Send and Receive

Retrieve a secure message sent to you. When accessing the message online, automatically a secure connection (SSL) is established between your computer and the PrivaSphere secure messaging server.

Read your Private Message

1. Access your PrivaSphere Secure Messages by either:

  • Secure Login into your PrivaSphere account
  • A message notification eMail to your standard eMail Inbox with an embedded secure link
  • In the Inbox of your standard eMail program

Hint: PrivaSphere messages expire after 30 days. If you want to keep a copy, download the message and attachment to your computer (use MS-Word or notepad/Editor - wordpad.exe might have problems displaying umlauts or non-western characters correctly).

If you cannot receive a message, then contact a PrivaSphere representative for additional assistance.

 

See also:

The .txt format presents the email message in a simple text file excluding attachments. You can view the message with your favorite text editor. The file will not be encrypted before download. 
If you choose this option, you will see a button in your inbox and your sent items offering the possibility to download the emails in the desired format.

Portable Document Format (PDF) is a popular cross-platform file format for printable documents originally developed by Adobe Systems. For reading you need an Adobe Reader which can be downloaded at the Adobe website at no charge. PDF frequently is used for document archiving.

PrivaSphere signs the PDF files digitally before download. The signature can be validated with the Adobe Acrobat Reader. Please download a short manual of Quo Vadis how to validate signatures in Acrobat Reader 8 (in German).

If you choose this option, you will see a button in your inbox and your sent items to download the emails as signed pdf files.

The e-mail extension format .eml is understood by many email programs (Mozilla Thunderbird, Windows MailMicrosoft Outlook Express). If you download messages in the .eml format, you can easily import them into your email program. If you download the .eml file, it will be delivered digitally signed. 

If you use this option you will see a button in your inbox and your sent items offering the possibility to download the emails in the desired format.

Reply to your PrivaSphere Secure Messages, if you already use PrivaSphere secure SMTP service:

  • Press the 'reply' button to create your reply message which has a one-time sending identity.
  • Adjust the outgoing eMail server to the 'PrivaSphere Secure Messaging' account (if not default).
  • Uncheck security options to not encrypt or sign. The reply message will reach the sender SSL-encrypted directly out of your eMail client.

Use the webMail interface to reply to the message:

  • Login to your account on https://www.privasphere.com.
  • Use the buttons 'reply' or 'reply to all' in your list inbox screen or in your inbox message.

See also:

Un MUC è un codice di accesso una tantum e protegge un messaggio inviato a un nuovo partner di comunicazione dall'essere visto a causa di intercettazioni o destinatari errati e viene utilizzato per avviare la fiducia.

Prepara per l'invio:

1. Se invii un messaggio ad un nuovo destinatario, il sistema genera un MUC casuale. Ricordati il MUC e invia il messaggio.

2. Comunica il codice MUC non via email - utilizzare un altro canale di comunicazione, es. personalmente o per telefono, SMS, fax o lettera - al destinatario.

 

Inviare i MUCs a un telefono cellulare via SMS o un fax:

3. Il destinatario clicca sul collegamento nel messaggio di notifica ricevuto da PrivaSphere. Si apre una pagina sul sito PrivaSphere che chiede di inserire il codice MUC. Fornire le credenziali darà accesso al messaggio sicuro.

 

4. Se il destinatario clicca sul pulsante di registrazione rapida, può ottenere una password, la fiducia con il mittente è consolidata e il MUC non è più necessario quando nella comunicazione tra le due parti. Iscriversi e ricevere messaggi sicuri è gratuito. Vedi una serie di screenshots (pdf ) che illustrano i passaggi attraversati dal destinatario

 

Vedi anche:

PrivaSphere Secure Messaging Service - von der informellen Kommunikation via eMail zur geschäftsrelevanten, vertraulichen und verbindlichen elektronischen Korrespondenz

PrivaSphere-Technologie zeichnet sich nebst der Inhaltsvertraulichkeit auch durch maximale Beziehungsvertraulichkeit der sicheren Mails aus. Weder das Paar „Sender/Empfänger“, noch der Betreff sind bei Meldungen mit den Standard-Einstellungen einsehbar. Ein zweiter, wichtiger Sicherheitsfaktor ist die Empfängeridentität. Nichts Schlimmeres als wenn vertraulicher Inhalt den falschen Empfänger erreicht. …und Hand aufs Herz, wie schnell ist ein Mail an den falschen Empfänger versandt.

 

1) Patentierter Fehlleitungsschutz – Empfängeridentität und Vertrauensbeziehung

Angefangen von der Empfängeridentität und deren Beziehung zum Absender sowie vom Vertrauensaufbau über die einfache Nutzung bis zum Entzug und der Re-Initialisierung - PrivaSphere verwaltet Ihre Online-Vertrauensbeziehungen.

* Erst-Authentisierung bei neuen Empfängern
   Fehlleitungsschutz bei registrierten Benutzern
   oder bei streng vertraulichen Inhalten

 

MUC - Messaging Unlock Code – Fehlleitungsschutz bei Bedarf

 

 

2) Was ist der Message Unlock Code (MUC)?

