Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique within each CA domain. The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. For each user, the user identity, the public key, their binding, validity conditions and other attributes are made unforgeable in public key certificates issued by the CA.

The term PKI is sometimes erroneously used to denote public key algorithms, which do not require the use of a CA.

How Does it Work?

You have an application on your mobile phone which is PIN protected. The PIN can be anything of your choice. The mobile application has a separate dedicated inbox which allows you to receive confidential (encrypted) messages and decrypt the messages. It uses PKI technology (public key-private key) to secure your messages.

You can send message securely to your friends of family or external entity like Bank using this mobile application. All you need is to share your key (public) with your counterpart. The application will encrypt the message and send the secure SMS to him or her. Using his secret mobile application PIN, your peer can decrypt the incoming SMS and see your confidential message in the dedicated inbox.

Brilliant isn’t it? Here is SecMsg for you..

How can SMS be secured?

We believe that everyone has the right to privacy and protection from unlawful
activities when using their mobile phone. It makes very easy to intercept messages because of the digital nature of communication. While many companies offer security for information transferred over the internet, the security of mobile communication is often overlooked.

Increased use of mobile phones for often highly sensitive and personal information is increasing rapidly, access to bank accounts, and even payments via mobile phones are now becoming part of day to day life.

Considering this scenario, there is a definite need to secure the SMS. But how can it be possible? Encrypted SMS deployment solves the problem for you. Consumers are presented with simple application on the mobile phone. The solution works on most of the handsets and is un-hackable. This type of infrastructure utilise the most advanced encryption technology.

SMS – a ubiquitous solution

With the arrival of smart phones into the market, everyone today is talking about internet on mobiles, mobile apps, 3G so on and so forth. However, SMS, a traditional short message service on mobile, even today is pretty much the most frequently used feature after voice calling.

The usage of SMS persists to grow every year with more novel ways of utilizing its potential coming to limelight. For sure, majority population of India, especially YOUNGISTAN, makes use of SMS more than calling. Apart from using it to keep in touch with acquaintances, it is used for variety of reasons, including mobile banking, checking and paying mobile bills, and status of train/flight etc to name a few.

Recent TRAI data shows that Indians are using SMS as an extension of their lives more and more every year, an average Indian sends 29 SMS per month. Just multiply that with number of ever growing Mobile subscribers in India and you will have an idea of amount of SMS traffic India generates!

But is the SMS channel safe?

Here is a recent case. Authorities from different states across the US are warning residents of the outbreak of a Text Message Scam. In the manner of other phishing scams, this new type of fraud tries to steal identities of people after contacting them on their mobile phones. Fraudsters who run this new mobile phishing scam send out SMS to thousands of cell phone numbers. Posing to be from their banks, the messages falsely inform the recipients that their account has been deactivated. It claims this was done as a precautionary measure as the bank had noticed several signs of suspicious activity in their accounts. The SMS phishing attack then asks users to call the bank at a given number in order to reactivate their accounts.

On calling, the account holders are asked to confirm their account details like account number and debit card number over the phone. This is just an attempt at phishing and those who do give away the required information find their accounts lighter by a few thousands.

So what you think, shall the SMS be secured?