
 
and unauthorized reading. Today it depends on 
security features of native operating systems, which 
is either inadequate or most of the time even not 
enforced. The same is the case with client machines.  
The third problem is protection of E–mail letters 
against illegal reading and/or modifications while in 
transfer. The interpretation of this aspect is that the 
intended recipient of an E–mail letter cannot be 
guaranteed to the sender and the original content of 
E–mail letters cannot be guaranteed to the recipients.  
The next problem is spam. The essence of this 
problem is that mail today is delivered without 
authorization – in principle every sender and mail 
server may send an E–mail letter to any recipient. 
Another problem is that content of the address 
book at the mail client (user workstations) is kept in 
clear. That is very often the source of stolen E–mail 
addresses, collected by spyware or viruses installed 
at client computers.    
If users are using security features of the current 
E–mail clients, i.e. encryption and digital signatures, 
then corporate E–mails cannot be retrieved by 
corporate authorities and law enforcement 
authorities. This may cause problems in case of lost 
mail, terminated employees, and/or law enforcement 
procedures.  
Finally, E–mail is used for distribution of 
malicious and dangerous content, like viruses, 
worms, spyware, bots, etc.  
2.2  Requirements for New Services  
In addition to the problems listed in the previous 
section, in order to be used for serious business 
transactions, E–mail system must support a number 
of additional requirements and desirable properties. 
Some of them are the following: 
Handling of attachments is very inefficient. 
Today, if an E–mail letter with a large attachment is 
sent to a group of people, the large E–mail travels 
through many mail servers and reaches all 
recipients. Therefore, it overloads the network, mail 
servers’ storage space and mail client’s disk space. 
The attachments cannot be distributed selectively 
and efficiently. 
Confirmation of delivery and confirmation of 
receipt are not supported today by most of mail 
clients.  
Handling of certificates is, first, optional and 
second usually performed by the associated browser 
(Internet Explorer for the Outlook and Firefox for 
Thunderbird). Some E–mail clients cannot even 
handle and use certificates. Verification of 
certificates is also either optional or not available.  
Usage of smart cards with current E–mail 
systems is very complicated and therefore very 
rarely used.  
Authorization, for users to submit E–mail to the 
mail server and to send E–mail to the designated 
recipient and for mail servers to submit mail to the 
designated mail server, is not enforced. This is the 
main reason for spam, since any mail server can 
send E–mail to any other mail server. 
There are no cross–domain bilateral or 
multilateral arrangements, synchronization of 
policies, coordination of assurance levels, 
negotiation of security and cryptographic protocols 
and algorithms, etc., all features already 
standardized for Web services and many other types 
of network applications.  
3 LAYERED ARCHITECTURE OF 
THE SECURE E–MAIL 
SYSTEM  
SEM System is created through (a) new E–mail 
client, (b) security extensions of E–mail servers, and 
(c) additional infrastructure components. If 
deployment is based on usage of current clients, then 
only a limited set of security problems and 
requirements from section 2 can be addressed.  
The concept of the SEM System is a layered 
architecture, comprising four layers. The layering 
principle is that components at the higher layer 
“sponsor” components at the lower layer. The 
bottom layer is SEM Clients layer. The next layer is 
SEM Servers layer. The layer above is Credentials 
Servers layer. It contains CA Servers and SoA 
Authorization Servers (usually called Policy 
Decision Points – PDP). The components located in 
these three layers are deployed inside an 
organization i.e. inside an administrative or security 
domain. The fourth layer is new, here introduced as 
Secure Mail Infrastructure (SMI), comprising SMI 
Servers. Their functions, topology and inter–
relationships are described in section 7 of this paper.  
4  LAYER 1: SECURE E–MAIL 
CLIENTS  
SEM Client performs the following functions and 
supports the following standard mailing and 
additional security features: 
CRYPTONET: SECURE E–MAIL SYSTEM
85