Ein MUC ist ein Mitteilungs-einmal-Passwort und schützt Ihre Meldung, die an einen neuen Kommunikationspartner gesandt wird, vor Einsicht durch unberechtigte Personen oder vor einer Fehlleitung. Mittels MUC wird die Identität des Empfängers auf einem 2. Kanal überprüft und die Vertrauensbeziehung initialisiert.

Vertrauensmanagement

Der zweite wichtige Sicherheitsfaktor nebst Inhaltsvertraulichkeit während des Transports (‚Verschlüsselung‘) ist die überprüfte Empfängeridentität und deren Beziehung zum Absender. Angefangen vom Vertrauensaufbau über die einfache Nutzung bis zum Entzug und der Re-Initialisierung - PrivaSphere verwaltet Ihre Online-Vertrauensbeziehungen.

Der MUC (Message Unlock Code) dient:

  • der Erstauthentisierung des Empfängers
  • dem Fehlleitungsschutz

und dient somit der Vertraulichkeit ihrer schützenswerten elektronischen Kommunikation.


3) Verschlüsselt Mailen ohne Fehlleitungsschutz

MUC unterdrücken

Ist der Empfänger bereits registriert und Sie sind sicher, dass Sie sich nicht in der Mailadresse getäuscht haben, so können Sie das Systemverhalten übersteuern, den MUC-Versand unterdrücken und den Empfänger per Mausklick zu Ihren vertrauten Kommunikationspartner hinzufügen. Der Fehlleitungsschutz wird dadurch aufgehoben.

Es ist zudem nachträglich möglich, bei auf der Plattform bereits registriertem, aber noch nie angeschriebenem Empfänger den MUC auch nach dem Versandzeitpunkt noch zu entfernen.

Insbesondere falls der Empfänger über mit seiner Domäne angebunden ist oder einen Smime/PGP Verschlüsselungs-Public-Key in sein Konto aufgenommen hat, lohnt es sich nach der MUC-Entfernung „Erneut avisieren/ausliefern“ zu wählen, da die Meldung dann sofort ausgeliefert wird und sich der Empfänger den Plattform-Besuch via Browser sparen kann.

Mail ohne MUC

Sie haben die Möglichkeit über das AddIn oder als Steuerzeichen im „Betreff“ mit dem Befehl „nomuc“ (als Steuerzeichen in <> Klammer) eine Meldung an Mail-Empfänger (unregistrierte Empfänger oder Systemteilnehmer) zu versenden. Diese Funktion bedarf aber einer erhöhten Aufmerksamkeit, da ohne Erstauthentisierung / Fehlleitungsschutz gearbeitet wird und nur noch Vertraulichkeit bei passivem, nicht aber aktivem [1] Abhören gewährleistet ist.

Daher müssen Sie sich diese Funktion beim PrivaSphere Support zuerst freischalten lassen.

Mail ohne MUC an registrierten Benutzer – Fehlleitungsschutz für übrige Empfänger

Mit dem Steuerbefehl <unSafeRoute> werden Mails an registrierte Benutzer ohne Fehlleitungsschutz (MUC-Authentisierung) ausgeliefert, alle übrigen Empfänger benötigen einen MUC.

 

4) Die verschiedenen Arten von MUC

‚Standard‘

Grundsätzlich wird der MUC vom System generiert (5-stelliger alphanumerischer Code) und kann automatisiert per Fax oder SMS direkt dem Empfänger übermittelt werden

‚Vor-definiert‘

Der MUC kann vom Absender pro Empfänger mittels Outlook/Notes AddIn/Template oder Script oder in einer Applikation vordefiniert werden.
Diese Funktion setzt vertiefte Security- und Plattform-Kenntnisse voraus – falls Sie diese Möglichkeit auch in der Web-Schnittstelle wünschen, kontaktieren Sie zur Aktivierung bitte  unseren Help-Desk unter 043 500-MAIL (043 500 6245).

‚Fix‘ pro Empfänger

Der MUC kann pro Empfänger fix im ‚Kontakt‘ im sicheren WebMail hinterlegt werden und gilt dann solange bis er geändert wird, oder der Empfänger sich beim Secure Messaging Service von PrivaSphere voll registriert hat (kostenlos). Siehe auch: Festlegen eines vordefinierten MUC.

Gruppenfunktion

Sie haben die Möglichkeit als Gruppenadministrator eine geschlossene Benutzergruppe aufzubauen, die untereinander vertraut ist ohne Erstauthentisierung untereinander. (siehe separate Anleitung für die Gruppenfunktion)

Weitere Steuerbefehle

Höchster Fehlleitungsschutz und Sicherheit vor Fremdeinsicht
Mit dem Befehl <safeRoute> stellen Sie sicher, dass für die Einsichtnahme der Empfänger über einen MUC verfügen muss, sonst bleibt ihm der Inhalt verborgen.

