SUMMARY OF ENCRYPTION METHODS IN MARKETPLACE
Public Key Exchange: Public Key Exchange (PKI) is secure, but complex for many. Exchanging public encryption keys among contacts (PKI Digital Certificates) and using Microsoft Outlook on a desktop computer is a “strong crypto system”, but has proven to be too cumbersome for most to purchase and install these certificates, manage the expiration, ensure recipients have a copy of the sender public key and vice-versa, and all are using a compatible email program such as Microsoft Outlook desktop software.
Secure Store and Forward: Secure Store and Forward systems are most susceptible to “Man in the Middle” problems. Systems that store message content in the middle, and send a link to the recipients to download the content, are often used, but are not considered “strong crypto systems”, as the most sensitive information is now stored on a third party server with unknown data security and message purge practices (which may differ from their stated policies). Further, there is no protection from unknown recipient endpoint security or lack thereof.
Note, systems that wrap the email in an encrypted HTML file and send, often purport themselves to be “direct delivery” but leave out the important point that the process of decrypting, is often sending the data back to the server in the middle, and that server storing the decrypted message and displaying it in a web browser (with the same Man in the Middle storage purge concerns). Further, there is no protection from unknown recipient endpoint security or lack thereof. This is better than simple Secure Store and Forward but still has Man in the Middle issues, and as such, these are also not considered “strong crypto systems.”
True Direct Delivery: True Direct Delivery systems are the best method. Systems that wrap the message in an encrypted file are “strong crypto systems” as (a) the message content is not stored in the middle, (b) content is truly delivered to the recipients’ desktops encrypted, AND (c) the content remains encrypted at the recipient endpoint to prevent potential disclosure regardless of the recipient endpoint security. Systems that make this method easy to use and implement for both sender and recipient become the true best method “strong crypto systems” for email encryption (for both compliance and personal privacy). It is important to consider why one is encrypting a message. If it is done for messaging privacy, then one is looking for simple to use, secure enough encryption, to comply with data privacy regulations --- and one should desire a system that also provides proof of compliance (proof of encrypted delivery).
RMail provides what is described here as True Direct Delivery strong crypto systems that are simple to use and install with no storage by RMail, offered within its RMail service platform that extends users’ existing email platforms.
The Council of Insurance Agents and Brokers, a leading trade association for the insurance industry worldwide selected RMail’s email encryption service as its top pick in its Email Encryption Buyers’ Guide. In the Guide, Frank Senter, Director of Technology at The Council, stated that RMail’s encryption service “has demonstrated its ability to respond to market needs and has continuously enhanced its solutions accordingly. This service upgrade, in particular, has addressed key points of interest for our members: (1) simplicity for senders, (2) a high response rate for recipients accessing encrypted email, (3) auditable proof of compliance, (4) ability for recipients to reply with encryption, (5) support for compliance with e-discovery, (6) ease of implementation, and (7) flexibility in cost models.” RMail’s patents provide for a sustainable competitive advantage in the area of auditable proof of compliance (point 3 above).