INTEGRATION GUIDE MS OUTLOOK 2003 VERSION 2.0 Document Code: ST_UT_MB_MSO_2.0_18042012
The data and information contained in this document cannot be altered without the express written permission of SecuTech Solution Inc. No part of this document can be reproduced or transmitted for any purpose whatsoever, either by electronic or mechanical means. The general terms of trade of SecuTech Solution Inc. apply. Diverging agreements must be made in writing. Copyright SecuTech Solution Inc. All rights reserved. WINDOWS is a registered trademark of Microsoft Corporation. The WINDOWS-logo is a registered trademark (TM) of Microsoft Corporation. Software License The software and the enclosed documentation are copyright-protected. By installing the software, you agree to the conditions of the licensing agreement. Licensing Agreement SecuTech Solution Inc. (SecuTech for short) gives the buyer the simple, exclusive and nontransferable licensing right to use the software on one individual computer or networked computer system (LAN). Copying and any other form of reproduction of the software in full or in part as well as mixing and linking it with others is prohibited. The buyer is authorized to make one single copy of the software as backup. SecuTech reserves the right to change or improve the software without notice or to replace it with a new development. SecuTech is not obliged to inform the buyer of changes, improvements or new developments or to make these available to him. A legally binding promise of certain qualities is not given. SecuTech is not responsible for damage unless it is the result of deliberate action or negligence on the part of SecuTech or its aids and assistants. SecuTech accepts no responsibility of any kind for indirect, accompanying or subsequent damage. I
Contact Information HTTP: E-Mail: www.esecutech.com Sales@eSecuTech.com Please Email any comments, suggestions or questions regarding this document or our products to us at: Sales@eSecuTech.com Version Date 1.0 2011.4.29 2.0 2012.4.18 II
CE Attestation of Conformity UniToken is in conformity with the protection requirements of CE Directives 89/336/EEC Amending Directive 92/31/EEC. UniToken satisfies the limits and verifying methods: EN55022/CISPR 22 Class B, EN55024: 1998. FCC Standard This device is in conformance with Part 15 of the FCC Rules and Regulation for Information Technology Equipment. Operation of this product is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. The equipment of UniToken is USB based. Conformity to ISO 9001:2000 The Quality System of SecuTech Solution Inc., including its implementation, meets the requirements of the standard ISO 9001:2000 ROHS All UniToken products are environmental friendly with ROHS certificates. III
Table of Contents ABOUT THIS GUIDE... 1 CHAPTER 1: PREPARING MICROSOFT OUTLOOK 2003 AND UNITOKEN PRO... 3 1.1 Install the PKI package... 3 1.2 Request a VeriSign Certificate... 7 CHAPTER 2: SIGN AND ENCRYPT MAIL... 11 2.1 User 1 mailbox (receiver.secutech)...11 2.2 User 2 mailbox (helper.secutech)...14 CHAPTER 3: OPEN AN ENCRYPTED MAIL... 16 3.1 User 1 mailbox (receiver.secutech)...16 GLOSSARY... 17 IV
About this guide Data security has become one of the most important problems occurring in a company. In order to combat the threats becoming more and more dangerous and present, it has become necessary to prevent data leak and falsification. In this guide, we will introduce how to integrate UniToken PRO and Microsoft Outlook 2003 to perform mail signature and encryption with a digital certificate. Compared to the usual protection method that uses only one security element (the password), Encrypting and signing the mail with the certificate stored in UniToken PRO provides 2 factors authentication that uses 2 security elements (password and certificate stored inside the Token). In this way, security is greatly improved. Secutech s UniToken PRO can generate certificates on the hardware side and store them. The certificate is being stored in the UniToken PRO hardware and not on the user s computer, thus providing a higher security level. About SecuTech SecuTech Solution Inc. founded in 2005, is the global leader in providing software protection and license management solution, secure managed portable storage, two-factor authentication, and cloud computing. Its best-of-breed product portfolio meets the highest security, performance, and privacy standards of the most demanding software vendors, enterprise, government, and financial customers. SecuTech' UniToken Software Rights