 

5) Policy-Enforcement und Routing Service

Wie aus obigen Möglichkeiten leicht ersichtlich ist, lassen sich komplexe Geschäftsvorfälle effizient schützen. Um eine Vielzahl solcher Szenarien fein-abstimmen und automatisieren zu können empfehlen wir Vielnutzern den Einsatz dieser Dienstleistung.

  • Policy Enforcement Support: Damit kann Ihren ausgehenden Mailservern die Triage der Meldungen (verschlüsseln oder nicht?) abgenommen werden und es steht Ihnen ein zeitgemässes Regelwerk zur weiteren Optimierung Ihrer Mailkommunikation zur Verfügung; u.a. sind folgende Regeln möglich:
    • Zwingende Vertraulichkeit für einzelne Empfänger/Domänen über Secure Messaging (Vertraulichkeit)
    • Zwingende Vertraulichkeit für einzelne Sender über Secure Messaging (Vertraulichkeit)
    • Zwingende Identifikation der Empfänger mittels MUC für einzelne Empfänger / Domänen (erhöhter Fehlleitungsschutz)
    • Inhalts-basiertes Routing von Mails (Rückweisung / Vertraulichkeit)
      Erweiterte Routing-Funktionen im Zusammenhang mit Secure Messaging und dem GroupWise Template/Outlook AddIn.

 

Hinweis: Ermuntern Sie Nichtteilnehmer sich auf der Plattform zu registrieren. Wenn der Empfänger bei Meldungsempfang die ‘Schnellanmeldung‘ Funktion wählt, kann er ein Passwort wählen und Sie müssen keinen MUC mehr austauschen. Das Empfangen von Standard-Meldungen und die Registrierung sind kostenlos.

 

 


[1] Der Angreifer schreibt den beobachteten Meldungsverkehr nicht nur für z.T. sehr viel spätere Analyse mit, sondern folgt z.B. darin vorgefunden Links aktiv. Da viele (kryptographische) Links im Security-Umfeld nur für beschränkte Zeit auf die Nutzinformationen führen, bewirkt dieser Ansatz viel bessere Ausbeute für den Angreifer.

 

6) MUC: Einsatz im Behördenverkehr (eGov)

Innerhalb der PrivaSphere Secure Messaging Plattform:

Sind sowohl der Sender wie auch die empfangende Behörde auf der PrivaSphere Secure Messaging Plattform registriert, so wird der MUC standardmässig 'unterdrückt'.

Beim Senden via Web Interface wird er angezeigt, standardmässig aber unterdrückt.

Beim Versand aus dem Mail Programm (via SMTP oder Domänen-Anbindung) wird der MUC für Behörden standardmässig unterdrückt. Die Funktion kann unter 'Mein Konto" - "eGov/Einschreiben" ein-/ausgeschaltet werden (Standardeinstellung: MUC wird unterdrückt).

 

MUC im interoperablen eGov Verkehr:

Wird die eGov Eingabe an einen Teilnehmer des Behördenverkehrs an eine andere Plattform ("Interoperabilität") übergeben, so wirkt der Zugriffs-Schutz mittels MUC nicht.

Die anderen zugelassenen Plattformen kennen diesen Schutz (authentisierter Zugriff, Fehlleitungsschutz) nicht - sie liefern sichere eMail einfach direkt an den mit der entsprechenden eMail Adresse registrierten Benutzer aus.

7) Fehlender MUC

Wenn Sie eine Abholeinladung mit Aufforderung zur MUC Eingabe erhalten haben, aber den MUC auch nach Stunden bis Tagen nicht erhalten haben, so erinnern Sie den Empfänger (siehe Beschrieb II in Send Message Unlock Code (MUC) via SMS).

 

siehe auch:

Sometimes you want to know whether your sms or fax has arrived?

For that, you need to login into your account via the PrivaSphere secure web-interface.

Under "Sent" and the specific Message details, the current message status is show - color coded.

With mouse-over, you can also see more details such as the sms ID of the specific SMS the PrivaSphere customer service would need to escalate to the SMS service provider - e.g. "141128191912".

Before you contact our customer service, please ensure the following:

a) the destination number can receive SMS or FAX

b) the receiving devices at the destination are operating (not out of paper e.g. for a fax)

Typical error situations that do not justify contacting customer support.

1) Message for 00417xxxxx, with identification 141128191912 could not be delivered, because VP exceeded (code 65283)

This happens typically with reciever's cell phones that are turned off.

Server-based SMS services normally only try for 24 hours. If you need more lasting attempts, either send the SMS from your personal cell phone or use fax, threema.

2) No translation for this specific address (code 1025).

This happens for example with destination numbers on the fixnet when you try to send to them via SMS.

Also, if everything fails your recipient always has the possibility to confidentially remind you of the missing MUC by clicking on the link in the pickup notification and then on

and then provide an alternative delivery number.

The receiver will then be informed and can simply click on a link containing the alternative sms number

PrivaSphere Secure Messaging also supports threema for sending a MUC besides SMS or fax.

With SMS and fax the MUC is transmitted through the large international telephone companies. Therefore you must trust on their confidentiality.

