E-mail security

BP Server uses Business Process Server’s password encryption and decryption utility PService for the secured e-mail task completions.

When BP Server sends an e-mail for a work item completion, it uses the PService utility to encrypt the work item ID that is included in the e-mail content. The encrypted work item ID is decrypted when the reply e-mail is received. If the decrypted work item ID is invalid, then a reply e-mail is sent and also proper error messages is written to the log file.

For each e-mail that BP Server sends, it appends the security key at the end of the e-mail. The security key is the encrypted value of the work item ID. A reply e-mail without a valid encrypted key cannot be processed and is sent to the trash folder.

When a reply e-mail is received and picked up for processing, the parser first reads the encrypted security key, decrypt its value using PService utility and also validate with BP Server. If any one of these operation fails, then the e-mail is ignored and the sender is notified with an error message.