In this process, the authentication of the GINA user is performed by means of an "identity provider (IDP)".

This means that the one-time registration process can be completely omitted, although an account can be set up as a sort of back-up procedure.

 

If the operator of the SEPPmail Secure E-Mail Gateway has set up external identity providers, these are available to the respective GINA user for logging in (Figure).

 

Figure: Screenshot of GINA with possibly available identity providers like Google, M365

 

The procedure for this method is as follows:

 

1.The sender composes an email. This is transmitted in plain text up to the SEPPmail Secure E-Mail Gateway.
 

2.If, due to missing key material or a mandatory read confirmation, GINA is used, this email is encrypted with the AES256 key of the GINA account of the recipient and packed into an HTML container.
 

a)If no GINA account exists for the recipient’s email address, one will be created. Here, an individual, password-protected AES256 key is generated and stored with the email address of the recipient. An initial password is not required, as the identity of the recipient is established later via the identity provider.
 

3.The email encrypted this way is packed into the carrier email and completely delivered to the recipient.
 

4.The recipient opens the attachment of the carrier email, creating a secure https connection to SEPPmail, and transmits the original message from the attachment of the carrier email.

 

5.Now the GINA user chooses their preferred identity provider

 

a)Here the GINA user authenticates themselves with their login data stored there.

 

b)If the correct login data has been entered, this is confirmed by the identity provider and the GINA user is thus also considered authenticated on the SEPPmail Secure E-Mail Gateway.
 

6.This decrypts the message and displays it to the GINA user in the browser via the secure https connection.