With threema, the Message Unlock Code (MUC, one-time password) will be directly sent End2End encrypted to the smartphone of the recipient.

Threema is Switzerland operated short messaging app with a particular focus on security and confidentiality of the transmission. It is independent from the big carriers. In addition, the company is exclusively subject to the Swiss law and the owners are Swiss citizens. Threema is available for iPhone and Android.

Function:

After pressing "Prepare to Send" you will see the button "SEND MUC" with which you can display fields for SMS mobile phone numbers, fax numbers or threema receiver IDs.

With the recipient's email address the threema ID will be automatically checked and, if so filled in.

If no ID was found and you know the mobile number, you can fill in and press the "Update calculation" button. PrivaSphere performs a threema lookup due to the mobile number and displays the ID if found.

Sending with Threema is safer and cheaper than SMS or fax.

If both mobile number and threema ID are present, we send the MUC via threema.

To a transmission of the MUC-message to the recipient's side – no reply to the threema message is possible.

Resetting your Password with Threema

Under "My Account" fill in your Threema-ID and next time you forget your password, you can a one-time reset password sent to your Threema account.

A test Threema Message will be sent your number to ensure there is not typo in your number.

After this login please proceed with the new password as usual.

If you lose the (mobile) device on which you receive SMS/Threema, immediately log into the Platform and remove the number/ID.

On request PrivaSphere can deliver secure messages via Threema app.

If you are interrested please contact PrivaSphere.

 

see also:

You have not yet exchanged any message with this recipient on the PrivaSphere system. At your own risk, you may override the MUC mechanism. This option may be used, if you have validated the recipient's identity and authenticity beforehand otherwise. Verify that it was really the desired recipient who has received the message. No typos in e-mail address.
When replying via the Web, users normally were sufficiently able to authenticate the sender - e.g. via the content. Therefore, no MUCs are asked for in this case. If you want to be more strict, set default in "Edit Profile".

Write an eMail online at http://www.privasphere.com. Upon login a secure connection (SSL) is established between the sender and the secure messaging system which reliably protects data from eavesdropping.

Compose a Private Message


1. Open your online eMail form by clicking on the 'New Mail' button located on the left top of your main toolbar.

2. Add recipients manually or by choosing from your contacts with the button 'add recipients'.

3. Write your eMail, including subject line and body.

4. If applicable, upload an attachment. If you wish to attach several files, compress them in a zipped folder.

Hint: If you want to upload a large attachment, depending on your communication connection, this may last up to several minutes.

5. Click the button 'Prepare to send'. The following page shows you the message costs and trust status of your recipients. If you send to non-validated recipients, you will need to retain the related MUC. Encourage your recipients to get a password, such that you will not need a MUC afterwards.

6. If you want to sponsor a postage-free return message to your recipient(s), tick the box below the recipient list.

7. When all sending parameters are set (MUC sending via SMS, Threema, etc; Relationship Privacy; delivery confirmation; Dispatch Mode; …), press the SEND button.

Hint: Make sure to save your draft message, if editing for more than 30 minutes (connection time out for security reasons).

If you need more information, then contact a PrivaSphere representative for additional assistance.

See also:

PrivaSphere Secure Messaging allows a message size of

  • 15 MB per mail - respectively via Web (https) up to 0.5 GB («Large»)

Please be aware, that digitally signed messages (SMIME or PGP) have bigger size than the original mail.

To minimize the size of your attachments, we recommend the usage of a file compression tool (eg. *.zip, for Details see Wikipedia).

If you receive your secure emails encrypted with your deposited SMIME or PGP public key, PrivaSphere sends this mails up to a size of 8 MB encrypted. For larger files, PrivaSphere sends you a notification and delivers this mails via web download. This mechanism works for domain delivery too.

If you wish to send larger messages, contact a PrivaSphere representative.

 

If your internal network architecture allows smaller message sizes with secure push delivery methodes (TLS-to-Domain, Asym-TLS, S/Mime, PGP, encrypted Pdf) as your mail gateway publishes or for other a smaller maximum size is required, please contact us.

 

Hints to avoid large transmissions

  • do not scan documents in high resolutions
  • scan documents b/w - colour only if neccessary
  • do only convert PDF files to PDF/A while signing with the eGov Local Signer if neccessary - it will convert to large bitmap images
  • In word processing programs (such as MS-Word), a much more efficient PDF/A is offered under "Save As" - "Pdf" - "Options" - checkbox "Pdf/A" than a pure BitMap conversion.

 PDF/A saving in MS Word

 

 

Interoperability in eGov transmission

Some recipients on other platforms in interoperable eGov transmission have problem receiving eMails even smaller than the 15 MB payload (regulator's interoperable size).

see also:

 

see also:

 

With PrivaSphere Secure Messaging it is easily possible to send an email as encrypted PDF attachment to one or several recipients.

This helps e.g. for recipient with limited access to the PrivaSphere Secure Messaging Web interface due to firewalls rules or other regulations.

The PDF is encrypted with at least 128-Bit RC4 encryption (symmetric) and can be opened with a password.

