PaperClip Incorporated 3/7/06; Rev 9/18/09. PaperClip Compliant Email Service Whitepaper



Similar documents
PaperClip Incorporated 3/7/06; Rev 8/12/14. PaperClip Compliant Service Whitepaper

Serial Deployment Quick Start Guide

PaperClip. em4 Cloud Client. Manual Setup Guide

Account Restrictions Agreement [ARA] - Required by LuxSci HIPAA Accounts

CONFIGURATION AND SETUP USER GUIDE AND REFERENCE MANUAL

How to Secure a Groove Manager Web Site

SECURE MESSAGING PLATFORM

UC Irvine Health Secure Mail Message Center

Grapevine Mail User Guide

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

HotSpot Enterprise Mobile Printing Solution. Security Whitepaper

Policy Based Encryption E. Administrator Guide

Policy Based Encryption E. Administrator Guide

BlackBerry Internet Service Using the Browser on Your BlackBerry Smartphone Version: 2.8

Configure SecureZIP for Windows for Entrust Entelligence Security Provider 7.x for Windows

Quick-Start Guide

ing from The E2 Shop System address Server Name Server Port, Encryption Protocol, Encryption Type, SMTP User ID SMTP Password

Security. Secure Encryption: Protect Communication with Personal Certificates. An IceWarp White Paper. October

OutDisk 4.0 FTP FTP for Users using Microsoft Windows and/or Microsoft Outlook. 5/1/ Encryptomatic LLC

Hosted Microsoft Exchange Client Setup & Guide Book

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

White Paper. Securing and Integrating File Transfers Over the Internet

Optus SMS for MS Outlook and Lotus Notes

Astaro Mail Archiving Getting Started Guide

Update Instructions

Ciphermail Gateway PDF Encryption Setup Guide

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Technical White Paper BlackBerry Enterprise Server

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

Outlook Express POP Instructions - Bloomsburg University Students

WHITE PAPER. Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting

Creating a Content Group and assigning the Encrypt action to the Group.

SuperOffice AS. CRM Online. Set up your web mail client

Protected Trust Setup Guide for Brother MFC Devices

Using Voltage Secur

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Healthcare Compliance Solutions

setup information for most domains hosted with InfoRailway.

Quick Start Guide. Your New Account

Ciphermail for BlackBerry Quick Start Guide

Setup Corporate (Microsoft Exchange) . This tutorial will walk you through the steps of setting up your corporate account.

Configuration Information

How To Secure Your Data Center From Hackers

WineWeb Account Services

Security. TestOut Modules

How to Pop to Outlook

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

TOP SECRETS OF CLOUD SECURITY

Business Internet service from Bell User Guide

Sage Abra HRMS. Abra HRMS Security Considerations

Update Instructions

March PGP White Paper. Transport Layer Security (TLS) & Encryption: Complementary Security Tools

Feature and Technical

Interwise Connect. Working with Reverse Proxy Version 7.x

Configuring your client to connect to your Exchange mailbox

Evolution from FTP to Secure File Transfer

How Managed File Transfer Addresses HIPAA Requirements for ephi

. Service Option Description. Deltacom Product Management - updated 9/17/2007 1

Microsoft Outlook 2010

Good Practice use of Outlook, Thunderbird and HORDE Webmail

F-Secure Messaging Security Gateway. Deployment Guide

CHARTER BUSINESS custom hosting faqs 2010 INTERNET. Q. How do I access my ? Q. How do I change or reset a password for an account?

Policy Based Encryption Z. Administrator Guide

Hosted Microsoft Exchange Client Setup & Guide Book

Personal Secure Certificate

SecureTransport. Version 5.3.0

Using Entrust certificates with VPN

SECURE COMMUNICATIONS PLAN Updated August 25, 2011

Configuring Outlook to send mail via your Exchange mailbox using an alternative address

Network Configuration Settings

introducing The BlackBerry Collaboration Service

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

Copyright Telerad Tech RADSpa. HIPAA Compliance

Using etoken for Securing s Using Outlook and Outlook Express

Secure Client Guide

redcoal SMS for MS Outlook and Lotus Notes

Configuration Information

To configure Outlook Express for your InfoMetrics address:

SaaS Encryption Enablement for Customers, Domains and Users Quick Start Guide

Update Instructions

CoSign for 21CFR Part 11 Compliance

TELSTRA BUSINESS MAIL QUICK REFERENCE GUIDE

Setting up Microsoft Office 365

Remote Access Platform. Architecture and Security Overview

Configuring, Customizing, and Troubleshooting Outlook Express

Update Instructions

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

1 Outlook Web Access. 1.1 Outlook Web Access (OWA) Foundation IT Written approximately Dec 2010

IMAP and SMTP Setup in Clients

A Guide to New Features in Propalms OneGate 4.0

Djigzo S/MIME setup guide

IRMACS Setup. Your IRMACS is available internally by the IMAP protocol. The server settings used are:

