SecMsg

From Wikipedia, the free encyclopedia
Jump to: navigation, search
eMudhra SecMsg
SecMsg Main Menu.jpg
eMudhra SecMsg
Developer(s) 3i Infotech Consumer Services Ltd.
Stable release 2.0.1
Operating system Java [any MIDP 2.0 mobile]
Type Encryption
Website www.secmsg.emudhra.com

eMudhra SecMsg is mobile application designed to secure the SMS channel.[1][2][3] It allows users to send SMS's that are encrypted and signed using PKI technology and ensures that it is decrypted only by the intended user.

The algorithms used for crypto processes like Signing, Encryption, Decryption are RSA/ECC, AES and SHA.

Technical Insight[edit]

Key Pair Generation[edit]

The RSA or ECC key pair is generated in the application and stored in the mobile. These keys will be used for all the crypto process like signing, encryption and decryption. The key pair generation is a onetime process and is completely user driven. The user can also use X.509 digital certificates from any certification authority (CA) for the crypto processes mentioned above.

Built-In-Security[edit]

The user is required to provide the application PIN whenever he wants to gain access to it. The key pair is protected with the key PIN which controls signing, encryption/decryption processes.

Usage Areas[edit]

Secure communication[edit]

SecMsg can be used to send and receive confidential messages.[4][5] Secure communication with peers can be established by exchanging the public key with friends/spouse/colleagues. The public key received from peers will be stored in the application.

Fig.1
Secure communication.JPG

The messages composed by the user will be encrypted with recipient's public key and will land up in the inbox of SecMsg. This message can be decrypted with the intended recipient's private key only.[see Fig.1]

Secure Safe[edit]

'My Vault' is an organizer that gives additional security to store personal information that is protected with PIN. All the information stored will be encrypted with the RSA private key.

Two-Factor Authentication[2FA] [edit]

Any online transaction (Fund transfer, Add payee, Online broking,End of day confirmation)can be acknowledged by digitally signing the transaction details.[6] This ensures confidentiality,integrity and more importantly non repudiation. Acknowledgment of the transaction thus made cannot be repudiated later.

Password/ATM PIN retrieval[edit]

Users can use the application for resetting/receiving passwords.[7] Banks can send the ATM PIN/Internet banking passwords as an encrypted text message for which a digitally signed acknowledgment can be received in no time.

Features[edit]

  • This application supports multiple X.509 certificates from any certification authority(CA). These digital signatures can also be used for digital signing and encryption/decryption.
  • Logging the history of transactions and messages,access to which requires PIN.
  • Remote data wiping for clearing the contents of the application if the mobile is lost.
  • Uses simplest and ubiquitous communication mode-SMS channel.
  • Low operating cost.
  • Extensive device support.

SecMsg on the News[edit]

See also[edit]

References[edit]

  1. ^ PC's Telecom Blog
  2. ^ BSE India
  3. ^ IT News Online
  4. ^ EFY Times
  5. ^ Business Standard
  6. ^ Yahoo News
  7. ^ Network Computing