The encryption password is either an automatically generated or a user pre-defined PDF-MUC (Message Unlock Code).

Such a password is similarly handled as a Message Unlock Code (MUC) – it can be sent via SMS or fax.

Using the function in the PrivaSphere web interface

Sending the eMail

Write the eMail, press ‘prepare to send’. Choose ‘More Options’:


Choose “Pdf: encrypted – MUC”
either use the pre-defined password or enter an own one.


Even more than with the passwords to access the PrivaSphere Web-Site, it is important to choose strong passwords because an attacker could try many more passwords against the pdf than the limited number of tries against the secure web-login.


 Choose ‘SEND MUC’ for direct delivery of the password via SMS or fax

press ‘send confidential’ to send the secure email as attached pfd file.


Alternative:

If the email is already sent and the sender wants to deliver it via encrypted email, go to the ‘sent’ folder and use the function “pdf: encrypted – MUC”

either use the preset key or use an own and press “update delivery”

Go to the sent message:

Choose PDF encrypted and update

The message will be sent as an attached encrypted eMail to the recipient


Using the function with your mail client

  • Subject tag “<cPdf>” -  use this tag in the subject of the message
  • “<muc:xxxxx>”  to set the PDF password (works only with one recipient)


Reading the encrypted PDF sent via PrivaSphere Secure Messaging

Opening the PDF asks for the password.

With clicking on the lock sign in the PDF it shows the encryption details.

 

Scenarios for the usage of encrypted PDF

The delivery of encrypted PDF files is useful if

  • the recipients web access is restricted (for example to slow)
  • the recipients web access is blocked by firewall settings
  • the recipients web access is restricted by internal regulations
  • the recipient must be achieved personally and encrypted with no delivery to a company server

As an alternative to the last point is the possibility to use the subject tag <onlyWeb> - the secure email will be exclusively presented in the receivers Web browser - it is not delivered via POP, SMIME or to a domain.

Hint:

  • There will be no delivery of encrypted PDF files to the recipient if the recipient uses the option 'suppress notification' in its options.  This option is normally used by users getting the secure eMails via POP protocol.

 

see also:

This option allows you to sponsor a prepaid return message to your recipient(s). You can choose this option in the preferences section of edit profile or on a message-by-message basis when composing a new message. Message charges will be applied to your account, if they reply via web-mail.

 

See also:

Protect yourself and add a verifiable proof to your important information exchanges. PrivaSphere Registered Secure eMail™ provides evidence to support non-repudiation of electronic transactions through the use of auditable time stamps and qualified digital signatures. 

 

Characteristics:

  • Sending time and content digitally signed on platform with legal time according to Swiss Law (ZertES)
  • Digitally signed delivery receipt
  • Secure exchange of electronic data (encryption)
  • Detect tampering of electronic data
  • Notification of sender in case of non-delivery
  • Flexible strength of authentication (password, certificate, biometric)
  • No installation
  • Award winning Swiss Technology (Swiss Technology Award 2005)

 

see also:

Proteggi te stesso e aggiungi una prova verificabile per i tuoi scambi di informazioni importanti. PrivaSphere Registered Secure eMail fornisce prove a sostegno del non-ripudio delle transazioni elettroniche attraverso l'utilizzo di una marcatura oraria verificabili e di firme elettroniche valide della piattaform riconosciuta federalmente in Svizzera.

Registered secure eMail con ricevuta di ritorno ha bisogno di un'identificazione personale del destinatario con certificato cliente rilasciato da una CA svizzero secondo il diritto svizzero (FiEle) o autenticazione forte (su condizione di essere identificato legalmente). PrivaSphere maschera il certificato, consente l'accesso e genera una ricevuta di ritorno che regola la transazione.

Caratteristiche

  • Prova di invio e di contenuto: utilizzando la firma elettronica di PrivaSphere con ora di origine certificata.
  • Notifica di consegna firmata digitalmente
  • Scambio sicuro di dati elettronici (crittografia)
  • Rilevazione di manomissioni di dati elettronici
  • Notifica di mittente, in caso di mancata consegna
  • Diversi di livelli autenticazione (password, certificato, biometrici)
  • Nessuna installazione
  • Vincitore del premio Swiss Technology (Swiss Technology Award 2005)

Compatibilità

  • Funziona con i browser più recenti (Explorer, Firefox, Safari, etc)
  • Funziona con quasi tutti i mail server  (Microsoft Exchange, Lotus Domino, Novell GroupWise, Sendmail, Postfix, ecc)
  • Funziona con tutti i client di posta (Microsoft Outlook, Outlook Express, Mozilla Thunderbird, Lotus Notes, GroupWise, ecc)

 

per ulteriori informayioni vedi anche

Per inviare Registered secure eMail come PDF firmato con una marca oraria legale, scegliere 'Altre opzioni' - 'Formato PDF' Dopo aver premuto 'Prepara ad inviare' - o impostare il valore predefinito in 'Mio Profilo'.In alternativa, è possibile utilizzare 'eLs!Pdf:' come prefisso dell'oggetto nel vostro programma di posta elettronica.Se l'invio di default è già in PDF, ma si desidera inviare un'e-mail qualificata (MIME) su una base messaggio-per-messaggio, è sufficiente impostare "eLs!MiMe:" come prefisso dell'oggetto.