Standard Mailbox Software Setup Guide

Cornerstones of Security

Vodafone Hosted Services. Getting your . User guide

Transcription:

Incorporated 3/7/06; Rev 9/18/09 PaperClip Compliant Email Service Whitepaper

Overview The FTC Safeguard Rules require Financial, Insurance and Medical providers to protect their customer s private information or Non Public Information (NPI). This requires special handling of electronic information specific to Email on the public Internet. Email messages must be encrypted before releasing them on the Internet. Many organizations have deployed solutions securing their internal domain traffic but either send in clear text to their trading partners or share their proprietary interface. Trading partners cannot effectively use Email and meet compliance. PaperClip proposes a compliant Email service that can address interoperability, compliance, ease of use and necessary auditing. The Compliance Landscape The Internet has dramatically changed the way we conduct business today. The ability to deliver information, answer questions, exchange ideas has benefited all who participate. One significant use of the Internet is electronic mail. The ability to replace a letter, fax or phone call with a simple electronic message has won the day. Storing and quickly retrieving these messages allow organizations to streamline its communications process and by today s business standards, Email has become a cornerstone. In recent years, the United States Federal Government has passed new initiatives targeted at the way personal information must be handled on the public Internet. The major acts are Financial Services Modernization Act (GLB), Identity Theft Prevention Act of 2000 and the Health Insurance Portability and Accountability Act of 1996 (HIPAA). These acts focus on different aspects of personal information but all have the same mandate, protecting customer s personal information from unwarranted access and the accountability for its use. PaperClip Incorporated Page 2 of 15 9/18/2009

Non Public Information (NPI) is defined as personal information, which by itself or with other information could allow access to private assets or health information. Items listed below are a representation of NPI; Social Security Number (9 digits) Address Demographic Information Phone Number Age Date of Birth Race Sex /gender Religion Mother's maiden name Driver's License Number Passport Number (9 digits) State identification card number Personal identification numbers Information commonly provided on an application for an insurance product or service. Logon IDs and Account passwords Digitized or other electronic signatures Employer assigned employment identification number AESC assigned ID (9 digits) Unique electronic identification number or routing code Government issued identification number Bank Account Number Debit Card Number (16 digits) Credit Card Number (15-16 digits) Payment History Account Balance Fund (investments) value/balance Factors around customer s income or assets Fact that person is a customer of a financial institution Fact that the customer is or has obtained insurance policy Financial account number or credit card or debit card number Information obtained when requesting or getting, collecting, or servicing a loan Information from a consumer or credit report Height or Weight Other medical specifics such as blood type Medical Conditions, Medical Diagnosis, Medical Test Results, Medications Used Past, present, or future physical, mental, or behavioral health Health care being provided Health-related policy premiums Health policy numbers Biometric data, such as fingerprints, retina, iris images or DNA profile PaperClip Incorporated Page 3 of 15 9/18/2009

PaperClip s Email Compliance Position Reviewing the compliance landscape outside of the box, PaperClip believes securing (encrypting) the message on the public Internet is the objective. Reasonable levels of authentication are satisfied with trust protocols around Email addressing. An individual that has an Email account (login and password) on a corporate sponsored Email infrastructure is a trusted individual therefore their Email address is secure and unique. If the reader is in agreement, simply sending an encrypted Email to a receiver which passes from and through respective firewalls decrypted and delivered to the receiver in clear text meets Safeguard Rule compliance requirements. PaperClip also believes a record of that transaction (Email exchange) must be logged by and stored at a disinterested third party. The mere requirement for annual auditing implies impartiality. To only conduct internal audits on internal information can be considered a conflict of interest and typically receives the most scrutiny by regulatory agencies. Transactional information stored and made accessible to customers and authorized third parties provide a degree of integrity resulting in quicker, less expensive audits. The FTC s track record in settlements, include monitoring and audits conducted by an independent third party every 10 to 20 years at the violators expense. Adopting a third party auditing scheme as part of the service only enhances compliance. Conclusion - encrypting Email messages firewall to firewall and recording the transaction metadata with a third party meets the FTC Safeguard Rules. PaperClip Incorporated Page 4 of 15 9/18/2009

