------------The longer answer---------
Under the “Direct Project”, which is just using secure e-mail (S/MIME). The following is not special, it is just restating every-day secure e-mail. This is implemented by many off-the-shelf e-mail clients. To make secure e-mail work, both the sender and receiver must have a digital certificate. It is used to:
- Content is integrity protected using a hash method
- Sender digital certificate signs the hash values of each document. This is used as proof the sender was the only one that could have sent these documents.
- Sender digital certificate is included in the message
- Each Document (attachment) is encrypted using a symmetric encryption method.
- The encryption key for symmetric encryption is randomly invented new for each document.
- For every intended Receiver, their digital certificate used to encrypt each symmetric encryption key used for each document -- allowing the content to be sent to multiple receivers with the same encryption across the documents. The one message simply contains one copy of the encrypted document, and multiple small sections with each
A) How does the sender ‘find’ the certificate of the receiver?
B) How do the two parties know they should trust each other?
There are two problems with this model:
- Not easily automated
- Can be subverted
Automation - Directories
You can see that the previous trust model is very dependent on personal relationships. This also leads to problems with automation. The Direct Project knows that although personal relationships are very important in Healthcare, probably more important than one might want to admit. There is a need to have some implementations able to fully automate the sending of secure e-mail. One of these, not the only one, is the Full Service HISP, as it must add security to the e-mail while the message is flying through the internet and it has no ability to interact with the user.
Larger Scale - Trusted 3rd Parties
As the scale of a Trust infrastructure gets big, one needs common trusted-third-parties. This is a system where you trust some third-party to attest that the individual is who they say they are. This is seen in real life when we go to a party, the host of the party will introduce us to all the other people the host knows but for which we don't know them. The host of the party is the 'trusted third party'. The more well connected the host of the party is, the more people we will be introduced to. This is seen as well when we speak to someone and they explain that we met at the party, or they explain that they are a friend of a friend of ours. In social terms this is an inexact system, but it has worked for millenia.