 

per ulteriori informayioni vedi anche:

Validation of a signed pdf document

It is possible to send a PrivaSphere eGov Registered eMail in PDF format.

There are thre possibilities:

 

Setting per message:

In 'prepare to send' use the option "eGov Registered in PDF (with RFC3161 timestamp)"


Default settings:

It is possible to set the PDF eGov registered eMail as default.

Go to 'My Account' - 'eGov/Registered' - 'Convert message to PDF'

Use the following subject Tag in your mail programm:

<PSPeGov3161/>  eGov registered mail in PDF format including a timestamp (RFC3161)

Weitere Themen zum elektronischen Rechtsverkehr

eGov Service: Sorgfalts- und Mitwirkungspflichten des Kunden

PrivaSphere Secure Messaging: Kurzbeschrieb der Plattform

siehe auch:

 

see also:

For enhanced security PrivaSphere™ Secure Messaging offers the option “noStore” while sending secure messages. With this option, except for some header information, no content of the message is stored on the PrivaSphere™ Secure Messaging platform.

 

PrivaSphere™ delivers the eMail directly as encrypted PDF file (including attachments) to the recipient – the (long) password is sent via PrivaSphere™ Secure Messaging.

 

As a sender you will find the ‘noStore’ option in the web interface while writing a new email. Go to ‘more options’ and choose ‘no store’.

If you send via your mail client (e.g. Outlook, Thunderbirs or others) with smtp or domain delivery, just use the subject tag ‘<noStore>’.

The recipient decrypts and reads the attached pdf file in a pdf viewer.

In case of receiving large emails - PrivaSphere™ checks the smtp size of your receiving email server and sends the ‘oversize’ email split in several emails containing encrypted pdf files.

If a single attachment is ‘oversize’ for your receiving email server, it will be split in several emails containing encrypted ZIP shares.

Split zip files must be copied into one directory to unzip with a zip program which supports the handling of encrypted, split zip files.

With the function 'NoStore' no eMail content is stored in PrivaSphere Secure messaging servers.

Sending a “no store” secure email:

Click ‘more options’


Activate ‘noStore’


Sending from your mail client use the subject tag ‘<noStore>’

For enhanced security PrivaSphere™ Secure Messaging offers the option “noStore” while sending secure messages. With this option, except for some header information, no content of the message is stored on the PrivaSphere™ Secure Messaging platform.

 

PrivaSphere™ delivers the eMail directly as encrypted PDF file (including attachments) to the recipient – the (long) password is sent via PrivaSphere™ Secure Messaging.

Receiving a “no store” secure email:

The recipient will receive an email which encloses the encrypted content in a PDF file


Following the link the recipient will find the long password to open the PDF file.

Login with password or Message Unlock Code (MUC)


The pdf key is available in the email


Open the PDF file and enter the key


The content is stored as PDF file – including attachments.

Optimizing the handling of inbound “NoStore” Messages for receivers:

The easiest way to get the “NoStore” eMails is to activate TLS delivery to the receiver’s domain. Unless you need to get a second copy from the platform in case you lost the first message or other service related to the platform, you will not notice a difference from "stored" (normal) secure messages.

The second best way is to upload an encryption certificate (SMIME or PGP) to your account to get the message delivered.

As a third option, choose a standard password for the PDF/ZIP delivery and get the messages password encrypted.

Caveat:

Since standard password encrypted files (PDF, ZIP and others) are susceptible to "offline password guessing", it is recommended to use a “long” password and change it regularly (e.g. every couple of weeks or every 30 messages that were protected with it). The longer the password, the less frequently you need to change it.

Smart Phones/mobile devices


If you receive your confidential messages on an android device, users have reported to be able to be able access the contents with the following free or moderately priced (marked with “*”) apps:

If you know other apps suited for the purpose, please let us know.

If you want to join the beta-test please contact us.

 

See also:

Per inviare Registered secure eMail come PDF firmato con una marca oraria legale, scegliere 'Altre opzioni' - 'Formato PDF' Dopo aver premuto 'Prepara ad inviare' - o impostare il valore predefinito in 'Mio Profilo'.

In alternativa, è possibile utilizzare 'eLs!Pdf:' come prefisso dell'oggetto nel vostro programma di posta elettronica.

Se l'invio di default è già in PDF, ma si desidera inviare un'e-mail qualificata (MIME) su una base messaggio-per-messaggio, è sufficiente impostare "eLs!MiMe:" come prefisso dell'oggetto.

Firme qualificate nei PDF sono nuovi. Pertanto, i moduli di convalida della firma dei comuni visualizzatori di PDF padroneggiano unicamente questa tecnologia con diversi gradi di convenienza.