PaperClip s Solution Approach PaperClip believes any chance to overcome the current market solution shortcomings and gain wide adoption is to change the paradigm. Ten years ago PaperClip s Internet express was a new paradigm and its success today is measured with 300 plus customers exchanging over 136 million documents as of 2009, a sixty percent growth year over year. PaperClip s approach again is to climb outside of the box and fix it. Starting with some simple user requirements, a proven encryption algorithm, a vendor service track record with our eye on the target, a new paradigm is created (called Email for pronounced M4). The new approach resolves the many problems created in a diverse compliant industry: Encrypts Emails and their attachments firewall to firewall. Disinterested third party recording of Email transactions for auditing access. Email infrastructure independent, multiple deployment options. Ease of use accomplished, Subscriber s users don t have to learn something new. Commodity pricing, affordable by any size organization. Emails do not pass through the PaperClip Central Office. The Central Office serves only to manage encryption keys and collect auditing information. PaperClip Incorporated Page 5 of 15 9/18/2009

The Technology The Relay, engineered as a closed relay provides the highest level of security from the Internet. The Relay sits between your Email server and your Smart Host (Firewall) for sending and receiving Emails. Relay communicates directly over the Internet via Secure Socket Layer (Port 443 only) to the Central Office. This CO exchange is done asynchronously and provides configuration changes, session keys and metadata updates. Depicted below as logical servers, Relay and if needed, a Smart Host can reside on one Microsoft server platform. Service is comprised of several types of Relay options and an Central Office (Host) managed by PaperClip Incorporated. The CO is a n-tier architecture with a mirrored site(s) for reliability. Each CO has functional servers which maintain HTTPS services (Port 443 only), Transaction server, Database server, Portal server and other data center related resources. Relay Server is designed for the enterprise. Desktop is designed for the individual desktop client and Webmail hosted by PaperClip supporting the non subscriber. PaperClip Incorporated Page 6 of 15 9/18/2009

Encryption Options The Service has two deployment options, encryption enabled or disabled. These two options adhere to specific rules regarding how to encrypt Emails. Encryption Enabled follows six rules as described below: 1. If an Email recipient s address domain is an Subscriber. 2. If one or more Email recipients address domains are Subscribers, Email is encrypted to all recipients (Subscribers & Non Subscribers) 3. If the wild card Email address (flag@em4relay.smtp) appears as a recipient. 4. Microsoft Outlook AddIn Secure choice displaying a green ribbon. 5. If the wild card Email address (pass@em4relay.smtp) appears as a recipient, the Email will not be encrypted but audited as an exception. 6. Microsoft Outlook AddIn Force Not Secure choice displaying a red ribbon. Encryption Disabled follows two rules described below: 1. If the wild card Email address (flag@em4relay.smtp) appears as a recipient then encrypt the Email to all recipients. 2. Microsoft Outlook AddIn Force Secure choice displaying a green ribbon. Force Secure Force Not Secure Note: The Email addresses flag@em4relay.smtp and pass@em4relay.smtp can be supported with friendly names such as Secure and Not Secure supporting Email type ahead feature. The receiver of a decrypted Service Email will see appended to the bottom of the original Email a tag line Content protected by Paperclip Compliant Email System. PaperClip Incorporated Page 7 of 15 9/18/2009

The Relay Server The Relay Server has two basic configurations, Serial and Parallel. Serial configuration is the most simple requiring all Emails to pass through. In Parallel mode, Relay becomes a subsystem to your Email server. The host s Email rules decide what Emails are directed to the Relay for encrypting. Multiple Relays can be deployed to handle the largest traffic demands. Relay installed as a Serial process maintains locally a list of compliant receivers domains and Desktop subscribers maintained by the Central Office. In Serial operations the Sending Email server delivers the Email to the Relay. Relay applies the Serial Rules and encrypts or not. Relay then delivers the Email to the Smart Host for delivery across the Internet directly to the receiving Email Server. Receiving Emails start at the Smart Host and are forwarded to Relay(s) for decrypting as necessary. Relay then releases the Email to the internal Email Server. PaperClip Incorporated Page 8 of 15 9/18/2009

Relay deployed as a Parallel process to your Email Server allows your Email Server s rules engine to decide what Emails get encrypted going out. This method provides a centralized administration for more complex rules management leveraging existing resources. In this mode of operation, Relay adheres to the following rule: 1. All outgoing Email is encrypted. In Parallel operations the Sending Email Server decides what Emails are delivered to the Relay. Relay applies the Parallel Rules and encrypts all Emails. Relay then delivers the Email to the Smart Host for delivery across the Internet. Receiving Emails start at the Smart Host and are forwarded to the Internal Email Server. Internal Email Server rules identify it as an Relay encrypted Email and forward it on to the Relay(s) for decrypting. Relay(s) then releases the Email back to the Internal Email Server PaperClip Incorporated Page 9 of 15 9/18/2009

