1. Field
The embodiments discussed herein relate to a method and a transmitting device for securely creating and sending an electronic message, and to a method and a receiving device for securely receiving and processing an electronic message.
2. Description of the Related Art
As a result of modern communication confidential data, which is of fundamental value to a company, is processed on the basis of computers. This confidential data is often stored on portable computers, such as laptops or PDAs (Personal Digital Assistant).
To prevent third parties accessing confidential data, the data is stored in encrypted form using, for example, a CryptoEx Security Software program from the PGP Corporation. Confidential data can be sent in emails by means of suitable encryption in this connection.
However, these software programs do not meet the requirements for securely storing data, for example for military applications, on a terminal. By way of example, potential dangers in undesirable software programs, such as viruses or Trojan horses, or in the operating system itself, are seen in the military application environment. In the case of an operating system a user cannot assume that there are no secret means of access by the manufacturer of the operating system to data in the operating system with which confidential data may be tapped, for example when read by a user.
One approach to solving this requirement can be achieved by using completely separate systems. In this case physically separate systems are used in which data is exchanged manually. This is not particularly viable in practice as the separate systems mean that administrative expenditure for management and infrastructure costs are considerable. A further approach is encapsulation of the operating system in order to better be able to control communication from or to the operating system. This can take place by way of a virtualization layer.
A virtualization layer allows virtual containers in which operating systems can be independently executed. In this case the virtualization layer defines an abstraction of the hardware with regard to the respective virtual containers. The following methods/products are known in this connection:
VM Ware Server (www.vmware.com): this product allows inter alia use of virtual containers in which the user's own operating systems run. However it does not control access to hardware resources, such as graphics storage devices.
XEN (www.xensource.org): a virtualization layer is defined in this open source project which provides abstraction of the hardware with respect to the actual operating system with which the user is working.
Twinsafe (CE Infosys, www.ce-infosys.com): this product provides the possibility of keeping the virtual container data strictly separate from each other. However, to change over from one container to another the operating system running in, the previous container has to be ended and the operating system to be started in the other container booted. Rapid changeover between the containers, i.e. between the operating systems, is not possible in this case.
Virtual Workstation (Secunet, www.wecunet.com): this product provides virtual containers, a key for managing container-related data being associated with each container.
These products allow the security when operating one or more operating system(s) with confidential data to be improved. However, the methods/products have drawbacks which an attacker can use to tap confidential data. In the case of electronic messages in particular, when creating or reading and when sending or receiving these electronic messages, there is the potential risk that the attacker can feed in malicious software, such as worms or Trojans, and/or outwardly transmit confidential data via communication paths and communication protocols, such as LAN (Local Area Network) or an email protocol SMTP (Simple Mail Transfer Protocol).
An aspect of the embodiments is therefore to disclose methods and devices for securely creating, sending, receiving and processing an electronic message which, compared with the prior art, increase security against malware, such as worms, Trojans and viruses.