  • Acrobat Reader ha un proprio database molto piccolo dove conserva i certificati di root. CA svizzere approvate come QuoVadis non sono parte di esso. È necessario configurare il tutto in preferenze avanzate di sicurezza della firma digitale per utilizzare le finestre Trust Store. Non approva che la qualifica "QC statement" come da standard (ETSI) è "critica" nei certificati di firma e quindi il giudizio complessivo del file rimane "?" e non un segno di spunta verde.

    Nota per gli utenti di Adobe Acrobat X: Al fine di validare il 'non-SuisseID' firme, seguire queste istruzioni.
  • CABAReT Stage è un visualizzatore portatile e nella sua versione a pagamento può anche essere utilizzato per creare file PDF firmati secondo il diritto svizzero (o 14). La parziale "?" nell'icona della firma è destinate a sparire nella prossima versione 3 e ci auguriamo che la scheda "informazione firma" fornisca anche informazioni dettagliate circa le somme di responsabilità come da dichiarazione qc.
  • OPENLiMiT SignCubes dà alle firme QuoVadis il segno di spunta verde, ma a causa di restrittive norme di BSI, non esegue automaticamente i controlli OCSP e, se tale controllo è fatto manualmente, si lamenta delle risposte approvate dalla Svizzera. A causa dello stesso approccio restrittivo, anche avanzate firme PDF con certificati Thawte Freemai o TrustCenter.de non passano immediatamente. Nella sua versione a pagamento, può essere utilizzato per creare documenti PDF firmati elettronicamente secondo il diritto svizzero (o 14).
  • Un sito ufficiale del servizio di validazione (Validator Service), che permette di validare i documenti firmati elettronicamente.
    La gestione del sito compete all´Ufficio federale di giustizia (UFG) della Confederazione svizzera.
    Grazie ai validatori a disposizione è possibile verificare i documenti firmati elettronicamente.

Operning attachments in PDF files

PDF files possibly contain attachments which can be opened in a PDF viewer.

If you have problems opening an attachment in a PDF file (e.g. .eml, (Standard Mail (SMIME) Format)) you will find more help in the following document of Adobe, chapter 7:


With the free PDF viewer as CutePDF (http://www.cutepdf.com/), BullZip (http://www.bullzip.com/) or FoxitReader http://www.foxitsoftware.com/Secure_PDF_Reader/ it is quite easy to extract attachments.


Help Page: Adobe Reader

 

per ulteriori informayioni vedi anche:

A digital signature is a cryptographic process in which a "message" (e.g. email) can be protected.

With this digital signature the origin (sender), the content and the date can be verified by anyone.

http://en.wikipedia.org/wiki/Digital_signature

A digital signature of an email can be checked e.g. with Microsoft Outlook by right clicking on the signature icon.



In particular since Acrobat X ,Adobe has started to add security features to its reader that are not required by most jurisdictions (e.g. not by the Swiss law) .

Long-Term Validation (LTV)

Long-Term Validation (LTV): All revocation information and timestamps necessary to validate a signature are already included in the PDF even though they normally can be obtained during signature validation. So even if the certificate issuer were to cease to exist, it is still possible years later to know that at the third-party confirmed point in time of signing, the signing certificate chain was good.

All pdf’s signed by the PrivaSphere Secure Messaging Platform are LTV enabled since fall 2015.

If a signature is already created without revocation information and rfc3161 timestamp, the signature may well still be valid. PrivaSphere has offered to sponsor the development of an open-source feature to ex-post amend a pdf with the LTV necessary information: https://issues.apache.org/jira/browse/PDFBOX-3047

(the time-stamp will in that case not reflect the signing time, but the “amend/validate” time)

Adobe Approved Trust List (AATL)

Adobe Approved Trust List (AATL): A new class of certificates has been created by Adobe.

All signatures by issuers not enrolled in this program are rejected.

A one-time operation in the pdf-validating person’s reader fixes this:

see: https://p4u.ch/aatl  - Thereafter, the signature looks o.k.

If the certificate was issued with AATL, there can be an additional green or blue dot.

Authorities and other larger PrivaSphere customer institutions may want the PDF Signatures to be additionally AATL compliant. This can be at some extra cost through an integrated PrivaSphere Partner-Service – it may well be worthwhile in this case to even obtain an institution-specific AATL-compliant certificate – if interested, please contact us.

 

see also:

Send an encrypted e-mail without recipient authentication (Message Unlock Code (MUC) or password). The recipient can read this message without entering a PIN or password. An accidentally misrouted message (wrong recipient address) can be read by who ever having access to this e-mail address. The security of this type of message is reduced.  

This function is only available to administrators and requires preliminary activation.

Domains with a secured internal LAN and tight legal relation with their memers (e.g. employees) can opt to send messages to the secure PrivaSphere smtp not from the sender's mail program, but from their gateway MTA.

They indemnify PrivaSphere for any reduced security due to choosing this option. Recipients are alerted to this with this notice.

