B2B Gateways - PowerPoint PPT Presentation

1 / 41
About This Presentation
Title:

B2B Gateways

Description:

Secure Web Mail. HTML Attachment. Four Kinds of Secure E-mail. 1/21/04 ... Some products also support TLS Gateways and/or B2C (e.g. Secure Web Mail) ... – PowerPoint PPT presentation

Number of Views:68
Avg rating:3.0/5.0
Slides: 42
Provided by: DHF76
Category:
Tags: b2b | gateways | mail | web

less

Transcript and Presenter's Notes

Title: B2B Gateways


1
B2B Gateways
  • A proposal for Wisconsin collaboration on secure
    Internet E-mail

2
B2B Gateways
Why do we need secure Email?
3
B2B Gateways
Why do we need secure Internet E-mail?
  • E-mail is rapid, efficient, documented
    communication
  • Integral part of the business fabric
  • Some E-mails are sensitive
  • Internet E-mail exposed
  • HIPAA impermissible
  • disclosure

4
B2B Gateways
What are the business requirements?
  • Encryption
  • B2B vs B2C
  • E-mail system integration
  • Simplicity of use
  • Business rule enforcement
  • Allow virus, spam and content filtering
  • Record management

5
B2B Gateways
What are the business requirements?
  • Collaboration
  • Choice
  • Future requirements
  • Authentication
  • Digital signatures (AB755)
  • Proof of receipt
  • Nonrepudiation

6
B2B Gateways
A solid technology base exists
  • Public Key Infrastructure (PKI)
  • it works
  • addresses all requirements
  • Secure Multipurpose Internet Mail Extensions
    (S/MIME)
  • supported by major E-mail systems
  • predicted long term solution
  • Standard for WI State agencies
  • SSL/TLS (Secure Socket Layer/Transport Layer
    Security)
  • supported by major E-mail systems

7
B2B Gateways
The Achilles heel of PKI
  • Administration of keys
  • Confusing for users
  • Burdensome for technical staff
  • Revocations, expirations
  • Trust

8
B2B Gateways
Pretty Good Privacy (PGP)
  • Alternative to S/MIME
  • Uses some aspects of PKI
  • Requires plug-ins to e-mail clients (Outlook,
    etc)
  • Pros and Cons
  • Does not require a certificate authority
  • Key management burden on users in larger orgs-
  • S/MIME most widely compatible-
  • S/MIME support in most email clients-
  • Less transparent to end user than S/MIME-

9
B2B Gateways
Four Kinds of Secure E-mail
  • Desktop-to-Desktop
  • Gateway-to-Gateway
  • Secure Web Mail
  • HTML Attachment

10
B2B Gateways
Desktop-to-Desktop (End-to-End)
Client Decrypts
Client encrypts
E-mail client
Internet
. . .
Interior Firewall
Exterior Firewall
E-mail server
S/MIME PGP
Exterior Firewall
11
B2B Gateways
Desktop-to-Desktop
  • Need only major E-mail software ()
  • Zillions of keys (-)
  • Keys on desktops (-)
  • Users control decryption (-)
  • Cant check virus or filter
  • content on encrypted messages (-)

12
B2B Gateways
Gateway-to-Gateway encryption
  • Server-to-server
  • Domain-to-domain
  • Organization-to-organization
  • S/MIME or TLS

13
S/MIME Gateways
S/MIME Gateway-to-Gateway
Exterior Firewall
E-mail client
Internet
E-mail server
. . .
Encryption/Decryption
Secure Messaging Gateway
Interior Firewall
Secure Messaging Gateway
Filtering, anti-virus, archiving, etc services
E-mail server
Exterior Firewall
14
B2B Gateways
Transport Layer Security (TLS 1.0)
  • Improved Secure Socket Layer (SSL 3.0)
  • Operates at the transport layer between TCP/IP
    and applications like HTTP (web pages) or SMTP
    (E-mail between servers)
  • Uses PKI to encrypt the session (rather than the
    message)
  • SMTP Simple Mail Transfer Protocol

15
TLS Gateways
TLS Gateway-to-Gateway
Exterior Firewall
E-mail client
Internet
E-mail server
. . .
Encryption/Decryption
Secure Messaging Gateway
Interior Firewall
Secure Messaging Gateway
Filtering, anti-virus, archiving, etc services
E-mail server
Exterior Firewall
16
B2B Gateways
S/MIME Gateway-to-Gateway
  • Many fewer keys ()
  • Simple for users ()
  • Messages decrypted within the organization ()
  • E-mails stored on organizations servers ()
  • Virus checking and content filtering ()
  • Applications can use gateways for messaging ()
  • Trust at the organizational level (-)

17
B2B Gateways
TLS Gateway-to-Gateway
  • Excellent for internal server-to-server links ()
  • Supported by major E-mail servers (eg Exchange)
    ()
  • Inadequate where E-mail relayed thru non-secure
    servers (-)
  • Concern where orgs use outsourced mail relays for
    spam or virus filtering, etc (-)
  • Sender and receiver must trust relay
    organizations (-)

