WhoIsIt CSP - BIOCSP Cryptographic Service Provider     PKI Overview

Digitally Sign and Encrypt Email

How Digital Signatures Work

How the WhoIsIt CSP Authentication Engine Works

WhoIsIt uses PKI asymmetric cryptography, which uses two keys, each of which may be used to encrypt a message. If one key is used to encrypt a message then the other key is used to decrypt the message. This makes it possible to receive secure messages by simply publishing one key (Public Key) and keeping the other key secret (Private Key) Anyone may encrypt a message using the Public Key, but only the owner of the Private Key may decrypt and read the message.

WhoIsIt’s multi-factor authentication provides the highest level of security when using your Private Key for signing documents and decrypting e-mail. If your application provider supports PKI technology WhoIsIt can even secure web sites and web applications. WhoIsIt assures that you are the person that you claim to be through biometrics such as:

• Voice Authentication – WhoIsIt uses a standard PC sound card and any off the shelf microphone for voice authentication.

• Fingerprint Identification – WhoIsIt has packaged the Matchbox pressure sensitive fingerprint sensor together with its award winning WhoIsIt biometric software program to bring you the most comprehensive and easy to use biometric security program available to safeguard your data, privacy and identity.

• WhoIsIt also supports fingerprint sensors from Fidelica, Secugen, Authentic, Fujitsu, Ethentica, Atrua and others. Call for WhoIsIt CSP software pricing.

• Users wishing to use WhoIsIt without biometrics will discover that Passwords, PIN numbers can be used separately or in combination with any of the biometrics.

There is no hardware to deploy for PC's and laptop users using WhoIsIt biometric security software with Voice authentication and/or PIN numbers.

All PKI functions require the user to obtain a digital certificate from an approved CA such as Comodo, Geotrust or VeriSign

* If you do not have a digital certificate to sign and decrypt e-mail you can obtain one free of charge form Instantssl.com

How Public and Private Keys Work

Digital Signatures

The WhoIsIt biometric CSP requires Voice authentication, Fingerprint identification or passwords in any combination before e-mail, e-mail attachments or documents can be digitally signed or encrypted.

Digital Signatures are (Message Digests) that have been encrypted with the senders (Private Key). Although you encrypted your message with your friends, or colleague's Public Key, there is still a concern that a middleman may alter or replace your message en route to your friend or colleague. One way of guaranteeing the integrity of the message is to use a Digital Signature. This is done automatically by the Microsoft browser e-mail client and WhoIsIt. When you click the Sign button in Outlook or Outlook Express WhoIsIt springs into action requesting proof of identity before your Private Key can be used to sign or encrypt your email, attachments and documents.

WhoIsIt requires you to prove who you claim to be by using biometrics, passwords or PIN number before your Private Key can be used.

You can prove your identity with your voice by speaking into a microphone attached to your laptop or desktop or you can place your finger on a fingerprint sensor or use layered biometrics in combination with passwords or PIN numbers.

When you have proven your identity a concise summary of the message is created called a (Message Digest). The Message Digest is then encrypted using your Private Key. Encrypting the Message Digest with your Private Key is known as a Digital Signature.

Outlook and Out Express makes this operation easy and seamless.

Upon receipt of your document by your colleague, friend or your bank, your colleague, friend or bank needs to know that the document is from you, so an intruder does not pretend to be you or request a transaction involving your bank account. A Digital Signature, created by you and included with your document serves this purpose.

Although anyone can decrypt the signature using your Public Key only the signer knows the Private Key. This means that only you could have signed it. Including the digest in the signature means the signature is only good for this document. It also insures the integrity of the document since no one can change the document and sign it.

When your colleague, friend or the bank receives your signed e-mail along with the document attached, they will decrypt your Digital Signature using your (Public Key) to extract the Message Digest which is a summary of the original document. They will then creates there own summary (Message Digest) from your original document and compares this to the Message Digest they received from you. If the two Message Digest’s (summaries) agree then the message was received in tact.

Digital Certificates

Although you have sent a private encrypted document to your colleague, friend and / or the bank and signed it, Your colleague, friend and the bank needs to know that it is using your Public Key and you need to know that you are using their Public Key. This is accomplished with Digital Certificates.

A digital certificate associates the Public Key with the real identity of an individual or server. The digital certificate also includes the identification and signature of Certificate Authority that issued the certificate.

If each party has a Digital Certificate that validates the other’s identity and confirms the Public Key and is signed by a trusted agency CA then your colleague, friend, bank and you are assured that you and they are communicating with each other.

A free personal digital certificate to work with WhoIsIt’s biometric CSP can be obtained from http:www.instantssl.com

Getting a free personal digital certificate to use with the WhoIsIt biometric security program. See below:

Log on to http://www.instantssl.com

For Outlook

Go to www.comodo.com and get a free personal email certificate. Take care to enter the correct email address in the certificate. Also take care to select "advanced security options" and select WhoIsIt as the CSP.

When you are finished at Comodo.  You will receive a mail from Comodo with the certificate. Click the button that appears in the mail. This will install the certificate.

Outlook

Outlook  is smart enough to see that you have a personal
certificate for the email account you are using to send your mail. When typing your email, you have two buttons available (just like under Outlook Express) to sign/encrypt.

Summarize:

1. You need only do the above in order to sign mail to others.

2. In order to encrypt mail so others can read it, you must import their
certificate under Tools/Options/Security/Import-Export.

Outlook will then encrypt it specifically for each receiver using the public key in the certificate you imported for each receiver (email locates the correct certificate among the imported certificates by matching the email address in the cert with the receiver's email address).

For Outlook Express

To instruct Outlook Express to use your certificate

From the Outlook Express main tool bar select "Tools" then "Accounts".

Highlight your mail account and press the "Properties".

From the Properties tabbed dialog box select the "Security" tab.

When the security dialog box is open press the "Select" button to choose your certificate for use when signing and encrypting.

It is that easy. Now you are ready to digitally sign and encrypt email using the WhoIsIt biometric security program