April 23rd, 2015

SecureLine Message Center: Free, Secure Message Access Portal

LuxSci customers send encrypted email messages to anyone using the SecureLine Escrow system — recipients receive a notification of their waiting secure message and click on a link to access it after either answering a security question or logging into their free SecureSend account to verify their identities.

The SecureLine Namespace and Message Center features enable your recipients to login and see a history of all secure messages sent to them from your users and to easily open, read, reply to, and delete these historical messages any time … at least until they have expired.  The Message Center also keeps copies of sent messages — so it enables free WebMail-like behavior in the SecureSend secure messaging portal

Life without Message Center

Without Message Center enabled, each secure message sent using Escrow is encrypted using a unique password which is part of the message access link sent to the recipient in his/her “notification email”.  The recipient clicks on that link in order to open the waiting message: the password to unlock the message is transmitted to the server with this link.

This is very secure; all of the saved secure messages cannot be opened by anyone (even the LuxSci).  The unique password used to encrypt the message exists only in the recipient’s INBOX.

The down side to this highly secure email communication method, however, is that some convenience is sacrificed:

  • A deleted or lost notification message results in permanent loss of access to the respective secure email message.
  • As each secure message has a different password: access to one message cannot grant you access to other messages.

Life with Message Center

With Message Center enabled, two things conspire to drastically improve usability:

  • All messages sent via Escrow are encrypted using passwords securely known to the back-end system, but not embedded in the links sent to the recipients.
  • Recipients have a “Message Center” area in their SecureSend portals where they can see and search lists of messages that they have previously sent and received. They can open and read any of these messages.

Message Center enables the SecureSend portal to act like an INBOX (or patient portal for healthcare customers).  It also allows the recipients to:

  • Reply to any previous message
  • Send a new email to anyone who has previously sent them a message
  • Delete messages previously received
  • View / download / print previously sent and received messages

The main security sacrifice is additional trust in the LuxSci server infrastructure and operations staff — while the message data and passwords are NOT located on the same servers, they are in the same distributed system.  This tradeoff in security for usability is a common one we see in online portals these days in medical, finance, and other security sensitive fields.

Message Center is optional and not enabled by default, as it requires purchasing Private Labeling. Customers need to decide if this functionality is appropriate for them.

What about these “Namespaces”?

Namespaces are another new feature for Private Labeled customers.  The best way to understand Namespaces is to see how things work without them.

Without “Namespaces”:

  • Multiple Private Labeled customers can have their own distinct SecureSend portals — they can look and feel like each respective organization, have branded URLs for access, etc.
  • Recipients who register for “SecureSend” at any of these private labeledSecureSend portals get placed in the same “pool of registrants” … so:
    • They can use the same username/password to login to any of the Private Labeled SecureSend portals
    • Once logged in — it’s the same account and account history, just with different aesthetics
    • If they try to register for another SecureSend account with another Private Labeled SecureSend portal, it will tell them that they already have an account.
    • It will be clear to the end user that these sites share the same back-end provider and that their activities are not segregated between the sites.
    • If we provided Message Center access in this case (we don’t), a recipient would see messages from unrelated organizations mixed together unexpectedly.  That is not good for your company branding.
In many cases, this is not really an issue, as often recipients only interact with a single SecureSend portal.  However, with “Namespaces” all of these issues are eliminated:
  • Customer defines a “Namespace” in his/her Private Labeling tools
  • SecureSend registrants to the customer’s Private Labeled portal are placed in this different “pool of registrants”
  • Logins and account history are unique to this theme.
  • End users can register for other SecureSend accounts in other themes without the account in the custom Namespace ever being referenced or involved.
Namespaces provide true separation of registered users and their histories between different Private Labeled themes and they also allow enabling of certain advanced features for these registered users … such as “Message Center”.

Enabling Message Center

Message Center is available to customers with Premium Private Labeling.

  • If you do not yet have Premium Private Labeling, you can order it in a new account, or you can upgrade your existing account to include it in the Upgrades area.

Message Center requires use of a SecureSend “Namespace”

  1. Under your Private Labeling administration area, you can go to “SecureSend User Namespaces”
  2. Create a new Namespace (and import users from the global shared namespace if you have been using SecureLine for a while already)
  3. Enable “Message Center” on this Namespace
  4. Select the Private Labeled Theme that will be used with your Message Center in your list of Themes
  5. Under “Advanced Configuration > SecureLine Pages”, you can select your new Namespace for use.
When using Message Center, we also recommend using “SecureSend Login” as the method for authenticating your recipients.  This is enabled by default for all new accounts; existing accounts can switch from “Question and Answer” authentication to “SecureSend Login” authentication in their global or domain-wide SecureLine configuration areas.
Please contact LuxSci support if you want further information, help upgrading, or assistance configuring your account with these features.

Leave a Comment

You must be connected or logged in to post a comment. This is to reduce spam comments.

If you have not previously commented, you can connect using existing social media account, or register with a new username and password.