Partners for your Secure Messaging - practical privacy Partners
Description of the Services and Cost - practical privacy Product
Who we are - practical privacy Company
contact us - practical privacy Contact Us
vertical placeholder
 

Activate PrivaSphere

You have verified your recipient "out-of-band" before - why am I asked to do this again?

The concerned recipient unfortunately forgot the password at PrivaSphere.
In order to keep account reactivation simple, we have to allow for a password reset based on a e-mail challenge.

This, however, creates the possibility for adversaries controlling infrastructure transporting the recipient's mail posing as the recipient.
In order to prevent such powerful adversaries to gain access to messages they are not intended to see, PrivaSphere's Trust Management System had to implement the following measures:
  • Upon password reset, all the recipient's previous messages are no longer accessible by the recipient (or the adversary).
    The recipient will have to ask the sender for a re-send of messages sent prior to the password reset.
  • You as the sender will be alerted once that happened. Therefore, you are prompted to verify the recipient "out-of-band" again: "Was it you or an adversary?"
  • This is a nuisance if it occurs frequently.
    In order to avoid this from happening, if you have a public key uploaded in your "My Account" tab, (soon), an eventual forgot password challenge mail will be sent in encrypted form. Then, the privasphere system will not need to reset all the trust relations nor wipe your inbox.
  • ...
Sufficient demand provided, we will additionally offer encrypted e-mail challenges with keys that must be certified by a Certification Authority trusted by the vendor-shipped root certificate store.

Yet a higher level of trust our patent pending Trust Management Architecture can implement is to create system participant groups based on authentication methods beyond simple client certificates - e.g. on the level that is used for Internet Banking in some places (smart-cards etc.).


Further information on PrivaSphere's Trust Management can be found here - Message Unlock Codes.

More general information on PrivaSphere's Trust Management can be found here.


More general arguments, why to trust PrivaSphere can be found here.


 
Infos how to use this service - practical privacy Help
Our privacy policy - practical privacy Privacy
General Terms and Conditions of Services - practical privacy T&C
practical privacy deutsch
practical privacy français
practical privacy italiano
Page last modified: Fri, Apr 26, 2024 06:42:50 CEST; ©2002-2024 by PrivaSphere AG, all rights reserved   .