There is a large number of emails need to be processed every day in all government agency. These emails almost involve al lot of confidential information, but they are all sent by cleartext emails, which are very easy to be illegally stolen and tampered with. This is a big government email security problem that must be resolved as soon as possible.
To ensure the security and confidentiality of the government email, the content of the email itself must be encrypted. To ensure the credibility of the email without being counterfeited, every outgoing email must be digitally signed. To ensure the time of the sent email is credible, every outgoing email must be timestamped.
Government agencies simply change the current email client to MeSign APP to achieve all emails are encrypted, end-to-end encryption and fully automatic encryption, as well as fully automatic digital signature and timestamp. If government agencies think it is not practical to change their email, then they can deploy MeSign Mail Gateway to encrypt every outgoing email without changing the email client.
And we recommend that government agencies can deploy their own cryptographic key management system (KM) to fully control their encryption keys to meet the high security requirements of government email security. Using MeSign for end-to-end email encryption can make government agencies to truly implement mobile working and meet the high security requirements for government email.
As shown in the following diagram on the left, in order to ensure that the encryption key is highly secure and controllable, government agency only needs to connect the plug-and-play KM device to the intranet. All staff’s computers and mobile devices must be able to connect to KM device to get the encrypting certificate private key. After successfully obtaining the encrypting certificate, the email encryption can be used normally. KM devices cannot access the Internet and are limited to employee computers and mobile devices to access in the intranet to ensure the device and private key security. Government agencies can also build their own CA to issue certificate for its users instead of using the MeSign default CA. MeSign provide a plug-and-play CA device that just need to connect to internal network, and MeSign APP will get the signing certificate and encryption certificate from this in-house CA system, not from MeSign default CA.
In other words, MeSign encryption solution allows government agencies to achieve complete and autonomous control of confidential emails by simply managing and controlling the encryption key and/or issue the certificate by itself even the application environment is untrustworthy.
Government agencies issue a large number of certificates and documents every day, issue government announcements, send notifications of the e-government results to citizens, and the internal documents signature etc. They have begun to shift to paperless, but the problem is how to ensure that these electronic documents are really issued by government agency, have not impersonated, have not tampered. At present, the only feasible technical solution is to digitally sign the PDF document with timestamp and send them to users by encrypted email.
MeSign not only provides digital signature automation solution that can help the PDF documents that generated by the internal business systems of government departments to make the trusted digital signature with only one click, but also provides email signature and encryption automation solution to help the business systems of government departments to send the signed PDF document by encrypted email to citizen, and completely make all electronic files with reliable digital signature without counterfeiting and make the delivery of all electronic files more secure .
As shown in the above diagram on the right, citizens and enterprises need to fill in forms online when they handle the services on the e-government service system. After completing the forms, the citizens can sign by hand on the business system, and the enterprises sign with their own USB Key certificate and submit in the e-government system. After the processing is completed, the e-government system calls the cloud MeSign eSigning Service system or locally calls the MeSign e-Signature System to sign the PDF file with Adobe trusted certificate. For services that do not require the user to fill in the form (such as announcement or notice), the PDF file generated on the e-government system can be directly called the MeSign eSigning Service to complete the PDF signature.
It is recommended to encrypt all important government affairs documents. System just need to call MeSign public key certificate database (CerDB) to obtain the user's encryption certificate to encrypt the PDF file, the user can seamlessly view the encrypted PDF file using Adobe Reader. The e-government system sends encrypted emails to users using the user's encryption certificate, ensuring the secure and reliable delivery of various user confidential documents. Users only need to use MeSign APP to decrypt and read the documents.
This solution has four advantages to ensure that all important documents of the government departments are trusted paperless and are encrypted in delivery:
Now most countries government agencies are making every effort to implement all government services online, and the application result is either notified the citizens to go to the city hall to collect the paper documents or notified the results or the related electronic documents by sending cleartext emails to the citizens. Some of the agencies even simply linked to social APP to send notification messages to the citizens. The biggest security issue for these solutions is to send a message containing citizen's confidential information in plain text, revealing the private information, and giving the network attacker an opportunity to bring immeasurable property damage or personal safety threats.
The most reliable solution is to send the encrypted email to the citizens for the government affairs results information and release the government/councils notices, including different types of election information, council tax updates information, traffic violation notices and various types of government information, to fully implement government information delivery is paperless and encrypted, to enhances the digital service security and credibility.
How does the government system send encrypted emails? MeSign® provides the Email API for e-government system, free of charge, that e-government system can retrieve the public key of the recipient's encrypting certificate, then e-government system can automatically encrypt and send various government notification information email and various public service information emails to the citizen securely.
And Email API also provides an interface for checking if a user’s email has used MeSign APP, if the user has not used MeSign APP, the API will return NO, then e-government system shall send an unencrypted email to the user to inform the user how to download and install MeSign APP to receive the encrypted email, then the system can send the encrypted email to citizen.
As shown in the diagram on the right, MeSign builds and maintains a global public key certificate database (CerDB). The innovation technology enables the Email API to provide government agencies with the encrypting certificate public key for all email addresses, ensuring that the e-government system can seamlessly send encrypted notification emails to all citizens.
MeSign APP is completely free. It supports Windows, Android and iOS. Citizen can decrypt the encrypted email delivered by the e-government system in just a few minutes by downloading and installing the MeSign APP, ensuring the security of government information.