This invention is a system for secure controlled communications between entities that incorporates: confidentiality, sender and recipient authentication, data integrity, malware resistance, and author defined rights. A novel mechanism is described where the system creates symmetric encryption parameters (“SEPs”) for each message and independently encrypts message: metadata, rights, body, and attachments with symmetric encryption. The SEPs themselves are encrypted with asymmetric encryption, using the recipient’s public asymmetric encryption key. Only intended recipients can decrypt the encrypted SEPs with their corresponding private asymmetric decryption key and use these SEPs to decrypt encrypted: metadata, rights, body, and attachments. The system also generates a digital signature of these SEPs, signed by the sender with their private asymmetric signature key. This allows any recipient to authenticate the sender by verifying the digital signature using the sender’s public asymmetric signature key. Actions taken on a message and its disposition are controlled by message rights set by the author.