MeSign Products and ServicesNo encryption, No email. Talk the important thing in MeSign App!

1. Preliminary understanding of MeSign email encryption products

Email is a communication tool that is inseparable from work and life, and the cleartext transmission and cleartext storage characteristics of email have made email a hardest hit area for cybercrime, leading to frequent occurrence of variouse-mail security incidents. Especially now that most enterprise email systems have been migrated to the cloud and directly use the cloud email service of the cloud service provider. How to ensure that the email content in the cloud will not be illegally used and compliance is an urgent problem that needs to be solved. Therefore, various solutions have appeared in the email security market, and users do not know how to choose.

MeSign Technology adopts PKI (Public Key Infrastructure) technology and follows the international standard S/MIME (Secure Multipurpose Internet Mail Extension Protocol), uses digital certificates to achieve email encryption and digital signature to ensure the full life cycle security of email, including transmission security and storage security. Currently commonly used email client software such as Outlook, Thunderbird and Apple Mail support S/MIME email encryption and digital signature. However, users need to apply and purchase email certificate from CA, install and configure it for use, and exchange the public key with recipients to realize email encryption. This process is very difficult and painful. This is why S/MIME encryption technology has been around for 20 years but has not yet been widely used.

MeSign Technology has developed an encrypted email client software - MeSign App, which realizes the full automation of S/MIME email encryption, allowing users to send encrypted emails as easily as sending cleartext emails. Let us compare the difference between MeSign solution and current solutions on the market. As shown in the figure below, by comparing, you can understand the advantages of our solution, it is very simple and easy to use, and the Basic Edition of the service is completely free, not only the APP is free, but the email certificate is also free, and related supporting services such as timestamping service and public key exchange service are also free!

2. Learn more about MeSign email encryption products

The core product of MeSign Technology is MeSign App, a completely free encrypted email client software, which is used for the management of encrypted email sending and receiving. Users do not need to apply and purchase email certificates from CA, and do not need to exchange the public key with recipients in advance, just send encrypted emails as easily as ordinary cleartext emails. At the same time, we provide a series of products to meet the needs of various email encryption and digital signature applications of global users. As shown in the figure below, you can implement email encryption and digital signature in four ways. Users can choose the appropriate method and product according to their personal needs or business needs.

2.1 MeSign App

MeSign App, a free encrypted email client software, is used for email sending, receiving and management like other email client software such as Outlook, Thunderbird and Apple Mail. But the difference is: MeSign App is an encrypted email client, which automatically configures email certificates for free, automatically encrypts every outgoing email by default, and automatically decrypts the encrypted emails. Users do not need to apply for an email certificate from CA, and do not need to exchange the public key with the recipients in advance, just writes the email and clicks to send, it is encrypted. Please browse the detailed introduction.

After you log into your email account in MeSign App, MeSign App automatically configures the V1 Signing Certificate and Encrypting Certificate that only validate the control of email address. These email certificates are only trusted by MeSign and can be used for email encryption and digital signature between MeSign App users. This is the Basic Edition service, and it is completely free. If you use MeSign App to send a signed email to other email client users, other email clients will display similar prompts such as "The digital signature isn’t valid or isn’t trusted." This is because the root CA certificate that issued the MeSign Email certificate is not trusted by these email clients.

If you want other email clients to also correctly display the digital signature of the signed email sent by MeSign App, you need to buy the Plus Edition service. You only need to complete the purchase and payment. MeSign App is responsible for completing the publicly trusted Vp Email Certificate application, installation and configuration for use. MeSign App will set the Vp mail certificate as the default signing certificate and default encryption certificate. When the user uses MeSign APP to send signed mail, other mail clients will display "This digital signature is trusted".

The V1 Email Certificate automatically configured by MeSign App only validates the email address and does not include user identity information in subject. If user wants to include user’s identity information in certificate subject and display the user’s identity information in MeSign App so that the recipient can confirm the authentic identity of the sender, then user can buy the Pro Edition service. After the user completes the identity validation, MeSign App will automatically configure the V2/V3/V4 Signing Certificate that contains the user’s identity information, and MeSign App will display the authentic identity information to let the recipient to be sure of the sender’s identity, so as to prevent email fraud and enhance online trust. At the same time, it automatically configures one publicly trusted Vp Email Certificate for individual users, and automatically configures 10 publicly trusted Vp Email Certificates and 10 V4 Signing Certificates showing employee names and title for organization users. Please learn more about the Email Signature Service Pro edition and learn more the Trusted Identity Validation service.

MeSign Technology innovatively provides email timestamping service for MeSign App users worldwide. Every digitally signed email sent out is countersigned with the timestamp signature conforming to the international standard RFC3161 to solve the problem of the current email sent time is an untrusted time, which can be used in various application scenarios that need to prove the email sent time. MeSign timestamp service not only provides free email timestamp service for MeSign App users, but also provides PDF document digital signature timestamp service for MeSign document digital signature service users, which is trusted by Adobe worldwide.