Similarly, such a domain can opt to receive messages on their secure MTA instead of PrivaSphere securing the delivery up the the recipients mail program/desktop

 

see also:

PrivaSphere Secure Messaging allows you to transfer large files securely and in an authenticated way.

For this, the option "Extra Large" can be selected while sending in the browser.

The large files can then be uploaded:

  • Via Browser Upload / Download
  • Via WebDav Client (davs: or https: link)

 

Selection while sending a new message

  • (1) normal upload via browser
  • (2) selection for upload / WebDAV

 

The WebDav protocol (davs: or https: link) has the advantage that it allows the upload / download to be resumed after an aborted transfer without retransmitting (potentially hundres) already correctly received MBs by the PrivaSphere servers1).

In particular, if you have potentially unstable networking, PrivaSphere recommends to use a secure transfer program, such as Cyberduck (open source DAVS client - https://cyberduck.io) or WinSCP (https://winscp.net)

PrivaSphere provides the service immediately:

  • Maximum mail size: 500 MB (on request up to 5 GB)
  • 5 large transfers per month included in the annual subscription
  • Limits of 100 downloads per message
  • 10 days of storage
  • The large files are not checked for viruses / trojans, etc. on the PrivaSphere server. The standard anti-virus programs on Linux do not allow this.

The large file transfer is not yet optimized for SOAP interfaces. However, this can be easily implemented within the framework of a first joint customer project

PrivaSphere reserves the right to modify the cost structure and transfer parameters after termination of the BETA phase.

If you need larger transaction sizes or other adjustments, please contact us.

 

1) In particular with mobile transmission, this can be relevant for not wasting your monthly transmission credits.

 

Price:

Basispreis:

up to 1 MB

CHF 0.75

 

 

additional per MB:

 

2-20 MB

CHF 0.10 per MB

21-200 MB

CHF 0.02 per MB

201-500 MB

CHF 0.007 per MB

501- ... MB

CHF 0.003 per MB

 

Receiving

If a large eMail is received that can not be transmitted directly (for example, limit of incoming mail to 'small'), a text file is attached to the mail containing the information for download (via browser or WebDAV).

This allows the easy download of the large attachments.

  • (1) text attachment with download information
  • (2) link for the download via browser
  • (3) link for the download via WebDAV protocol

 

End-to-end encryption:

If the recipient has deposited an encryption certificate on the platform, the large file is encrypted with this certificate before sending.
It can be opened with normal mail clients that are configured for decryption with this certificate key pair. (With Thunderbird good experiences were made).

End-to-end encryption on the device of the sender is in preparation with CyberDuck.

 

see also:

Send and receive secure eMails with your eMail program through restricting firewalls using SMIME gateway functionalities.

PrivaSphere Secure Messaging supports sending secure eMails to recipients using SMIME encryption to recipients over the PrivaSphere Secure Messaging Platform. The recipient does not need to be a registered PrivaSphere user.

This can be useful if the sender is behind a corporate firewall and is not allowed to use the SMTP protocol and/or he can not configure a second eMail account in his eMail client.

Be aware that this breaks the relationship privacy! This means that it is visible from outside who sends eMails to whom. The content is still encrypted and safe.

 

Prerequisites

To use the PrivaSphere Gateway CA, the following prerequisites are necessary:

1. Registered PrivaSphere User: As sender it is necessary to be a fully registered PrivaSphere Secure Messaging user with an eMail address and a valid password.

2. The sender needs a valid SMIME key pair (private and public key). It can be a commercial one or a self signed. The public key must be uploaded in the PrivaSphere Secure Messaging profile.

3. Need of an eMail client which is able to encrypt and decrypt eMails using SMIME. This can be Microsoft Outlook, Mozilla Thunderbird or others.

 

Principle

1. The sender requests a certificate for the recipient on the PrivaSphere Secure Messaging Platform.

2. The PrivaSphere Secure Messaging Platform generates and delivers a SMIME public key for the recipient.

3. The sender sends a SMIME encrypted and signed eMail to the PrivaSphere Secure Messaging Platform for delivery to the recipient.

4. The recipient gets the secure eMail depending of his personal settings:

    • New recipient: browser based with notification mail and Message Unlock Code (MUC)
    • Existing recipient using web interface: browser based with password (and ev. MUC)
    • Via secure POP to the mail client
    • Encrypted with his deposited public key (SMIME)
      or delivered via domain (if applicable).

see also:

Succede!Una sessione online su PrivaSphere Secure Messaging si chiude dopo 30 minuti senza interazione dell'utente o dopo 3 ore al massimo.Si prega di non copiare il testo salvato sul server prima di ricaricare il modulo o chiudere il browser (anche Tab). 1. Per sicurezza, salvare localmente il contenuto (ad esempio, utilizzando il browser).Esempio 1: scrivere una nuova mail:

 

 

Esempio 2: modulo (modulo di contatto sicuro)

 

 

2. Accedi di nuovo o apri il modulo di contatto3. Aprire il file salvato localmente e copiare il contenuto (giallo nell'esempio) nel nuovo messaggio.



Vedi anche:  «Scrivere un nuovo messaggio»