The Desktop Desktop is a version of the Relay designed to install on a user s Windows desktop and is email client independent. The Desktop version supports POP3 Emails and manages the encrypting/decrypting process. The Desktop requires Internet access over port 443 capable of reaching PaperClip s Central Office. This deployment is for small groups requiring a desktop solution where Email services are ISP provided or do not warrant a server version of the Relay. The Desktop deployment acts on Emails as they are sent or received from the Email Server. The Email on the Email Server is encrypted. This meets the requirement for encrypted at rest while on third party servers. This operation does limit the use of hand held devices such as Blackberries. PaperClip Incorporated Page 10 of 15 9/18/2009

The Webmail Non Subscribers The Service has the ability to manage Non Subscribers (NonSubs) via PaperClip s Webmail hosted by PaperClip. Subscribers have the option to deploy Web Mail requiring receiver authentication. With no authentication required, the receiver can select the link and view the Email in a secure browser. Choosing authentication will require receivers to create and maintain credentials. NonSubs have the ability when registering to setup their Web Mail account. NonSubs will receive an Email with the appropriate link directing them back to the Service Web Mail host. NonSub will then have to login with their Email address or alias and authenticate with their password they registered with. The hosted Web Mail Email will secure the Internet pipe or tunnel via SSL. NonSubs will have the ability to save the Email and if desired, Reply to the sender securely. NonSub Emails will remain within the hosted environment for thirty days after opening then they will be purged. Non Subscribers do not have access to Service portal. NonSubs will be able to manage their own Web Mail accounts as necessary (i.e., change password). Subscribers can control the content of the Email body with relevant compliance notices. In addition they can brand their browser presentation with a custom banner or logo. Decrypt Incoming Emails Reply To: Supported Revocation Audited Lite Subscribers Subscribers have the option to purchase annual sponsored Lite licenses which they can freely distribute. This Lite license will only encrypt Emails and their attachments for the Subscriber s domain. In effect, the Lite license is a full feature subscriber limited to its registered subscribers. Lite license will allow NonSubs to freely initiate encrypted Emails to the sponsoring Subscriber at any time. There is no registration requirement for Lite users. Lite users will have the option to deploy the Desktop client. PaperClip Incorporated Page 11 of 15 9/18/2009

Clear Text Email Notice Secured Browser Access PaperClip Incorporated Page 12 of 15 9/18/2009

Service Administration Subscriber administrators have access to the Service portal via a browser. The portal provides user functions for analyzing Subscriber s metadata (Auditing), sender and Email revocation and reporting. PaperClip Incorporated Page 13 of 15 9/18/2009

Service Auditing Auditing captures and maintains information regarding Email transactions and administration. Auditing starts with the data collected every time a request is made to encrypt or decrypt. Sender s Relay connects (SSL) to the Central Office ( CO) and updates the CO in an asynchronous manner. The initial Sender s request message file includes: Client Metrics Transaction ID 3DES Session Key Sender Email address Receiver(s) Email address Request Date/Time Stamps Subject Line Attachment Names Receiver s Relay connects to the CO (SSL) and completes the data record closing the transaction. Relay connects to the CO in an asynchronous manner to update. This update passes the following metadata recorded by the CO: Client Metrics Transaction ID Sender Email address Receiver Email address Request Date/Time Stamps Non Subscriber s Add-In or Web Mail connects to the CO (SSL) and updates the transaction data in an asynchronous manner. This update passes the following metadata recorded by the CO: Add-In Metrics Transaction ID Sender Email address Receiver Email address Request Date/Time Stamps Auditing allows for the isolation of an transaction and all the events associated. Filter on Email senders or receivers drilling deeper with date and time ranges as needed. Auditing reports or data can be exported to Subscribers for continued reconciliation. PaperClip Incorporated Page 14 of 15 9/18/2009

. Conclusion The need to encrypt Emails and their attachments across the public Internet protecting NPI is an undisputed requirement. Current deployed market solutions suffer from industry interoperability, deviate and burden trading partners workflow and require many IT resources not available to all. It s time to climb out of the box. PaperClip s new paradigm that meets compliance, makes it easy to use, distributes cost based on usage (not buying a gun to kill a fly) and eliminates the conflict of interest objection with a disinterested third party audit is ready. This new paradigm or Service can scale from one to thousands of users. It makes industry compliance affordable and uniform. It s simple. PaperClip Incorporated Page 15 of 15 9/18/2009

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information