Design and implementation of smartcard-based secure e-mail communication

E-mail system is by far the most widely used application in the Internet. However, mainly due to the lack of communication security, sensitive messages could not transmit securely over open networks using off-the-shell e-mail systems. A new secure e-mail system is proposed and implemented to extend the popular Microsoft Outlook e-mail software with flexible security services and to combine these services tightly with smartcards. The enhanced security services include data confidentiality, authentication of message originator and recipient, data integrity, and nonrepudiation. The proposed system provides two approaches for secure e-mail communication, one is base on the certification authority (CA) and the other is base on the keys distribution center (KDC), such that a complete solution may be satisfied for both open public and private enterprise. Windows-based smart cards, NexCard 2.0, is adopted as portable security tokens to store private key for generating digital signature, to store multiple digital certificates issued from the CAs and to store the master key shared with the KDC. We also designed and implemented cryptographic libraries, CSP 2.0 and PKCS#11, which is need for secure interaction of smartcard module with applications.