2.2 MeSign Enterprise Key Management System

The core reason why MeSign App can achieve fully automatic email encryption is to completely solve the problem of encryption key management. MeSign have built a Key Management System, provide free key management services for MeSign App users, and facilitate users to use MeSign App in any device to obtain the encryption key to decrypt the encrypted email at anytime, anywhere. And built a public key database system, so that MeSign App can automatically obtain the recipient's encrypting certificate public key when the user writes an email, completely realize the automatic sending of encrypted emails, without the need to exchange the encryption certificate public key with the recipient in advance.

MeSign App user’s encryption key is encrypted and stored in the MeSign Key Management System, which adopts FIPS 140-2 Level 3 HSM equipment that meets the international standard. This solution is not only convenient for users to use any device anytime and anywhere to retrieve the key to decrypt the encrypted email on demand, but it is also secure than the user's own storage of the key on the local computer. This is just as secure as storing cash in a bank, it is not only convenient to get cash at any ATM anytime and anywhere, but it is also secure than storing cash at home.

However, for some organizations that require independent management of encryption keys, such as government agencies, banking institutions and large enterprises, users can purchase MeSign Enterprise Key Management System (EKMS) for local deployment to achieve local independent management of encryption keys.

The user only needs to deploy the MeSign Key Management Box (hardware) or Key Management System (software) on the enterprise’s intranet, and log into the organization’s MeSign account to set the internal IP address of the key management system. MeSign App will retrieve the IP address of the enterprise key management system according to the domain name of the enterprise mailbox set by the administrator, then MeSign App can connect to the right enterprise key management system to obtain the encryption key instead of connecting to MeSign Key Management System in the cloud to obtain the encryption key. Once the private key of the encrypting certificate is successfully obtained, the encrypting certificate and signing certificate can be obtained from MeSign CA system, then all employees can use the email encryption and digital signature normally. Please note: The enterprise key management system cannot access the Internet, and it is limited for access to the employees’ computers and mobile devices on the organization’s intranet to ensure the key management system and the key security.

2.3 MeSign Email Security Gateway

The core product of MeSign Technology to realize automatic email encryption is MeSign App, which realizes automatic email encryption by email client software. However, some organization cannot force all employees to replace the current used email client software to MeSign App, so the email encryption can only be solved on the email gateway. MeSign Technology proposes two solutions, one for users who have deployed an email security gateway and one for users who have not deployed an email gateway. Please refer to Deploy Email Gateway for Email Encryption Automation.

For users who have deployed an email security gateway, they need to purchase a MeSign Email Cryptography Gateway to connect to the deployed email gateway, so that the Gateway will submit the encrypted email to MeSign Gateway for decryption and then return it to the Gateway for normal processing. For emails that need to be encrypted, the Gateway can submit the user's cleartext email to the MeSign Gateway to encrypt the email and then return it to the Gateway to send the encrypted email out. This solution requires the user to contact the current email gateway manufacturer to update its product for docking MeSign Gateway.

For users who have not yet deployed an email security gateway, or whose existing email gateway cannot be upgraded to dock MeSign Gateway, it is recommended to purchase a MeSign Email Security Gateway. In addition to automatic email encryption and decryption, it also integrates the 360 cloud scanning service to scan the security of hyperlinks in the email and the security of email attachments. It also integrates an intelligent identification and blocking spam system and provides data leak prevention.

2.4 MeSign Email API

The reason why MeSign App can send encrypted emails automatically without exchanging the public key in advance is because MeSign has built a public key database for all users. MeSign App automatically collects all users’ public key automatically and write it into the MeSign public key database. The recipient’s public key is retrieved automatically when user uses MeSign App to write an email, so that the user does not need to care about the cumbersome public key exchange mechanism for email encryption, or whether the recipient has email certificate, user can automatically send encrypted emails just like sending the normal cleartext emails.

Since all management system sent emails are still cleartext emails, it is impossible to protect user privacy and business secrets. MeSign Technology has decided to open the MeSign public key database to all users around the world for free to obtain the public key for free to realize automatic sending encrypted business emails by system. The business management systems of government agencies, public service agencies, financial institutions and major enterprises can obtain the public key of the user for free by calling the MeSign Email API to automatically send encrypted emails to the end users, effectively protecting the user’s personal privacy information security and the security of business secret. Please refer to Retrieving public key for sending encrypted email automatically for FREE.

3. Summary

MeSign Technology is committed to using PKI technology to ensure the security of emails, building a MeSign Cryptographic Infrastructure, using "cloud" and "local" collaboration to realize automatic email encryption and digital signature, cracked the puzzles of hard-to-use of S/MIME technology. Users can use MeSign App to easily realize email encryption automatically and enjoy the Basic Edition email encryption services for free. User can also purchase the Plus Edition and Pro Edition service, which not only realizes automatic email encryption, but also realizes the global trusted of digital signatures and the authenticity of user identities, which not only solves the problem of email leakage, but also solves the problem of email fraud.

At the same time, MeSign Technology provides a series of email encryption solutions related to email security, such as an enterprise key management system, an email security gateway, and a free open Email API. Welcome to choose the one that is right for you.