Log in

View Full Version : Secure email messaging, and longing for Smartphones!


Andy Sjostrom
09-12-2002, 08:42 AM
I just finished reading an interesting ZDNet article on secure messaging, called <a href="http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2879336,00.html">"Lock down your mobile e-mail"</a>. Actually, what made me start reading the article was the image of a Smartphone 2002 in the newsletter that linked to the article. See below!<br /><br />The article stresses the fact that "Enterprises must take more care to secure the content of each e-mail message". The writers then break down the options into four major paths that address the security challenges in different ways:<br />"1. End-to-end encryption involves encrypting the message on the sender's desktop and decrypting it on the desktop of the recipient. Public-key cryptography is the most secure encryption technique. ... Both sending and receiving devices must have cooperating encryption software. The sender and recipient must each have access to the other's public key. Each must have his or her own private key available. ...<br />2. Boundary-to-boundary protection of the link or message content while in transit over particularly vulnerable links (for example, across the Internet), but transport unencrypted--"in the clear"--while within a trusted network. ...<br />3. In wireless networks, messages might be encrypted while traveling over the Internet, and possibly decrypted by the carrier and re-encrypted using another technology for transmission to the wireless device. ...<br />4. Staging server encryption places the encrypted message content or key on a staging server. An alert message is sent to the intended recipient, providing a link to the server. The recipient connects to the server over an SSL link, authenticates as required, and then the decrypted content is passed over the SSL link to the recipient's chosen device."<br /><br />If you are interested in how Microsoft Mobile Information Server deals with secure messaging, you can download the white paper <a href="http://www.microsoft.com/miserver/techinfo/administration/SecurityWP.doc">"An Overview of Security Features"</a>.<br /><br />Now, all I wish for is to see Smartphone 2002s not only in ZDNet newsletters but in actual stores and in the hands of users!<br /><br /><img src="http://www.pocketpcthoughts.com/images/smp2002_01.jpg" />

Ed Hansberry
09-12-2002, 01:09 PM
Right now desktop encryption is a royal pain. So few people bother configuring PGP, which is understandable. It can be quite confusing. I still work with people that don't understand the concept of composing emails offline and then sending them in batch when they connect with their laptops. They insist on being connected before typing. :roll:

Until encryption is embedded in the Inbox application, it won't be used by the mainstream.

sweetpete
09-13-2002, 01:47 AM
End to end encryption is going to be a long way away IMHO, but if you want secure mobile corporate email you should look at SymmetryPro and Infowave Mobile Messaging Server both from Infowave Software (http://www.infowave.com)

They have fully encrypted store and forward mechanism with SMS push delivery and the key is not shared with the service provider. It is created at time of installation and is known only between the desktop/server app sitting behind your firewall and the PDA. It's a very elegant solution.