email encryption and digital signature solutions. We provide solutions for the exchange and delivery of electronic official documents based on encrypted email. It only needs to be based on the mature and widely used encrypted email client-MeSign App, some customized transformations can be made according to the user's special needs to meet the user's official document exchange application needs, without having to waste time, HR resource and money to re-develop a dedicated official document exchange and delivery system, without additional equipment and server investment , just use the existing email service (whether it is a self-built mail server or cloud email service). We call it a solution for encrypted exchange and encrypted delivery of official documents, which are as follows:

1. (1) On the basis of the encrypted email client software-MeSign App, custom-developed according to the user's official document exchange and delivery needs, it is still based on the email system to process the exchange of official documents, because the exchange and delivery process of official documents is same as the email sending and receiving process. The entire document exchange and delivery process uses encrypted email to realize the entire end-to-end encrypted circulation, which completely solves the above-mentioned transmission security problem.
2. (2) The issued official documents are not stored in the server in cleartext, but are stored in encrypted email (ciphertext), which completely solves the above-mentioned information security problem.
3. (3) Users do not need to invest in a dedicated official document exchange and delivery system server, but only need to use the existing mail server or use the existing cloud email service, which greatly saves system investment and greatly accelerates the speed of project startup and deployment. At the same time, personnel do not need additional training, because everyone can send and receive emails. Of course, there is no additional system maintenance work and expense. This solves the above-mentioned investment and maintenance problems.
4. (4) For the self-built mail server, if no SSL certificate is deployed, we will give away a publicly trusted SSL certificate for free to protect the user’s email account password, and to protect the user’s web login email security and MeSign App login email password security. This solves the basic security problem of the above-mentioned mail server.
5. (5) We use Adobe trusted PDF signing certificate for digital signatures with timestamp when official documents are issued, to confirm the authenticity of the official document issuer and the issued documents global trusted and have legal effect. If there is no digital signature, the authenticity of the publisher of the official document cannot be proved, and the authenticity of the official document cannot be guaranteed. At the same time, the use of a trusted time stamp can also effectively prove the trusted release time of the official document, which is also unforgeable. After the official document is delivered, the recipient also has a digital signature and timestamp, which ensures that the document has been securely delivered and the recipient has received it, the receiving behavior is non-repudiation, and the receiving time is trusted and unforgeable. This completely solves the legal effect of the above-mentioned act of publishing and receiving official documents.
6. (6) When publishing official documents, users can also choose whether they need to encrypt official documents with certificates to achieve class-based reading control of official documents. After receiving the encrypted official documents, only those who have the right to read can decrypt and read the encrypted official documents. Even if the official document is leaked, it cannot be decrypted by any unauthorized person.
7. (7) Not only supports Android and iOS mobile device, but also supports PC (Windows/MacOS/Linux), so that users can receive official documents in time, whether they are using computers in the office or using mobile phones outside and can seamlessly decrypt and read the received official document.

MeSign document exchange and delivery system with automatic encryption and digital signature is an electronic document exchange system and electronic document delivery system based on encrypted email, because the process of sending and receiving emails is exactly the same as sending and receiving official documents. And we have completely solved the problem of automatic encryption of emails, that is, solved the problem of automatic encryption of official document exchange and delivery, making the exchange and delivery of official documents no longer just a convenient but more secure digital office application. At the same time, we use digital signatures to publish official documents to meet the compliance requirements of the related electronic signature laws. Feel free to contact us for more details.