18
B2B Gateways
Secure Web Mail
E-mail client
Internet
. . .
Interior Firewall
Exterior Firewall
Web Mail Server
E-mail server
Exterior Firewall
19
B2B Gateways
Secure Web Mail
E-mail client
Internet
1- send E-mail as usual
. . .
Interior Firewall
Exterior Firewall
Web Mail Server
E-mail server
Exterior Firewall
20
B2B Gateways
Secure Web Mail
E-mail client
Internet
1- send E-mail as usual
2- set clue and password
. . .
Interior Firewall
Exterior Firewall
Web Mail Server
E-mail server
Exterior Firewall
21
B2B Gateways
Secure Web Mail
3- send E-mail with url
E-mail client
Internet
1- send E-mail as usual
2- set clue and password
. . .
Interior Firewall
Exterior Firewall
Web Mail Server
E-mail server
Exterior Firewall
22
B2B Gateways
Secure Web Mail
4-Sender provides clue and passphrase
E-mail client
Internet
. . .
Interior Firewall
Exterior Firewall
Web Mail Server
E-mail server
Exterior Firewall
23
B2B Gateways
5-User accesses secure web-site
Secure Web Mail
4-Sender provides clue and passphrase
E-mail client
Internet
. . .
Interior Firewall
Exterior Firewall
SSL/TLS
Web Mail Server
E-mail server
Exterior Firewall
24
B2B Gateways
Secure Web Mail
  • Recipient uses browser (-)
  • No user key management ()
  • Send message management via E-mail system varies
    (-)
  • Clue and passphrase management (-)
  • Message resides on senders server (-)
  • Recipient can not virus scan or filter content
    (-)
  • Identification, proof of receipt, non-repudiation
    limited (-)
  • Good for B2C, 1m, not mn

25
B2B Gateways
HTML Attachment
E-mail client
Internet
1-send E-mail as usual
. . .
Exterior Firewall
Server
E-mail server
Exterior Firewall
26
B2B Gateways
HTML Attachment
2-Sender provides identifying info
E-mail client
Internet
1-send E-mail as usual
. . .
Exterior Firewall
Appliance
E-mail server
Exterior Firewall
27
B2B Gateways
HTML Attachment
2-Sender provides identifying info
E-mail client
Internet
1-send E-mail as usual
. . .
Exterior Firewall
Appliance
E-mail server
3-Appliance encrypts in HTML attachment and sends
as normal E-mail
Exterior Firewall
28
B2B Gateways
4-Java authenticates, decrypts
HTML Attachment
2-Sender provides identifying info
E-mail client
Internet
1-send E-mail as usual
. . .
Exterior Firewall
Appliance
E-mail server
3-Appliance encrypts in HTML attachment and sends
as normal E-mail
Exterior Firewall
29
B2B Gateways
HTML Attachment
  • Recipient only needs browser ()
  • Recipient and sender use E-mail system for
    message management ()
  • Proof of receipt sometimes supported ()
  • Senders can control message after receipt (-)
  • No virus checking or content filtering (-)

30
B2B Gateways
Why is S/MIME Gateway-to-Gateway best?
  • S/MIME and PKI robust and ubiquitous
  • Experts recommend it
  • Eventual individual authentication
  • E-mail system integration
  • Workable interim solution
  • Supports virus checking and content filtering
  • Works between organizations
  • Encrypts across E-mail relays
  • Some products also support TLS Gateways and/or
    B2C (e.g. Secure Web Mail)

31
B2B Gateways
The Challenge Interoperability
32
B2B Gateways
The Challenge Interoperability
33
B2B Gateways
The Challenge Interoperability
  • Choice of vendors based on standards
  • New Zealand SEE Mail initiative (40 agencies)
  • Massachusetts Health Data Consortium
  • The Open Group (Unix, LDAP, CORBA, WAP)

34
B2B Gateways
SMG Gateway Message Profile
  • Profile of S/MIME Version 3.1 Message
    Specification MSG31
  • Standard message format
  • Message processing conventions
  • Simple mechanism for Domain Certificate exchange

35
B2B Gateways
S/MIME Gateway Product Certification
  • Now certifying vendors
  • www.opengroup.org/smg/cert/
  • Certified Products
  • Tumbleweed Email Firewall 6.0
  • Syntegra MMP 1.01
  • ZixCorp Zix VPM 2.3
  • NetIQ Mail Marshall SMTP Secure 5.5
  • Also support TLS Gateway

36
B2B Gateways
Coexistence of SMG and TLS Gateways
  • Products supporting TLS Gateways
  • Outlook Exchange
  • GroupWise
  • Lotus Notes?
  • Products auto select TLS, SMG (or WebMail)?
  • Products supporting TLS Gateways or SMG
    Critical Mass of Interoperability?

37
B2B Gateways
Auto Direct
3rd Party Product
SMTP over TLS Gateway
38
B2B Gateways
Wisconsin Government Action
  • Consolidating E-mail of all agencies
  • Oracle Collaboration Suite (OCS)
  • No native secure E-mail functionality
  • Third party product RFP
  • DHFS, Employee Trust Funds, WI Housing and
    Economic Development Authority (WHEDA) defined
    requirements

39
B2B Gateways
A Modest Proposal for HIPAA COW
  • Recommend Gateway approaches for secure Internet
    E-mail between health care organizations in WI
  • Preference for products supporting both SMG and
    gateway TLS?
  • Preference for SMG for new third party
    acquisitions and where E-mail relays are used?

40
B2B Gateways
Willing to Pilot?
  • Current or planned users of
  • SMG-certified products?
  • Outlook or Groupwise or other products supporting
    gateway TLS?

41
B2B Gateways Survey
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "B2B Gateways" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!