ZSentry Secure Return-Receipt
What, When, Where, Who, How

The ZSentry Return-Receipt Module allows senders to receive a Return Receipt upon data delivery. The Return Receipt informs the sender What (data identification) was delivered, and also When (time), Where (IP number), Who received (authenticated name and email address), and How (browser, phone, mail client). The data can be delivered by a user service such as email, webmail, SMS, IM, file storage, and single-sign-on. The user is advised of the return receipt request before access.
With ZSentry Mail, I don't have to waste time phoning to find out if they received the information because I get an email letting me know when they opened it.
How it Works: The sender can set ZSentry Return-Receipt options using the ZSentry Dashboard or a Task Code with Mail and Cloud clients. If requested, the Return Receipt is a mandatory function after access control. It works automatically upon delivery, for every access until the message self-destructs (if it expires). The Return Receipt provides tracking and auditing functionality similar to return receipt used with physical delivery, and enables context-aware communication. If ZSentry Auditing is enabled for the customer's account, a ZSentry Return-Receipt (or its absence) can be verified post-factum by humans against system logs and other evidenciary information. The ZSentry Return-Receipt can be used in complement with other ZSentry Modules, including Self-Destruct and Certified Mail. See exampleLearn more

Buy NowClick for prices or to request a quote.

The Problem

With physical delivery, a courier acting on behalf of the sender can honor the sender's requirement for a return receipt upon delivery. For example, requiring the recipient to authenticate himself to the courier, and provide evidence that the message was delivered (signature), that the courier complements with delivery time and place information, and returns to the sender.

The problem is that, in electronic delivery by a conventional email system for example, the term "return receipt" is not technically correct and would be misleading to use it. In particular, conventional email cannot enforce returning an acknowledgment to the sender when delivering a message to a recipient in a computer controlled by that recipient.

This difference in capability between physical and electronic delivery systems makes it difficult to use electronic systems when true return receipt functionality is required by law or administrative process, or useful for covenience and cost saving purposes.

Even if the recipient would acknowledge receiving the email, or opening the file, this acknowledgement is under control of the recipient or someone acting on his behalf, and may be incomplete, late, or inaccurate. Further, as any email that is sent to you or by you may be copied, changed, and held by various computers it passes through as it goes from sender to recipient, and vice versa, other people may read your message and not provide a return receipt. Persons may also improperly access your computer or your parties' computers, or even some computer unconnected to either of you, and read the message without a return receipt.

Such deficient capabilities in conventional electronic delivery systems present problems for regulatory compliance, discovery liability control (inside and outside the organization), confidentiality commitments to third-parties, and in assuring consumer privacy rights. These problems are further accentuated by the reduced legal protection online when using cloud solutions.
Context-Aware Communication
When humans talk with humans, we are able to use environment information, or context, to improve communication and meaning. Unfortunately, this does not transfer well to humans interacting electronically, through computers. What if we can enable a computerís access to context? Can we increase the richness of communication, with more useful services?
In information technology, context is usually defined as "any information that can be used to characterize the environment of an entity." Context-awareness can be used to provide task-relevant information and/or services to a user, for example:
  • Presentation of information and services;
  • Automatic execution of a service;
  • Tagging and communication of context for later use.
Context-awareness is particularly important in terms of:
  • Adaptive Security: a context change may require additional safeguards, or imply a higher potential for fraud.
  • Business Flow: knowing context can improve business flow and reduce loss of time.
  • Mobile Workforce: where the user's context may change often, with desktop, phone and cloud devices.
  • Trustworthiness: context can provide evidence to back or deny claims by others ("I read your email") and by your organization ("We have third-party evidence that we sent the message two days ago").
  • Usability: different contexts may imply less capability (for example, cannot open a PDF), which can be accounted for.
Those are important reasons to add true return receipt capability to electronic delivery systems such as email, webmail, and file storage. Other reasons include automatic auditing, impersonation fraud ("identity theft"), copyright infringement, and misuse.