Management products are the 1st Driverless Hardware key choice of software developers and publishers to protect intellectual property, increase revenues, and reduce losses from software piracy. UniToken is a USB-based authentication solution. The UniToken secure Web gateway provides the most advanced protection against the latest Web-based threats and attacks. UniOTP is an open, flexible authentication solution that supports any form of authentication, including Windows Logon, Active Directory authenticating, cloud computing, and mobile authentication, it is natural that SecuTech includes OATH compatibility within its UniOTP two-factor authentication architecture. Over 1,000 customers in 62 countries choose SecuTech security products to protect their invaluable data and networks. SecuTech has resellers and offices in 16 countries, a worldwide network of channel partners, and has won numerous awards for innovation. SecuTech UniToken MS Outlook 03 Integration guide Version 2.0 1 of 18
About UniToken PRO UniToken PRO is an authentication token developed by SecuTech Solution Inc. Featuring a high performance SmartCard, it allows to further strengthen security. Besides the function Windows Logon brought by the SmartCard, UniToken PRO also supports PKCS#11 and MS-CAPI digital certificates. Inside the 256KB integrated memory, you can store many certificates. Apart from logon features, you can also use UniToken PRO to protect Microsoft office and PDF documents, sign and encrypt mails and strengthen website authentication, there are many different ways to use it. Technology UniToken PRO uses PKI technology. This includes PKCS#11 and MS-CAPI compatibility which are the standards most used in the cryptographic sector. Certificates generated by UniToken are stored directly inside of it and not on the user s computer. Credentials are generated on the hardware side and are never stored on the computer, preventing cold boot attacks and making hacking virtually impossible. Configuration used Windows XP UniToken PRO Microsoft Outlook 2003 SecuTech UniToken MS Outlook 03 Integration guide Version 2.0 2 of 18
Chapter 1: Preparing Microsoft Outlook 2003 and UniToken PRO This part explains how to install the PKI package that you can find inside the SDK. The End User package can be found inside the folder Redist/Enduser. 1.1 Install the PKI package Right-Click on the PKI package installation file and choose Run as administrator. Please execute the installer with an account that has administrator rights on the current computer. SecuTech UniToken MS Outlook 03 Integration guide Version 2.0 3 of 18
Please click on [Next] in the welcome screen. Input your username and Company Name and click on [Next] SecuTech UniToken MS Outlook 03 Integration guide Version 2.0 4 of 18
Select [Complete] and click on [Next]. Click on [Install] to begin the installation of the PKI package. SecuTech UniToken MS Outlook 03 Integration guide Version 2.0 5 of 18
Verify that the install wizard completed correctly and click on [Finish] SecuTech UniToken MS Outlook 03 Integration guide Version 2.0 6 of 18
1.2 Request a VeriSign Certificate Open Internet Explorer and go to the page: https://digitalid.verisign.com/client/class1ms.htm You can buy a digital certificate or download a free evaluation version that is fully usable for 60days SecuTech UniToken MS Outlook 03 Integration guide Version 2.0 7 of 18
In the field Cryptographic Service Provider Name choose UniToken PRO CSP v2.0. Click on [Accept] to request the certificate. Type in the correct user PIN for UniToken PRO and click on [OK] SecuTech UniToken MS Outlook 03 Integration guide Version 2.0 8 of 18
Please check the mailbox that you used to request the certificate. You should have received an email explaining how to continue the request procedure. Copy the Digital ID PIN and go to the URL written in the mail: https://digitalid.verisign.com/enrollment/mspickup.htm Paste the Digital ID PIN that you copied from the mail in the corresponding field and click on [Submit] SecuTech UniToken MS Outlook 03 Integration guide Version 2.0 9 of 18
Click on [INSTALL] to import the certificate inside your UniToken PRO. If you have UniToken Monitor running, you should get a certificate imported successfully message. The request procedure is complete. You can now use this certificate to protect documents as well as sign and encrypt mail. SecuTech UniToken MS Outlook 03 Integration guide Version 2.0 10 of 18
