Architecture Overview

Kryptiva's Email Integrity Platform is built on the guidelines described in the technology rationale. Based on that approach, much of the existing email security technology had to be set aside in order to obtain the desired features. The following description provides a high-level overview of the architecture developed and patented by Kryptiva and will allow you to get a general understanding of how Kryptiva is able to provide its functionality. This description also serves as an introduction to the detailed architecture section.

Typical Email Delivery Process

In order to understand how Kryptiva's services integrate into the existing email infrastructure, let's first take a quick look at how that infrastructure works.

When you click on the send button, your email client application contacts your mail server and sends it the email:

Having received your email, your mail server then contacts your recipient's mail server and delivers it your email:

Finally, your recipient contacts his mail server and retrieves his email at his convenience:

Problems With Typical Email Delivery

While the email delivery process explained above has been used for a few decades, it has always suffered from a number of caveats which, at the time it was designed, did not seem urgent to solve but have recently become a serious impediment to using email as a reliable business tool.

First, nothing in the current email protocols precludes a malicious third party to send email to your recipient claiming to be you or your organization:

This phenomenon is actually so common that it's been given a name: phishing. Most of the time this technique is used by criminal organizations trying to lure clients of financial institutions into revealing information that can be used to steal money from them. Of late, however, there has been an increasing number of attacks where the targets and victims have been carefully-selected corporate users. An example of such a targeted attack is described here.

Second, unless an email security solution is expressly used, most email travels in the clear and can be captured in a number of ways before it reaches its recipients:

As illustrated, your email can be intercepted and read at a number of locations:
      • On your network, by a disgruntled employee or an infected computer
      • Between mail servers, at Internet transit points
      • On the mail servers, by a malicious or overwhelmed system administrator
      • On your recipient's network, by a disgruntled employee or an infected computer

Thirdly, your email can get dropped on its way without you or your recipient knowing about it:

This issue has become so common that users have taken the habit of calling their recipients to make sure that they got an important email.

Main Kryptiva Components

Kryptiva solves the above-mentioned issues by introducing three components to the email delivery process.

The first component is the Kryptiva Packaging Plugin (KPP):

The KPP is freely available for download from Kryptiva's website and integrates into your current email application.

The second component is the Kryptiva Packaging Server (KPS):

The KPS is located on your local network. It needs not be accessible from the Internet, nor does it ever "phone home." Its only functionality is to answer and process local KPP requests.

The third component is the Kryptiva Online Services (KOS):

The KOS is used by the KPP to authenticate incoming email, process proof of delivery (PoD) and, only in the case of non-member recipients, enable decryption.

Component Interactions

To better understand how the above-mentioned components fit in the conventional email delivery scheme, let's follow a Kryptiva-packaged email as it makes its way from the sender to the recipient.

Prior to transmission, the KPP contacts the KPS to properly package the email:

Basically, the KPP sends the email to the KPS and asks it to package the email according to the sender's selected options. While all Kryptiva mail must be signed, the user can, in addition, choose whether he'd like to receive a PoD for his email and whether the email should be encrypted.

Once the email is packaged, it is returned to the sender who then sends it to his recipient using his existing mail server:

At reception, the KPP contacts the local KPS or the KOS to authenticate the email, and process PoD and encryption:

Having received the necessary information from the KPS or the KOS, the KPP can then appropriately present the email and information about the email to the user.

For a more in-depth description of the Kryptiva components, see the detailed architecture section.