The Solution

ZSentry Return-Receipt solves all the deficient aspects mentioned above. ZSentry adds a reliance framework on behalf of the sender and combines it with technology to create an effective return receipt function. The function of the reliance framework is to restrict how the data can be used outside of the conditions defined by the technology, which reflects what the information owner (e.g., the sender) wants.

The reliance framework used by ZSentry Self-Destruct includes copyright laws, which are well-established and effective worldwide. In general, anyone who does something that infringes copyright is legally liable. Someone who instructs someone else to do something that infringes copyright may also be liable, as may the organization that employs them.

In terms of Business Flow, for example, if you know that someone just opened your ZSentry message, it may be a good time to call. If you know that a customer is using a terminal in Singapore, then you have a better idea of the time zone for your communications.

The ability to assertain Trustworthiness can suddenly become important, for example if a recipient claims "I read your email" but there is no ZSentry Return Receipt and ZSentry Auditing confirms its absence. Or if someone tells you that they sent the ZSentry Mail yesterday, but the ZSentry timestamp and ZSentry Auditing show otherwise.

In Security terms, for example, if your organization uses long-term message archiving (as required by HIPAA and business regulations), and you see that several archived messages have been opened recently, you may decide to verify what is happening and for what reason, which may quickly stop criminal access and prevent leaking thousands of messages.

ZSentry, therefore, uses technology to go beyond technology, with a self-destruct function that includes an effective combination of technical and legal protection in three areas: infringement of copyright, breach of contract, and circumvention of a technological protection measure.

The command to expire is clearly noted and also provided with US and international legal support by notifying the reader that the message is copyrighted and that the sender only allows reading during its retention time. Therefore, if someone wants for example to take a picture of the message, then using that picture after the expiration could be considered a breach of copyright and illegal circumvention of protection. While the first motivation is to reduce exposure, the second is to provide a legal recourse in case of exposure. You now have a legal framework that is setup by technology and which you can rely upon to protect your privacy, and there are many large interests around copyright (e.g., the film and music industry) that will likely desire to keep it in place for a long time.

After expiration there is no residual technical risk, as keys are deleted. This automatically makes the respective ZSentry Mail unreadable, including any copy, anywhere. Because self-destruct happens after a point in time that was known beforehand by all parties, any claims of intentional destruction should be void.

Before expiration, any attempt to breach access security of your protected email is immediately logged and traced, and you can be notified as well by requesting that a Return Receipt be sent to you.

In summary, with ZSentry you can actually eliminate the disclosure risk of email, webmail, SMS and IM by properly setting your message to self-destruct. While the received message expires and is no longer readable, you can set ZSentry to send you an encrypted archive copy does not expire, using the Secure Vault Module.

What happens before expiration? The message is encrypted and any attempt to breach access security of your zmail is immediately logged and traced. You can be immediately notified as well by requesting that a Return Receipt be sent to you.

In summary, ZSentry Self-Destruct can help your organization prevent and control leaks Anywhere, Anyway, in desktop, cloud, web and mobile technologies, using a combination of technical and legal measures.

Do you worry about cloud computing security? Client and servers vulnerable online?
NMA ZSentry is a next-generation security technology that long at last allows server- and client-security to become less relevant. NMA ZSentry eliminates attack targets in servers and clients, such as usercodes, passwords and user keys, which keys are used to encrypt and de-identify user data. With ZSentry, only upon login with the correct usercode and password (which are not present in the server or client) can the user files be identified, decrypted and read. Read more >>

Read more about the ZSentry Fingerprint, and the ZSentry Return Receipt.

Main Technical Notes
Overview   Key Features   ZSentry App   ZSentry Zero   API   Smart IT   SAML & SSO
  Security   Usability   HIPAA & HITECH   Experience   Why ZSentry?   Red Flags   SUMMARY

Development and © by NMA

*Trademarks and Copyrights as described in our Legal Statement. We protect Your Privacy.

Microsoft and the Office logo are trademarks or registered trademarks of Microsoft Corporation;
Google Apps, Google Apps Marketplace, and Gmail are trademarks or registered trademarks of Google, Inc.;
in the United States and/or other countries. Other marks are the property of their owners.