Chapter 2: Sign and encrypt mail 2.1 User 1 mailbox (receiver.secutech) In Microsoft Outlook 2003, below the main menu, select [New] to create a new message. Below the main menu, in the tool bar click on [Options]. SecuTech UniToken MS Outlook 03 Integration guide Version 2.0 11 of 18
On the [Message Options] page, click on [Security Settings] On the [Security Properties] page, check [Add digital signature to this message] and click on [Change Settings] SecuTech UniToken MS Outlook 03 Integration guide Version 2.0 12 of 18
Click on [Choose] to Select the certificate stored inside the UniToken and click on [OK] consecutively until you get back to [New Message] window. In the new mail window, click on [Send] to send the signed mail. You will be asked for the UniToken password. SecuTech UniToken MS Outlook 03 Integration guide Version 2.0 13 of 18
2.2 User 2 mailbox (helper.secutech) Go the mail account that you ve just sent the signed mail to, and click on [Send/Recv]. Open the signed mail, right-click on the sender name and choose [Add to Outlook Contacts] Click on [Save and Close] to save the information about User 1 (receiver.secutech) as well as his certificate. SecuTech UniToken MS Outlook 03 Integration guide Version 2.0 14 of 18
Back to the main window of Microsoft 2003, select the signed email and click on [Reply]. Now that you have received that user s digital signature, you can send encrypted mails to that user (The public key of that user is included in the signature) Click on the [ ] icon on the top right of the windows and click on [Send] to send the encrypted message. If the signature and encryption icon doesn t appear, you can configure message encryption from [Options ] [Security settings] [Encrypt message and attachment] SecuTech UniToken MS Outlook 03 Integration guide Version 2.0 15 of 18
Chapter 3: Open an encrypted mail 3.1 User 1 mailbox (receiver.secutech) Go back to User 1 s mailbox and check your mail. You should have received the encrypted mail from User 2. Double-click on it to open it. If your UniToken is inserted, you will be able to see the content of the mail. Note: If you ve just inserted UniToken, you will be asked for the user password to decrypt the mail. Otherwise, there is no need to input the password once again. If UniToken is not inserted or if the certificate is incorrect, the message [Cannot Open this item. Your digital ID name cannot be found by the underlying system] SecuTech UniToken MS Outlook 03 Integration guide Version 2.0 16 of 18
Glossary Digital Signature: is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. Microsoft Cryptography API, MS-CAPI is an application programming interface included with Microsoft Windows operating systems that provides services to enable developers to secure Windows-based applications using cryptography. PKCS refers to a group of public-key cryptography standards devised and published by RSA Security. SecuTech UniToken MS Outlook 03 Integration guide Version 2.0 17 of 18
Follow us! Twitter Facebook Youtube Linked in About SecuTech SecuTech Solution Inc. is a company specializing in data protection and strong authentication, providing total customer satisfaction in security systems & services for banks, financial instituitions & other industries. Having extensive and in-depth experience within the information security market, SecuTech has drawn upon this experience to utilize today s cutting-edge technologies, enables enterprises, financial institutions, and government to safely adopt the economic benefits of mobile and cloud computing that are effective against increasingly sophisticated cyber attacks. www.esecutech.com SecuTech Solution Inc. North America China APAC EMEA 1250 Boulevard René- Lévesque Ouest, #2200, Montreal, QC, H3B 4W8, Canada T: +1-888-259-5825 F: + 1-888-259-5825 ext.0 E: INFO@eSecuTech.com Level 12, #67 Bei Si Huan Xi Lu, Beijing, China, 100080 T: +8610-8288 8834 F: + 8610-8288 8834 E: CN@eSecuTech.com Suite 5.14, 32 Delhi Rd, North Ryde, NSW, 2113, Australia T: 00612-9888 6185 F: 00612-9888 6185 E: AUS@eSecuTech.com 4 Cours Bayard 69002 Lyon, France T: +33-042-600-2810 F: +33-042-600-2810 M: +33-060-939 6463 E: Europe@eSecuTech.com Copyright 2012 SecuTech Solution Inc. All rights reserved. Reproduction in whole or in part without written permission from SecuTech is prohibited. SecuTech UniToken and the SecuTech logo are trademarks of SecuTech Inc. Windows and all other trademarks are properties of their respective owners. Features and specifications are subject to change without notice. SecuTech UniToken MS Outlook 03 Integration guide Version 2.0 18 of 18